2017-01-26 14:09:10 +00:00
|
|
|
Update MozNSS cipher attributes definitions
|
|
|
|
|
|
|
|
Author: Matus Honek <mhonek@redhat.com>
|
|
|
|
PreviousAuthor: Jan Vcelak <jvcelak@redhat.com>
|
|
|
|
|
|
|
|
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|
|
|
--- a/libraries/libldap/tls_m.c
|
|
|
|
+++ b/libraries/libldap/tls_m.c
|
2017-03-20 16:34:38 +00:00
|
|
|
@@ -210,27 +210,44 @@ typedef struct {
|
|
|
|
int num; /* The cipher id */
|
|
|
|
int attr; /* cipher attributes: algorithms, etc */
|
|
|
|
int version; /* protocol version valid for this cipher */
|
|
|
|
- int bits; /* bits of strength */
|
|
|
|
- int alg_bits; /* bits of the algorithm */
|
|
|
|
int strength; /* LOW, MEDIUM, HIGH */
|
|
|
|
int enabled; /* Enabled by default? */
|
|
|
|
} cipher_properties;
|
|
|
|
|
2017-01-26 14:09:10 +00:00
|
|
|
/* cipher attributes */
|
2017-03-20 16:34:38 +00:00
|
|
|
-#define SSL_kRSA 0x00000001L
|
|
|
|
-#define SSL_aRSA 0x00000002L
|
|
|
|
-#define SSL_aDSS 0x00000004L
|
|
|
|
-#define SSL_DSS SSL_aDSS
|
|
|
|
-#define SSL_eNULL 0x00000008L
|
|
|
|
-#define SSL_DES 0x00000010L
|
|
|
|
-#define SSL_3DES 0x00000020L
|
|
|
|
-#define SSL_RC4 0x00000040L
|
|
|
|
-#define SSL_RC2 0x00000080L
|
|
|
|
-#define SSL_AES 0x00000100L
|
|
|
|
-#define SSL_MD5 0x00000200L
|
|
|
|
-#define SSL_SHA1 0x00000400L
|
|
|
|
-#define SSL_SHA SSL_SHA1
|
|
|
|
-#define SSL_RSA (SSL_kRSA|SSL_aRSA)
|
|
|
|
+#define SSL_kRSA 0x00000001L
|
|
|
|
+#define SSL_aRSA 0x00000002L
|
|
|
|
+#define SSL_aDSA 0x00000004L
|
|
|
|
+#define SSL_DSA SSL_aDSA
|
|
|
|
+#define SSL_eNULL 0x00000008L
|
|
|
|
+#define SSL_DES 0x00000010L
|
|
|
|
+#define SSL_3DES 0x00000020L
|
|
|
|
+#define SSL_RC4 0x00000040L
|
|
|
|
+#define SSL_RC2 0x00000080L
|
|
|
|
+#define SSL_AES128 0x00000100L
|
|
|
|
+#define SSL_AES256 0x00000200L
|
|
|
|
+#define SSL_MD5 0x00000400L
|
|
|
|
+#define SSL_SHA1 0x00000800L
|
|
|
|
+#define SSL_kEDH 0x00001000L
|
|
|
|
+#define SSL_CAMELLIA128 0x00002000L
|
|
|
|
+#define SSL_CAMELLIA256 0x00004000L
|
|
|
|
+#define SSL_SEED 0x00008000L
|
|
|
|
+#define SSL_kECDH 0x00010000L
|
|
|
|
+#define SSL_kECDHE 0x00020000L
|
|
|
|
+#define SSL_aECDSA 0x00040000L
|
2017-01-26 14:09:10 +00:00
|
|
|
+#define SSL_SHA256 0x00080000L
|
|
|
|
+#define SSL_SHA384 0x00100000L
|
|
|
|
+#define SSL_kEECDH 0x00200000L
|
|
|
|
+#define SSL_AESGCM 0x00400000L
|
|
|
|
+#define SSL_AEAD 0x00800000L
|
|
|
|
+#define SSL_aPSK 0x01000000L
|
|
|
|
+#define SSL_CHACHA20POLY1305 0x02000000L
|
|
|
|
+
|
|
|
|
+/* cipher attributes non-unique - do not use for definitions */
|
|
|
|
+#define SSL_RSA 0x00000001L
|
|
|
|
+#define SSL_AES 0x00000002L
|
|
|
|
+#define SSL_CAMELLIA 0x00000004L
|
|
|
|
+#define SSL_ECDH 0x00000008L
|
|
|
|
|
|
|
|
/* cipher strength */
|
|
|
|
#define SSL_NULL 0x00000001L
|
2017-03-23 12:43:39 +00:00
|
|
|
@@ -240,10 +257,15 @@ typedef struct {
|
2017-01-26 14:09:10 +00:00
|
|
|
#define SSL_MEDIUM 0x00000010L
|
|
|
|
#define SSL_HIGH 0x00000020L
|
|
|
|
|
|
|
|
+/* cipher strengths non-unique - do not use for definitions */
|
|
|
|
+#define SSL_EXPORT 0x00000001L
|
|
|
|
+
|
|
|
|
#define SSL2 0x00000001L
|
|
|
|
#define SSL3 0x00000002L
|
|
|
|
/* OpenSSL treats SSL3 and TLSv1 the same */
|
|
|
|
#define TLS1 SSL3
|
|
|
|
+#define TLS1_2 0x00000004L
|
2017-03-23 12:43:39 +00:00
|
|
|
+#define TLS1_3 0x00000008L
|
2017-01-26 14:09:10 +00:00
|
|
|
|
|
|
|
/* Cipher translation */
|
|
|
|
static cipher_properties ciphers_def[] = {
|
2017-03-20 16:34:38 +00:00
|
|
|
--- openldap-2.4.40/include/ldap.h 2014-09-19 03:48:49.000000000 +0200
|
|
|
|
+++ openldap-2.4.40/include/ldap.h 2014-11-14 09:25:54.560801030 +0100
|
|
|
|
@@ -176,6 +176,7 @@ LDAP_BEGIN_DECL
|
|
|
|
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 ((3 << 8) + 1)
|
|
|
|
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 ((3 << 8) + 2)
|
|
|
|
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 ((3 << 8) + 3)
|
|
|
|
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 ((3 << 8) + 4)
|
|
|
|
|
|
|
|
/* OpenLDAP SASL options */
|
|
|
|
#define LDAP_OPT_X_SASL_MECH 0x6100
|