Correctly include TLS1.3 ciphers in the enabled ciphersuites when usi…#10388
Merged
normanmaurer merged 1 commit into4.1from Jul 2, 2020
Merged
Correctly include TLS1.3 ciphers in the enabled ciphersuites when usi…#10388normanmaurer merged 1 commit into4.1from
normanmaurer merged 1 commit into4.1from
Conversation
…ng BoringSSL Motivation: BoringSSL behaves differently then OpenSSL and not include any TLS1.3 ciphers in the returned array when calling SSL_get_ciphers(...). This is due the fact that it also not allow to explicit configure which are supported and which not for TLS1.3. To mimic the behaviour expected by the SSLEngine API we should workaround this. Modifications: - Add a unit test that verifies enabled protocols / ciphers - Add special handling for BoringSSL and tls1.3 Result: Make behaviour consistent
Member
Author
|
Found this while working on #10331 |
normanmaurer
added a commit
that referenced
this pull request
Jul 2, 2020
…ng BoringSSL (#10388) Motivation: BoringSSL behaves differently then OpenSSL and not include any TLS1.3 ciphers in the returned array when calling SSL_get_ciphers(...). This is due the fact that it also not allow to explicit configure which are supported and which not for TLS1.3. To mimic the behaviour expected by the SSLEngine API we should workaround this. Modifications: - Add a unit test that verifies enabled protocols / ciphers - Add special handling for BoringSSL and tls1.3 Result: Make behaviour consistent
Kvicii
pushed a commit
to Kvicii/netty
that referenced
this pull request
Jul 3, 2020
* '4.1' of github.com:netty/netty: Correctly include TLS1.3 ciphers in the enabled ciphersuites when using BoringSSL (netty#10388) Fix netty#10378,ResourceLeakDetectorFactory.newResourceLeakDetector(Class, int) ignores sampling interval (netty#10383)
ihanyong
pushed a commit
to ihanyong/netty
that referenced
this pull request
Jul 31, 2020
…ng BoringSSL (netty#10388) Motivation: BoringSSL behaves differently then OpenSSL and not include any TLS1.3 ciphers in the returned array when calling SSL_get_ciphers(...). This is due the fact that it also not allow to explicit configure which are supported and which not for TLS1.3. To mimic the behaviour expected by the SSLEngine API we should workaround this. Modifications: - Add a unit test that verifies enabled protocols / ciphers - Add special handling for BoringSSL and tls1.3 Result: Make behaviour consistent
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…ng BoringSSL
Motivation:
BoringSSL behaves differently then OpenSSL and not include any TLS1.3 ciphers in the returned array when calling SSL_get_ciphers(...). This is due the fact that it also not allow to explicit configure which are supported and which not for TLS1.3. To mimic the behaviour expected by the SSLEngine API we should workaround this.
Modifications:
Result:
Make behaviour consistent