mirror of https://github.com/aria2/aria2
AppleTLS: Update cipher suites
Also make the suite selection more sane.pull/220/merge
Nils Maier
parent
39d66bd560
commit
e195dc5f00
|
|
@ -35,6 +35,7 @@
|
|||
|
||||
#include "AppleTLSSession.h"
|
||||
|
||||
#include <sstream>
|
||||
#include <vector>
|
||||
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
|
|
@ -95,160 +96,215 @@ namespace {
|
|||
}
|
||||
}
|
||||
|
||||
#define SUITE(s) { s, #s }
|
||||
#define SUITE(s, n) { n, #s }
|
||||
static struct {
|
||||
SSLCipherSuite suite;
|
||||
const char *name;
|
||||
} kSuites[] = {
|
||||
SUITE(SSL_NULL_WITH_NULL_NULL),
|
||||
SUITE(SSL_RSA_WITH_NULL_MD5),
|
||||
SUITE(SSL_RSA_WITH_NULL_SHA),
|
||||
SUITE(SSL_RSA_EXPORT_WITH_RC4_40_MD5),
|
||||
SUITE(SSL_RSA_WITH_RC4_128_MD5),
|
||||
SUITE(SSL_RSA_WITH_RC4_128_SHA),
|
||||
SUITE(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),
|
||||
SUITE(SSL_RSA_WITH_IDEA_CBC_SHA),
|
||||
SUITE(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA),
|
||||
SUITE(SSL_RSA_WITH_DES_CBC_SHA),
|
||||
SUITE(SSL_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA),
|
||||
SUITE(SSL_DH_DSS_WITH_DES_CBC_SHA),
|
||||
SUITE(SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA),
|
||||
SUITE(SSL_DH_RSA_WITH_DES_CBC_SHA),
|
||||
SUITE(SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA),
|
||||
SUITE(SSL_DHE_DSS_WITH_DES_CBC_SHA),
|
||||
SUITE(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA),
|
||||
SUITE(SSL_DHE_RSA_WITH_DES_CBC_SHA),
|
||||
SUITE(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5),
|
||||
SUITE(SSL_DH_anon_WITH_RC4_128_MD5),
|
||||
SUITE(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA),
|
||||
SUITE(SSL_DH_anon_WITH_DES_CBC_SHA),
|
||||
SUITE(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(SSL_FORTEZZA_DMS_WITH_NULL_SHA),
|
||||
SUITE(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA),
|
||||
SUITE(TLS_RSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_DH_anon_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_RSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_DH_anon_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_NULL_SHA),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_RC4_128_SHA),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_NULL_SHA),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_ECDH_RSA_WITH_NULL_SHA),
|
||||
SUITE(TLS_ECDH_RSA_WITH_RC4_128_SHA),
|
||||
SUITE(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_NULL_SHA),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_RC4_128_SHA),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),
|
||||
SUITE(TLS_ECDH_anon_WITH_NULL_SHA),
|
||||
SUITE(TLS_ECDH_anon_WITH_RC4_128_SHA),
|
||||
SUITE(SSL_RSA_WITH_RC2_CBC_MD5),
|
||||
SUITE(SSL_RSA_WITH_IDEA_CBC_MD5),
|
||||
SUITE(SSL_RSA_WITH_DES_CBC_MD5),
|
||||
SUITE(SSL_RSA_WITH_3DES_EDE_CBC_MD5),
|
||||
// From CipherSuite.h (10.9)
|
||||
SUITE(SSL_NULL_WITH_NULL_NULL, 0x0000),
|
||||
SUITE(SSL_RSA_WITH_NULL_MD5, 0x0001),
|
||||
SUITE(SSL_RSA_WITH_NULL_SHA, 0x0002),
|
||||
SUITE(SSL_RSA_EXPORT_WITH_RC4_40_MD5, 0x0003),
|
||||
SUITE(SSL_RSA_WITH_RC4_128_MD5, 0x0004),
|
||||
SUITE(SSL_RSA_WITH_RC4_128_SHA, 0x0005),
|
||||
SUITE(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 0x0006),
|
||||
SUITE(SSL_RSA_WITH_IDEA_CBC_SHA, 0x0007),
|
||||
SUITE(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 0x0008),
|
||||
SUITE(SSL_RSA_WITH_DES_CBC_SHA, 0x0009),
|
||||
SUITE(SSL_RSA_WITH_3DES_EDE_CBC_SHA, 0x000A),
|
||||
SUITE(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 0x000B),
|
||||
SUITE(SSL_DH_DSS_WITH_DES_CBC_SHA, 0x000C),
|
||||
SUITE(SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, 0x000D),
|
||||
SUITE(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 0x000E),
|
||||
SUITE(SSL_DH_RSA_WITH_DES_CBC_SHA, 0x000F),
|
||||
SUITE(SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, 0x0010),
|
||||
SUITE(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 0x0011),
|
||||
SUITE(SSL_DHE_DSS_WITH_DES_CBC_SHA, 0x0012),
