kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ede973a89a
boringssl/ssl/test/runner
History
David Benjamin ede973a89a Tidy up cipher ordering. 
To align with what Chrome sends on NSS, remove all 3DES cipher suites except
RSA_WITH_3DES_EDE_CBC_SHA. This avoids having to order a PFS 3DES cipher
against a non-PFS 3DES cipher.

Remove the strength sort which wanted place AES_256_CBC ahead of AES_128_GCM
and is not especially useful (everything under 128 is either 3DES or DES).
Instead, explicitly order all the bulk ciphers. Continue to prefer PFS over
non-PFS and ECDHE over DHE.

This gives the following order in Chromium. We can probably prune it a bit
(DHE_DSS, DH_*) in a follow-up.

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)   Forward Secrecy	256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)   Forward Secrecy	256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc15)   Forward Secrecy	256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy	128
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy	128
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0xa2)   Forward Secrecy*	128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy	128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy	256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy	256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy	256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)   Forward Secrecy*	256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy	128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy	128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy	128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)   Forward Secrecy*	128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   Forward Secrecy	128
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)   Forward Secrecy	128
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0xa4)	128
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0xa0)	128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)	128
TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x37)	256
TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x36)	256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)	256
TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x31)	128
TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x30)	128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)	128
TLS_RSA_WITH_RC4_128_SHA (0x5)	128
TLS_RSA_WITH_RC4_128_MD5 (0x4)	128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)	112

BUG=405091

Change-Id: Ib8dd28469414a4eb496788a57a215e7e21f8c37f
Reviewed-on: https://boringssl-review.googlesource.com/1559
Reviewed-by: Adam Langley <agl@google.com>
2014-08-19 19:00:32 +00:00
..
alert.go Inital import. 2014-06-20 13:17:32 -07:00
cert.pem Inital import. 2014-06-20 13:17:32 -07:00
cipher_suites.go Test-only DTLS implementation in runner.go. 2014-08-13 23:43:38 +00:00
common.go Test-only DTLS implementation in runner.go. 2014-08-13 23:43:38 +00:00
conn.go Test-only DTLS implementation in runner.go. 2014-08-13 23:43:38 +00:00
dtls.go Test-only DTLS implementation in runner.go. 2014-08-13 23:43:38 +00:00
ecdsa_cert.pem Inital import. 2014-06-20 13:17:32 -07:00
ecdsa_key.pem Inital import. 2014-06-20 13:17:32 -07:00
handshake_client.go DTLS version negotiation doesn't happen at HelloVerifyRequest. 2014-08-18 18:07:43 +00:00
handshake_messages.go Test-only DTLS implementation in runner.go. 2014-08-13 23:43:38 +00:00
handshake_server.go DTLS version negotiation doesn't happen at HelloVerifyRequest. 2014-08-18 18:07:43 +00:00
key_agreement.go Get SSL 3.0 server tests working. 2014-08-14 21:42:36 +00:00
key.pem Inital import. 2014-06-20 13:17:32 -07:00
packet_adapter.go Add initial DTLS tests. 2014-08-14 16:55:45 +00:00
prf.go runner: Require the CertificateVerify signature and hash to match. 2014-07-21 15:59:48 +00:00
runner.go Tidy up cipher ordering. 2014-08-19 19:00:32 +00:00
ticket.go Fix runner.go session ticket support. 2014-07-23 15:31:24 +00:00
tls.go Inital import. 2014-06-20 13:17:32 -07:00