HomeFreeBSD
Diffusion FreeBSD src repository 900a28fe33ef

ktls: Reject some invalid cipher suites.
900a28fe33ef
Actions

Description

ktls: Reject some invalid cipher suites.

  • Reject AES-CBC cipher suites for TLS 1.0 and TLS 1.1 using auth algorithms other than SHA1-HMAC.
  • Reject AES-GCM cipher suites for TLS versions older than 1.2.

Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32842

Details

Provenance
jhbAuthored on Nov 15 2021, 7:28 PM
Reviewer
markj
Differential Revision
D32842: ktls: Reject some invalid cipher suites.
Parents
rG0ff2a12ae32a: ktls: Add tests for sending empty fragments for TLS 1.0 connections.
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rG900a28fe33ef

View Options

sys/kern/uipc_ktls.c

Loading...