|
||||
SUITE(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 0x0013),
|
||||
SUITE(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 0x0014),
|
||||
SUITE(SSL_DHE_RSA_WITH_DES_CBC_SHA, 0x0015),
|
||||
SUITE(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 0x0016),
|
||||
SUITE(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, 0x0017),
|
||||
SUITE(SSL_DH_anon_WITH_RC4_128_MD5, 0x0018),
|
||||
SUITE(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 0x0019),
|
||||
SUITE(SSL_DH_anon_WITH_DES_CBC_SHA, 0x001A),
|
||||
SUITE(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, 0x001B),
|
||||
SUITE(SSL_FORTEZZA_DMS_WITH_NULL_SHA, 0x001C),
|
||||
SUITE(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, 0x001D),
|
||||
|
||||
#if defined(__MAC_10_8)
|
||||
SUITE(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_256_CBC_SHA256),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_256_CBC_SHA256),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_DH_anon_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_DH_anon_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_DH_anon_WITH_AES_256_CBC_SHA256),
|
||||
SUITE(TLS_DH_anon_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_DH_anon_WITH_RC4_128_MD5),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_EMPTY_RENEGOTIATION_INFO_SCSV),
|
||||
SUITE(TLS_NULL_WITH_NULL_NULL),
|
||||
SUITE(TLS_RSA_WITH_3DES_EDE_CBC_SHA),
|
||||
SUITE(TLS_RSA_WITH_AES_128_CBC_SHA256),
|
||||
SUITE(TLS_RSA_WITH_AES_128_GCM_SHA256),
|
||||
SUITE(TLS_RSA_WITH_AES_256_CBC_SHA256),
|
||||
SUITE(TLS_RSA_WITH_AES_256_GCM_SHA384),
|
||||
SUITE(TLS_RSA_WITH_NULL_MD5),
|
||||
SUITE(TLS_RSA_WITH_NULL_SHA),
|
||||
SUITE(TLS_RSA_WITH_NULL_SHA256),
|
||||
SUITE(TLS_RSA_WITH_RC4_128_MD5),
|
||||
SUITE(TLS_RSA_WITH_RC4_128_SHA),
|
||||
#endif
|
||||
SUITE(TLS_RSA_WITH_AES_128_CBC_SHA, 0x002F),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_128_CBC_SHA, 0x0030),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_128_CBC_SHA, 0x0031),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 0x0032),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 0x0033),
|
||||
SUITE(TLS_DH_anon_WITH_AES_128_CBC_SHA, 0x0034),
|
||||
SUITE(TLS_RSA_WITH_AES_256_CBC_SHA, 0x0035),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_256_CBC_SHA, 0x0036),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_256_CBC_SHA, 0x0037),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 0x0038),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 0x0039),
|
||||
SUITE(TLS_DH_anon_WITH_AES_256_CBC_SHA, 0x003A),
|
||||
|
||||
SUITE(SSL_NO_SUCH_CIPHERSUITE)
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_NULL_SHA, 0xC001),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 0xC002),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 0xC003),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 0xC004),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 0xC005),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_NULL_SHA, 0xC006),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0xC007),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0xC008),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0xC009),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0xC00A),
|
||||
SUITE(TLS_ECDH_RSA_WITH_NULL_SHA, 0xC00B),
|
||||
SUITE(TLS_ECDH_RSA_WITH_RC4_128_SHA, 0xC00C),
|
||||
SUITE(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 0xC00D),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 0xC00E),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 0xC00F),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_NULL_SHA, 0xC010),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0xC011),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0xC012),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0xC013),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0xC014),
|
||||
SUITE(TLS_ECDH_anon_WITH_NULL_SHA, 0xC015),
|
||||
SUITE(TLS_ECDH_anon_WITH_RC4_128_SHA, 0xC016),
|
||||
