Skip to content

Commit d789f37

Browse files
rsomla1rsomla1
committed
WL#12755: Update list of allowed ciphers.
1 parent 84faff4 commit d789f37

File tree

1 file changed

+7
-19
lines changed

1 file changed

+7
-19
lines changed

cdk/foundation/connection_openssl.cc

Lines changed: 7 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -98,8 +98,6 @@ POP_SYS_WARNINGS_CDK
9898
X("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256") \
9999
X("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "ECDHE-ECDSA-AES256-GCM-SHA384") \
100100
X("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "ECDHE-RSA-AES128-GCM-SHA256") \
101-
X("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "ECDHE-ECDSA-AES128-SHA256") \
102-
X("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "ECDHE-RSA-AES128-SHA256") \
103101

104102
/*
105103
Note: Empty OpenSSL name means TLSv1.3+ cipher suite which is handled
@@ -120,30 +118,20 @@ POP_SYS_WARNINGS_CDK
120118
X("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "DHE-RSA-AES128-SHA256") \
121119
X("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "DHE-DSS-AES128-SHA256") \
122120
X("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "DHE-DSS-AES256-GCM-SHA384") \
123-
X("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "DHE-RSA-AES256-SHA256") \
124-
X("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "DHE-DSS-AES256-SHA256") \
125121
X("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "DHE-RSA-AES256-GCM-SHA384") \
126122
X("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305") \
127123
X("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "ECDHE-RSA-CHACHA20-POLY1305") \
128124

129125

130126
#define TLS_CIPHERS_APPROVED2(X) \
131127
X("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", "DH-DSS-AES128-GCM-SHA256") \
132-
X("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "ECDH-ECDSA-AES128-GCM-SHA256") \
133-
X("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", "DH-DSS-AES256-GCM-SHA384") \
134-
X("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "ECDH-ECDSA-AES256-GCM-SHA384") \
135-
X("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", "DH-DSS-AES128-SHA256") \
136-
X("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "ECDH-ECDSA-AES128-SHA256") \
137-
X("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", "DH-DSS-AES256-SHA256") \
138-
X("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "ECDH-ECDSA-AES256-SHA384") \
139-
X("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", "DH-RSA-AES128-GCM-SHA256") \
140-
X("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "ECDH-RSA-AES128-GCM-SHA256") \
141-
X("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", "DH-RSA-AES256-GCM-SHA384") \
142-
X("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "ECDH-RSA-AES256-GCM-SHA384") \
143-
X("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", "DH-RSA-AES128-SHA256") \
144-
X("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "ECDH-RSA-AES128-SHA256") \
145-
X("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", "DH-RSA-AES256-SHA256") \
146-
X("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "ECDH-RSA-AES256-SHA384") \
128+
X("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","ECDH-ECDSA-AES128-GCM-SHA256") \
129+
X("TLS_DH_DSS_WITH_AES_256_GCM_SHA384","DH-DSS-AES256-GCM-SHA384") \
130+
X("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","ECDH-ECDSA-AES256-GCM-SHA384") \
131+
X("TLS_DH_RSA_WITH_AES_128_GCM_SHA256","DH-RSA-AES128-GCM-SHA256") \
132+
X("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","ECDH-RSA-AES128-GCM-SHA256") \
133+
X("TLS_DH_RSA_WITH_AES_256_GCM_SHA384","DH-RSA-AES256-GCM-SHA384") \
134+
X("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","ECDH-RSA-AES256-GCM-SHA384") \
147135

148136

149137
// Note: these deprecated ciphers are temporarily allowed to make it possible

0 commit comments

Comments
 (0)