NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS
Resolves: #1435689
This commit is contained in:
parent
d0828bee6c
commit
54f6fd1feb
@ -67,7 +67,7 @@ diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|||||||
|
|
||||||
/* cipher strength */
|
/* cipher strength */
|
||||||
#define SSL_NULL 0x00000001L
|
#define SSL_NULL 0x00000001L
|
||||||
@@ -240,10 +257,14 @@ typedef struct {
|
@@ -240,10 +257,15 @@ typedef struct {
|
||||||
#define SSL_MEDIUM 0x00000010L
|
#define SSL_MEDIUM 0x00000010L
|
||||||
#define SSL_HIGH 0x00000020L
|
#define SSL_HIGH 0x00000020L
|
||||||
|
|
||||||
@ -79,6 +79,7 @@ diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|||||||
/* OpenSSL treats SSL3 and TLSv1 the same */
|
/* OpenSSL treats SSL3 and TLSv1 the same */
|
||||||
#define TLS1 SSL3
|
#define TLS1 SSL3
|
||||||
+#define TLS1_2 0x00000004L
|
+#define TLS1_2 0x00000004L
|
||||||
|
+#define TLS1_3 0x00000008L
|
||||||
|
|
||||||
/* Cipher translation */
|
/* Cipher translation */
|
||||||
static cipher_properties ciphers_def[] = {
|
static cipher_properties ciphers_def[] = {
|
||||||
|
@ -6,7 +6,7 @@ PreviousAuthor: Jan Vcelak <jvcelak@redhat.com>
|
|||||||
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||||
--- a/libraries/libldap/tls_m.c
|
--- a/libraries/libldap/tls_m.c
|
||||||
+++ b/libraries/libldap/tls_m.c
|
+++ b/libraries/libldap/tls_m.c
|
||||||
@@ -268,29 +268,104 @@ typedef struct {
|
@@ -268,29 +268,109 @@ typedef struct {
|
||||||
|
|
||||||
/* Cipher translation */
|
/* Cipher translation */
|
||||||
static cipher_properties ciphers_def[] = {
|
static cipher_properties ciphers_def[] = {
|
||||||
@ -129,6 +129,11 @@ diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|||||||
+ //{"ECDHE-ECDSA-CHACHA20-POLY1305", 0xcca9 /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */, SSL_kECDHE|SSL_aECDSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_2, SSL_HIGH},
|
+ //{"ECDHE-ECDSA-CHACHA20-POLY1305", 0xcca9 /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */, SSL_kECDHE|SSL_aECDSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_2, SSL_HIGH},
|
||||||
+ //{"ECDHE-RSA-CHACHA20-POLY1305", 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, SSL_kECDHE|SSL_aRSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_2, SSL_HIGH},
|
+ //{"ECDHE-RSA-CHACHA20-POLY1305", 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, SSL_kECDHE|SSL_aRSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_2, SSL_HIGH},
|
||||||
+ //{"DHE-RSA-CHACHA20-POLY1305", 0xccaa /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, SSL_kEDH|SSL_aRSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_2, SSL_HIGH},
|
+ //{"DHE-RSA-CHACHA20-POLY1305", 0xccaa /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */, SSL_kEDH|SSL_aRSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_2, SSL_HIGH},
|
||||||
|
+
|
||||||
|
+ // TLSv1.3
|
||||||
|
+ {"TLS13-AES-128-GCM-SHA256", 0x1301 /* TLS_AES_128_GCM_SHA256 */, SSL_AES128|SSL_AESGCM|SSL_AEAD, TLS1_3, SSL_HIGH},
|
||||||
|
+ {"TLS13-AES-256-GCM-SHA384", 0x1302 /* TLS_AES_256_GCM_SHA384 */, SSL_AES256|SSL_AESGCM|SSL_AEAD, TLS1_3, SSL_HIGH},
|
||||||
|
+ {"TLS13-CHACHA20-POLY1305-SHA256", 0x1303 /* TLS_CHACHA20_POLY1305_SHA256 */, SSL_CHACHA20POLY1305|SSL_AEAD, TLS1_3, SSL_HIGH},
|
||||||
};
|
};
|
||||||
|
|
||||||
#define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
|
#define ciphernum (sizeof(ciphers_def)/sizeof(cipher_properties))
|
||||||
|
@ -69,7 +69,7 @@ diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|||||||
} else if (!strcmp(cipher, "3DES")) {
|
} else if (!strcmp(cipher, "3DES")) {
|
||||||
mask |= SSL_3DES;
|
mask |= SSL_3DES;
|
||||||
} else if (!strcmp(cipher, "DES")) {
|
} else if (!strcmp(cipher, "DES")) {
|
||||||
@@ -693,26 +707,67 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
|
@@ -693,26 +707,69 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
|
||||||
mask |= SSL_RC2;
|
mask |= SSL_RC2;
|
||||||
} else if (!strcmp(cipher, "MD5")) {
|
} else if (!strcmp(cipher, "MD5")) {
|
||||||
mask |= SSL_MD5;
|
mask |= SSL_MD5;
|
||||||
@ -122,6 +122,8 @@ diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|||||||
protocol |= TLS1;
|
protocol |= TLS1;
|
||||||
+ } else if (!strcmp(cipher, "TLSv1.2")) {
|
+ } else if (!strcmp(cipher, "TLSv1.2")) {
|
||||||
+ protocol |= TLS1_2;
|
+ protocol |= TLS1_2;
|
||||||
|
+ } else if (!strcmp(cipher, "TLSv1.3")) {
|
||||||
|
+ protocol |= TLS1_3;
|
||||||
} else if (!strcmp(cipher, "HIGH")) {
|
} else if (!strcmp(cipher, "HIGH")) {
|
||||||
strength |= SSL_HIGH;
|
strength |= SSL_HIGH;
|
||||||
} else if (!strcmp(cipher, "MEDIUM")) {
|
} else if (!strcmp(cipher, "MEDIUM")) {
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: 2.4.44
|
Version: 2.4.44
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
Summary: LDAP support libraries
|
Summary: LDAP support libraries
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
@ -548,6 +548,9 @@ exit 0
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 24 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-9
|
||||||
|
- NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS (#1435689)
|
||||||
|
|
||||||
* Fri Mar 24 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-8
|
* Fri Mar 24 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-8
|
||||||
- NSS: Rearrange ciphers-, parsing-, and protocol-related patches (#1435689)
|
- NSS: Rearrange ciphers-, parsing-, and protocol-related patches (#1435689)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user