SUITE(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 0xC017),
|
||||
SUITE(TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 0xC018),
|
||||
SUITE(TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 0xC019),
|
||||
|
||||
SUITE(TLS_NULL_WITH_NULL_NULL, 0x0000),
|
||||
|
||||
SUITE(TLS_RSA_WITH_NULL_MD5, 0x0001),
|
||||
SUITE(TLS_RSA_WITH_NULL_SHA, 0x0002),
|
||||
SUITE(TLS_RSA_WITH_RC4_128_MD5, 0x0004),
|
||||
SUITE(TLS_RSA_WITH_RC4_128_SHA, 0x0005),
|
||||
SUITE(TLS_RSA_WITH_3DES_EDE_CBC_SHA, 0x000A),
|
||||
SUITE(TLS_RSA_WITH_NULL_SHA256, 0x003B),
|
||||
SUITE(TLS_RSA_WITH_AES_128_CBC_SHA256, 0x003C),
|
||||
SUITE(TLS_RSA_WITH_AES_256_CBC_SHA256, 0x003D),
|
||||
|
||||
SUITE(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 0x000D),
|
||||
SUITE(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 0x0010),
|
||||
SUITE(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 0x0013),
|
||||
SUITE(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 0x0016),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 0x003E),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 0x003F),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 0x0040),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 0x0067),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 0x0068),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 0x0069),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 0x006A),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 0x006B),
|
||||
|
||||
SUITE(TLS_DH_anon_WITH_RC4_128_MD5, 0x0018),
|
||||
SUITE(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 0x001B),
|
||||
SUITE(TLS_DH_anon_WITH_AES_128_CBC_SHA256, 0x006C),
|
||||
SUITE(TLS_DH_anon_WITH_AES_256_CBC_SHA256, 0x006D),
|
||||
|
||||
SUITE(TLS_PSK_WITH_RC4_128_SHA, 0x008A),
|
||||
SUITE(TLS_PSK_WITH_3DES_EDE_CBC_SHA, 0x008B),
|
||||
SUITE(TLS_PSK_WITH_AES_128_CBC_SHA, 0x008C),
|
||||
SUITE(TLS_PSK_WITH_AES_256_CBC_SHA, 0x008D),
|
||||
SUITE(TLS_DHE_PSK_WITH_RC4_128_SHA, 0x008E),
|
||||
SUITE(TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 0x008F),
|
||||
SUITE(TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 0x0090),
|
||||
SUITE(TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 0x0091),
|
||||
SUITE(TLS_RSA_PSK_WITH_RC4_128_SHA, 0x0092),
|
||||
SUITE(TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 0x0093),
|
||||
SUITE(TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 0x0094),
|
||||
SUITE(TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 0x0095),
|
||||
|
||||
SUITE(TLS_PSK_WITH_NULL_SHA, 0x002C),
|
||||
SUITE(TLS_DHE_PSK_WITH_NULL_SHA, 0x002D),
|
||||
SUITE(TLS_RSA_PSK_WITH_NULL_SHA, 0x002E),
|
||||
|
||||
SUITE(TLS_RSA_WITH_AES_128_GCM_SHA256, 0x009C),
|
||||
SUITE(TLS_RSA_WITH_AES_256_GCM_SHA384, 0x009D),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 0x009E),
|
||||
SUITE(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 0x009F),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 0x00A0),
|
||||
SUITE(TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 0x00A1),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 0x00A2),
|
||||
SUITE(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 0x00A3),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 0x00A4),
|
||||
SUITE(TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 0x00A5),
|
||||
SUITE(TLS_DH_anon_WITH_AES_128_GCM_SHA256, 0x00A6),
|
||||
SUITE(TLS_DH_anon_WITH_AES_256_GCM_SHA384, 0x00A7),
|
||||
|
||||
SUITE(TLS_PSK_WITH_AES_128_GCM_SHA256, 0x00A8),
|
||||
SUITE(TLS_PSK_WITH_AES_256_GCM_SHA384, 0x00A9),
|
||||
SUITE(TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 0x00AA),
|
||||
SUITE(TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 0x00AB),
|
||||
SUITE(TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 0x00AC),
|
||||
SUITE(TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 0x00AD),
|
||||
|
||||
SUITE(TLS_PSK_WITH_AES_128_CBC_SHA256, 0x00AE),
|
||||
SUITE(TLS_PSK_WITH_AES_256_CBC_SHA384, 0x00AF),
|
||||
SUITE(TLS_PSK_WITH_NULL_SHA256, 0x00B0),
