diff mbox series

[OpenWrt-Devel] ustream-ssl: mbedtls: use chacha-poly ciphersuites

Message ID mailman.13809.1532970571.25356.openwrt-devel@lists.openwrt.org
State Changes Requested
Delegated to: John Crispin
Headers show
Series [OpenWrt-Devel] ustream-ssl: mbedtls: use chacha-poly ciphersuites | expand

Commit Message

Thomas Richard via openwrt-devel July 30, 2018, 5:09 p.m. UTC 
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
These ciphersuites were added in mbedtls v2.12.0, our current version.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Comments

John Crispin Aug. 1, 2018, 9:02 a.m. UTC | #1 
The patch description is missing a reason why we should enable it. just 
because upstream added it is not really reason enough.
     John
diff mbox series

Patch

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@  static int _urandom(void *ctx, unsigned char *out, size_t len)
 
 static const int default_ciphersuites_server[] =
 {
+	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_ECDSA),
+	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_RSA),
 	AES_CIPHERS(RSA),
 	0
@@ -102,8 +104,11 @@  static const int default_ciphersuites_server[] =
 
 static const int default_ciphersuites_client[] =
 {
+	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_ECDSA),
+	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_RSA),
+	MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(DHE_RSA),
 	MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 	AES_CIPHERS(RSA),