Skip to content

Return .standard_name field from ssl:getCipherInfo #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
daurnimator merged 3 commits into from
Aug 3, 2018
Merged

Return .standard_name field from ssl:getCipherInfo #142

daurnimator merged 3 commits into from
Aug 3, 2018

Conversation

@daurnimator
Copy link
Collaborator

@daurnimator daurnimator commented Jul 13, 2018

For #118

SSL_CIPHER_standard_name has been around for a long time, but only when OpenSSL was compiled with the rarely used --enable-trace option. It's expected the OpenSSL 1.1.1 will make it unconditional (via openssl/openssl#3859)
This PR includes a backwards compatible shim for <= 1.1.0

daurnimator added a commit to daurnimator/lua-http that referenced this pull request Jul 13, 2018
@daurnimator
http/tls.lua: Index banned_ciphers by standard name
2b834cd 
This alleviates the need for our own standard name to openssl name map for ciphers.
Requires wahern/luaossl#142
@daurnimator daurnimator mentioned this pull request Jul 13, 2018
Open
daurnimator
daurnimator commented Jul 13, 2018
View reviewed changes
src/openssl.c Outdated
{0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},
{0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},
{0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
{0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
Copy link
Collaborator Author

@daurnimator daurnimator Jul 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be TLS_KRB5_WITH_DES_CBC_SHA? See https://github.com/openssl/openssl/pull/1743/files and daurnimator/lua-http#116 (comment)

daurnimator
daurnimator commented Jul 13, 2018
View reviewed changes
src/openssl.c Outdated
{0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"},
{0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},
{0x001D, "TLS_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
{0x001E, "TLS_FORTEZZA_KEA_WITH_RC4_128_SHA"},
Copy link
Collaborator Author

@daurnimator daurnimator Jul 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awaiting answer to openssl/openssl#6710

@daurnimator
src/openssl.c: Prefer our list of standard cipher names in openssl <1…
2ec9b93 
….1.1
@daurnimator
src/openssl.c: Change 0x001E to KRB5_WITH_DES_CBC_SHA
e75a942 
According to openssl/openssl#6710 patches exist(ed)
for Kerberos, while FORTEZZA_KEA_WITH_RC4_128_SHA was never implemented (and
not likely to be in future)
@daurnimator daurnimator merged commit e75a942 into wahern:master Aug 3, 2018
@daurnimator daurnimator deleted the std-cipher-names branch August 3, 2018 07:30
@daurnimator daurnimator restored the std-cipher-names branch August 12, 2018 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

component: ssl enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@daurnimator