|
||||
SUITE(TLS_PSK_WITH_NULL_SHA384, 0x00B1),
|
||||
|
||||
SUITE(TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 0x00B2),
|
||||
SUITE(TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 0x00B3),
|
||||
SUITE(TLS_DHE_PSK_WITH_NULL_SHA256, 0x00B4),
|
||||
SUITE(TLS_DHE_PSK_WITH_NULL_SHA384, 0x00B5),
|
||||
|
||||
SUITE(TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 0x00B6),
|
||||
SUITE(TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 0x00B7),
|
||||
SUITE(TLS_RSA_PSK_WITH_NULL_SHA256, 0x00B8),
|
||||
SUITE(TLS_RSA_PSK_WITH_NULL_SHA384, 0x00B9),
|
||||
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0xC023),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0xC024),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 0xC025),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 0xC026),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0xC027),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 0xC028),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 0xC029),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 0xC02A),
|
||||
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0xC02B),
|
||||
SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0xC02C),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 0xC02D),
|
||||
SUITE(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 0xC02E),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0xC02F),
|
||||
SUITE(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0xC030),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 0xC031),
|
||||
SUITE(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 0xC032),
|
||||
|
||||
SUITE(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 0x00FF),
|
||||
SUITE(SSL_RSA_WITH_RC2_CBC_MD5, 0xFF80),
|
||||
SUITE(SSL_RSA_WITH_IDEA_CBC_MD5, 0xFF81),
|
||||
SUITE(SSL_RSA_WITH_DES_CBC_MD5, 0xFF82),
|
||||
SUITE(SSL_RSA_WITH_3DES_EDE_CBC_MD5, 0xFF83),
|
||||
SUITE(SSL_NO_SUCH_CIPHERSUITE, 0xFFFF)
|
||||
};
|
||||
#undef SUITE
|
||||
|
||||
static inline const char* suiteToString(const SSLCipherSuite suite)
|
||||
static inline std::string suiteToString(const SSLCipherSuite suite)
|
||||
{
|
||||
for (auto & s : kSuites) {
|
||||
if (s.suite == suite) {
|
||||
return s.name;
|
||||
}
|
||||
}
|
||||
return "Unknown suite";
|
||||
std::stringstream ss;
|
||||
ss << "Unknown suite (0x" << std::hex << suite << ") like TLS_NULL_WITH_NULL_NULL";
|
||||
return ss.str();
|
||||
}
|
||||
|
||||
static const char* kBlocked[] = {
|
||||
"NULL", "anon", "MD5", "EXPORT", "DES", "IDEA", "NO_SUCH", "EMPTY"
|
||||
"NULL", "anon", "MD5", "EXPORT", "DES", "IDEA", "NO_SUCH", "EMPTY", "PSK"
|
||||
};
|
||||
|
||||
static inline bool isBlockedSuite(SSLCipherSuite suite)
|
||||
{
|
||||
const char* name = suiteToString(suite);
|
||||
using namespace aria2;
|
||||
|
||||
// Don't care about SSL2 suites!
|
||||
std::string name = suiteToString(suite);
|
||||
for (auto& blocked : kBlocked) {
|
||||
if (strstr(name, blocked)) {
|
||||
if (strstr(name.c_str(), blocked)) {
|
||||
A2_LOG_DEBUG(fmt("Removing blocked cipher suite: %s", name.c_str()));
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -344,7 +400,7 @@ AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
|
|||
return;
|
||||
}
|
||||
for (const auto& suite: enabled) {
|
||||
A2_LOG_INFO(fmt("AppleTLS: Enabled suite %s", suiteToString(suite)));
|
||||
A2_LOG_INFO(fmt("AppleTLS: Enabled suite %s", suiteToString(suite).c_str()));
|
||||
}
|
||||
if (SSLSetEnabledCiphers(sslCtx_, &enabled[0], enabled.size()) != noErr) {
|
||||
A2_LOG_ERROR("AppleTLS: Failed to set enabled ciphers list");
|
||||
|
|
@ -613,7 +669,7 @@ int AppleTLSSession::tlsConnect(const std::string& hostname, std::string& handsh
|
|||
A2_LOG_INFO(fmt("AppleTLS: Connected to %s with %s (%s)",
|
||||
hostname.c_str(),
|
||||
protoToString(proto),
|
||||
suiteToString(suite)));
|
||||
suiteToString(suite).c_str()));
|
||||
|
||||
return TLS_ERR_OK;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue