nss: allow to enable/disable new AES GCM cipher-suites

author Kamil Dudka <kdudka@redhat.com>

Fri, 7 Mar 2014 12:14:08 +0000 (13:14 +0100)

committer Kamil Dudka <kdudka@redhat.com>

Sat, 15 Mar 2014 12:07:55 +0000 (13:07 +0100)
author Kamil Dudka <kdudka@redhat.com>
Fri, 7 Mar 2014 12:14:08 +0000 (13:14 +0100)
committer Kamil Dudka <kdudka@redhat.com>
Sat, 15 Mar 2014 12:07:55 +0000 (13:07 +0100)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c

index 119a910..80e26e2 100644 (file)
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -165,6 +165,16 @@ static const cipher_s cipherlist[] = {
    {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
    {"ecdhe_rsa_aes_128_cbc_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
  #endif
+#ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
+  /* AES GCM cipher suites in RFC 5288 and RFC 5289 */
+  {"rsa_aes_128_gcm_sha_256",         TLS_RSA_WITH_AES_128_GCM_SHA256},
+  {"dhe_rsa_aes_128_gcm_sha_256",     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
+  {"dhe_dss_aes_128_gcm_sha_256",     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
+  {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+  {"ecdh_ecdsa_aes_128_gcm_sha_256",  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
+  {"ecdhe_rsa_aes_128_gcm_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+  {"ecdh_rsa_aes_128_gcm_sha_256",    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
+#endif
  };
  
  static const char* pem_library = "libnsspem.so";
author	Kamil Dudka <kdudka@redhat.com>
	Fri, 7 Mar 2014 12:14:08 +0000 (13:14 +0100)
committer	Kamil Dudka <kdudka@redhat.com>
	Sat, 15 Mar 2014 12:07:55 +0000 (13:07 +0100)