[tor-commits] [tor/master] Change our ciphersuite list to match ff8

nickm at torproject.org nickm at torproject.org
Wed Jun 13 16:11:17 UTC 2012 

commit 89c16890095d63cc6f56a378108efc3d3f063204
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue May 15 15:25:54 2012 -0400

    Change our ciphersuite list to match ff8
---
 changes/bug4744                   |    4 +++
 src/common/ciphers.inc            |   47 +++++++++++++++++++++++++++++++++---
 src/common/get_mozilla_ciphers.py |    1 +
 3 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/changes/bug4744 b/changes/bug4744
new file mode 100644
index 0000000..1563cd1
--- /dev/null
+++ b/changes/bug4744
@@ -0,0 +1,4 @@
+  o Major features:
+    - Update cipher cipher list to match Firefox 8 and later. Fix for
+      issue 4744.
+
diff --git a/src/common/ciphers.inc b/src/common/ciphers.inc
index c84620d..137d78b 100644
--- a/src/common/ciphers.inc
+++ b/src/common/ciphers.inc
@@ -1,6 +1,9 @@
 /* This is an include file used to define the list of ciphers clients should
  * advertise.  Before including it, you should define the CIPHER and XCIPHER
- * macros. */
+ * macros.
+ *
+ * This file was automatically generated by get_mozilla_ciphers.py.
+ */
 #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
     CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
 #else
@@ -11,6 +14,16 @@
 #else
    XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
 #endif
+#ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+    CIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA)
+#else
+   XCIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA)
+#endif
+#ifdef TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
+    CIPHER(0x0087, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA)
+#else
+   XCIPHER(0x0087, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA)
+#endif
 #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
     CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
 #else
@@ -31,6 +44,11 @@
 #else
    XCIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA)
 #endif
+#ifdef TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA
+    CIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA)
+#else
+   XCIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA)
+#endif
 #ifdef TLS1_TXT_RSA_WITH_AES_256_SHA
     CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)
 #else
@@ -56,6 +74,16 @@
 #else
    XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA)
 #endif
+#ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+    CIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA)
+#else
+   XCIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA)
+#endif
+#ifdef TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
+    CIPHER(0x0044, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA)
+#else
+   XCIPHER(0x0044, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA)
+#endif
 #ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
     CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
 #else
@@ -86,6 +114,16 @@
 #else
    XCIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA)
 #endif
+#ifdef TLS1_TXT_RSA_WITH_SEED_SHA
+    CIPHER(0x0096, TLS1_TXT_RSA_WITH_SEED_SHA)
+#else
+   XCIPHER(0x0096, TLS1_TXT_RSA_WITH_SEED_SHA)
+#endif
+#ifdef TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA
+    CIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA)
+#else
+   XCIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA)
+#endif
 #ifdef SSL3_TXT_RSA_RC4_128_MD5
     CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5)
 #else
@@ -131,10 +169,11 @@
 #else
    XCIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA)
 #endif
-#ifdef SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
-    CIPHER(0xfeff, SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)
+/* No openssl macro found for 0xfeff */
+#ifdef SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
+    CIPHER(0xfeff, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)
 #else
-   XCIPHER(0xfeff, SSL3_TXT_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)
+   XCIPHER(0xfeff, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA)
 #endif
 #ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA
     CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
diff --git a/src/common/get_mozilla_ciphers.py b/src/common/get_mozilla_ciphers.py
index f925031..c7e9a84 100644
--- a/src/common/get_mozilla_ciphers.py
+++ b/src/common/get_mozilla_ciphers.py
@@ -2,6 +2,7 @@
 # coding=utf-8
 # Copyright 2011, The Tor Project, Inc
 # original version by Arturo Filastò
+# See LICENSE for licensing information
 
 # This script parses Firefox and OpenSSL sources, and uses this information
 # to generate a ciphers.inc file.

More information about the tor-commits mailing list