GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

The Salsa20 ciphersuites are used over DTLS 1.2, and their names follow the new encoding.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2013-11-16 23:12:48 +01:00
parent 1265b8949d
commit a6ec332988
1 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/worker-vpn.c
View File

@@ -217,32 +217,30 @@ char * str;
case HEADER_DTLS_CIPHERSUITE:
str = (char*)req->value.data;
while ((token = strtok(str, ":")) != NULL) {
#if GNUTLS_VERSION_NUMBER >= 0x030201
if (strcmp(token, "X-ESTREAM-SALSA20-UMAC96") == 0) {
req->selected_ciphersuite = "X-ESTREAM-SALSA20-UMAC96";
req->gnutls_ciphersuite = "NONE:+VERS-DTLS0.9:+COMP-NULL:+ESTREAM-SALSA20-256:+UMAC-96:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
#if GNUTLS_VERSION_NUMBER >= 0x030207
if (strcmp(token, "OC-DTLS1_2-ESALSA20-SHA") == 0) {
req->selected_ciphersuite = "OC-DTLS1_2-ESALSA20-SHA";
req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+ESTREAM-SALSA20-256:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
req->gnutls_cipher = GNUTLS_CIPHER_ESTREAM_SALSA20_256;
req->gnutls_mac = GNUTLS_MAC_UMAC_96;
req->gnutls_version = GNUTLS_DTLS0_9;
req->gnutls_mac = GNUTLS_MAC_SHA1;
req->gnutls_version = GNUTLS_DTLS1_2;
break;
} else if (strcmp(token, "X-SALSA20-UMAC96") == 0) {
req->gnutls_ciphersuite = "NONE:+VERS-DTLS0.9:+COMP-NULL:+SALSA20-256:+UMAC-96:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
req->selected_ciphersuite = "X-SALSA20-UMAC96";
} else if (strcmp(token, "OC-DTLS1_2-SALSA20-SHA") == 0) {
req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+SALSA20-256:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION";
req->selected_ciphersuite = "OC-DTLS1_2-SALSA20-SHA";
req->gnutls_cipher = GNUTLS_CIPHER_SALSA20_256;
req->gnutls_mac = GNUTLS_MAC_UMAC_96;
req->gnutls_version = GNUTLS_DTLS0_9;
req->gnutls_mac = GNUTLS_MAC_SHA1;
req->gnutls_version = GNUTLS_DTLS1_2;
break;
} else
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030207
if (strcmp(token, "OC-AES128-GCM") == 0) {
if (strcmp(token, "OC-DTLS1_2-AES128-GCM") == 0) {
req->selected_ciphersuite = "OC-AES128-GCM";
req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION:+SIGN-ALL";
req->gnutls_cipher = GNUTLS_CIPHER_AES_128_GCM;
req->gnutls_mac = GNUTLS_MAC_AEAD;
req->gnutls_version = GNUTLS_DTLS1_2;
break;
} else if (strcmp(token, "OC-AES256-GCM") == 0) {
} else if (strcmp(token, "OC-DTLS1_2-AES256-GCM") == 0) {
req->selected_ciphersuite = "OC-AES256-GCM";
req->gnutls_ciphersuite = "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION:+SIGN-ALL";
req->gnutls_cipher = GNUTLS_CIPHER_AES_256_GCM;