]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 27d29db) | patch
ktls: Reject some invalid cipher suites.
authorJohn Baldwin <jhb@FreeBSD.org>
Mon, 15 Nov 2021 19:28:56 +0000 (11:28 -0800)
committerJohn Baldwin <jhb@FreeBSD.org>
Tue, 23 Nov 2021 23:11:53 +0000 (15:11 -0800)
commit94280c58116f91f77436d8bb50f312492c1bb221
tree35af02f3a7da6b777d98606231d204aa1ccc2a36tree | snapshot
parent27d29db0fa81c98f3263294986a83969eb2e1913commit | diff
ktls: Reject some invalid cipher suites.

- Reject AES-CBC cipher suites for TLS 1.0 and TLS 1.1 using auth
  algorithms other than SHA1-HMAC.

- Reject AES-GCM cipher suites for TLS versions older than 1.2.

Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32842

(cherry picked from commit 900a28fe33ef998aaee55cb243f4efa35471da07)
sys/kern/uipc_ktls.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.