Closed
Conversation
alexw91
commented
Dec 30, 2024
| } | ||
| } | ||
|
|
||
| pub fn kem_group_name(&self) -> Option<&str> { |
Contributor
Author
There was a problem hiding this comment.
Copy/Paste of kem_name function a few lines above, but with a call to s2n_connection_get_kem_group_name() instead of s2n_connection_get_kem_name().
600d533 to
9cf4622
Compare
alexw91
commented
Dec 30, 2024
Comment on lines
+154
to
+155
| /* Ensure that PQ enabled Policies support TLS 1.3 since TLS 1.3 is now required for PQ support. */ | ||
| EXPECT_TRUE(has_tls_13_cipher); |
Contributor
Author
There was a problem hiding this comment.
Moved "TLS 1.3 + PQ checks" further down in the function so that this code has access to the has_tls_13_cipher variable, so that a check that requires TLS 1.3 support for all PQ policies could be added.
9cf4622 to
61b66e5
Compare
61b66e5 to
6d988ce
Compare
…nd it results in a smaller diff
alexw91
commented
Jan 2, 2025
|
|
||
| const struct s2n_security_policy *security_policy = NULL; | ||
|
|
||
| /* Test Deprecated Security Policies*/ |
Contributor
Author
There was a problem hiding this comment.
New unit tests for deprecated security policies.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release Summary:
Removes draft support for post-quantum TLS 1.2 (draft-campagna-tls-bike-sike-hybrid) from s2n-tls. Support for post-quantum TLS 1.3 (draft-ietf-tls-hybrid-design) is kept.
Resolved issues:
None.
Description of changes:
Removes draft support for post-quantum TLS 1.2 (draft-campagna-tls-bike-sike-hybrid) from s2n-tls. Support for post-quantum TLS 1.3 (draft-ietf-tls-hybrid-design) is kept.
Call-outs:
TLS_ECDHE_KYBER_RSA_WITH_AES_256_GCM_SHA384cipher entirely from s2n-tls.s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384was removed from all cipher preference lists. If this removal made the cipher preference list identical to an already existing cipher preference list, then the entire cipher preference list was deleted and security policies migrated to use the other already existing cipher preference list. Otherwise, if no equivalent cipher preference list existed thens2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384was removed in-place (eg forcipher_suites_pq_tls_1_0_2021_05_24).s2n_connection_get_kem_name()is kept, but now hardcoded to always returnNONEin all circumstances so as to not break customers.Testing:
S2N_ERR_DEPRECATED_SECURITY_POLICYwhen requested.Remember:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.