mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

[dev.boringcrypto] all: merge master into dev.boringcrypto

Browse source 
Add BoringCrypto-specific test data to TestAESCipherReordering
and TestAESCipherReordering13.

Change-Id: Id1def4cf166d5059920741f045e3e61bb17c23c8
This commit is contained in:
Dmitri Shuralyov 2020-12-01 21:15:51 -05:00
commit aac7355af4
37 changed files with 2896 additions and 2549 deletions
Download patch file Download diff file Expand all files Collapse all files

15
handshake_server.go
View file

@ -303,9 +303,24 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
if c.config.PreferServerCipherSuites {
preferenceList = c.config.cipherSuites()
supportedList = hs.clientHello.cipherSuites
// If the client does not seem to have hardware support for AES-GCM,
// and the application did not specify a cipher suite preference order,
// prefer other AEAD ciphers even if we prioritized AES-GCM ciphers
// by default.
if c.config.CipherSuites == nil && !aesgcmPreferred(hs.clientHello.cipherSuites) {
preferenceList = deprioritizeAES(preferenceList)
}
} else {
preferenceList = hs.clientHello.cipherSuites
supportedList = c.config.cipherSuites()
// If we don't have hardware support for AES-GCM, prefer other AEAD
// ciphers even if the client prioritized AES-GCM.
// If BoringCrypto is enabled, always prioritize AES-GCM.
if !hasAESGCMHardwareSupport && !boringEnabled {
preferenceList = deprioritizeAES(preferenceList)
}
}
hs.suite = selectCipherSuite(preferenceList, supportedList, hs.cipherSuiteOk)