Skip to content

Set TLSv1.3 ciphers to preserve ciphersuites order

ValdikSS requested to merge ValdikSS/tor:main into main

This commit fixes two issues:

  1. ciphers.inc has TLSv1.3 ciphers prefixed with "TXT", while current version has "RFC". TLS1_3_RFC_AES_128_GCM_SHA256 should be instead of TLS1_3_TXT_AES_128_GCM_SHA256, in both define and CIPHER() macro.

  2. Tor calls only SSL_set_cipher_list() in tlstls_openssl.c, this sets only TLSv1.2 ciphers, while TLSv1.3 ciphers stay in default state. TLSv1.3 ciphersuites are set with SSL_set_ciphersuites(), but the list require to contain only TLSv1.3 suites (no v1.2).

Contrary to SSL_set_cipher_list(), TLSv1.3 SSL_set_ciphersuites() does NOT accept finalizing :, so it should be stripped out.

Merge request reports