This commit fixes two issues:

1. ciphers.inc has TLSv1.3 ciphers prefixed with "TXT", while current version has "RFC".
TLS1_3_RFC_AES_128_GCM_SHA256 should be instead of TLS1_3_TXT_AES_128_GCM_SHA256, in both define and CIPHER() macro.

2. Tor calls only SSL_set_cipher_list() in tlstls_openssl.c, this sets only TLSv1.2 ciphers, while TLSv1.3 ciphers stay in default state.
TLSv1.3 ciphersuites are set with SSL_set_ciphersuites(), but the list require to contain only TLSv1.3 suites (no v1.2).

Contrary to SSL_set_cipher_list(), TLSv1.3 SSL_set_ciphersuites() does NOT accept finalizing :, so it should be stripped out.

This reverts commit 4f1298e4.

Fixes #25312

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Mike Perry authored 2 years ago and David Goulet committed 2 years ago

Only cache RTT on explicit stalls; Only use this cache for the
RTT decrease case. Otherwise use only local circuit RTT state for clock jump
checks.

You win Maze; we surrender.

Leave it at notice if we do have enough dir info.

This log is harmless, and can be common at relays if clients are sending XOFF.