commit 363be43df36faa631fe0a49239e27489db466dc2 Author: Nick Mathewson nickm@torproject.org Date: Tue Jan 24 15:30:35 2017 -0500

Re-run gen_server_ciphers --- changes/server_cipher | 3 +++ src/common/tortls.c | 16 ++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/changes/server_cipher b/changes/server_cipher new file mode 100644 index 0000000..b80c88a --- /dev/null +++ b/changes/server_cipher @@ -0,0 +1,3 @@ + o Minor features (ciphersuite choices): + - Allow servers to accept a wider range of ciphersuites, including + chacha20-poly1305 and AES-CCM. Closes the other part of 15426. diff --git a/src/common/tortls.c b/src/common/tortls.c index 2efb3ba..1fe91ed 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -585,6 +585,12 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] = #ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 ":" #endif +#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_CCM + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM ":" +#endif +#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_CCM + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM ":" +#endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 ":" #endif @@ -594,8 +600,14 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] = /* Required */ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" /* Required */ - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA - ; + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" +#ifdef TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 ":" +#endif +#ifdef TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 +#endif + ;

/* Note: to set up your own private testing network with link crypto * disabled, set your Tors' cipher list to