HomeFreeBSD
Diffusion FreeBSD src repository 94280c58116f

ktls: Reject some invalid cipher suites.
94280c58116f
Actions

Description

ktls: Reject some invalid cipher suites.

  • Reject AES-CBC cipher suites for TLS 1.0 and TLS 1.1 using auth algorithms other than SHA1-HMAC.
  • Reject AES-GCM cipher suites for TLS versions older than 1.2.

Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32842

(cherry picked from commit 900a28fe33ef998aaee55cb243f4efa35471da07)

Details

Provenance
jhbAuthored on Nov 15 2021, 7:28 PM
Reviewer
markj
Differential Revision
D32842: ktls: Reject some invalid cipher suites.
Parents
rG27d29db0fa81: ktls: Add tests for sending empty fragments for TLS 1.0 connections.
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rG94280c58116f

View Options

sys/kern/uipc_ktls.c

Loading...