Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites #2092

Open
wants to merge 13 commits into
base: main
Choose a base branch
from

Conversation

smittals2
Copy link
Contributor

@smittals2 smittals2 commented Jan 2, 2025

Issues:

CryptoAlg-2559

Description of changes:

  1. SSL_CTX_new now configures ctx->tls13_cipher_suites with default TLS 1.3 ciphers (did not previously)
  2. Each time any cipher list is created or modified, ctx->cipher_list is updated with values from ctx->tls13_cipher_suites via a new function update_cipher_list. This function also updates in_group_flags.
  3. Outdated comments updated
  4. Updates to existing tests to account for TLS 1.3 ciphersuites being configured by default

Call-outs:

In general, our TLS implementations pick ciphersuites against the given connection constraints/parameters. Adding TLS 1.3 ciphersuites to ctx->cipher_list does not modify this behavior or introduce new problems.

Testing:

Added tests to ensure TLS 1.3 ciphersuites are returned as configured when calling SSL_get_ciphers.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@smittals2 smittals2 changed the title [DRAFT] Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites Jan 2, 2025
@smittals2 smittals2 marked this pull request as ready for review January 2, 2025 23:55
@smittals2 smittals2 requested a review from a team as a code owner January 2, 2025 23:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant