提交 1c16fd1f 编写于 作者: D Dr. Stephen Henson

add Suite B 128 bit mode offering only combination 2

上级 a5afc0a8
...@@ -1354,11 +1354,16 @@ static int ssl_cipher_process_rulestr(const char *rule_str, ...@@ -1354,11 +1354,16 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
const char **prule_str) const char **prule_str)
{ {
unsigned int suiteb_flags = 0; unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
if (!strcmp(*prule_str, "SUITEB128")) if (!strcmp(*prule_str, "SUITEB128"))
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
else if (!strcmp(*prule_str, "SUITEB128ONLY")) else if (!strcmp(*prule_str, "SUITEB128ONLY"))
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
else if (!strcmp(*prule_str, "SUITEB128C2"))
{
suiteb_comb2 = 1;
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
}
else if (!strcmp(*prule_str, "SUITEB192")) else if (!strcmp(*prule_str, "SUITEB192"))
suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
...@@ -1377,7 +1382,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, ...@@ -1377,7 +1382,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
switch(suiteb_flags) switch(suiteb_flags)
{ {
case SSL_CERT_FLAG_SUITEB_128_LOS: case SSL_CERT_FLAG_SUITEB_128_LOS:
*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; if (suiteb_comb2)
*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
else
*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
break; break;
case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256"; *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册