mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

[dev.boringcrypto] all: merge master into dev.boringcrypto

Browse source 
Add BoringCrypto-specific test data to TestAESCipherReordering
and TestAESCipherReordering13.

Change-Id: Id1def4cf166d5059920741f045e3e61bb17c23c8
This commit is contained in:
Dmitri Shuralyov 2020-12-01 21:15:51 -05:00
commit aac7355af4
37 changed files with 2896 additions and 2549 deletions
Download patch file Download diff file Expand all files Collapse all files

14
handshake_server_tls13.go
View file

@ -157,9 +157,23 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
if c.config.PreferServerCipherSuites {
preferenceList = defaultCipherSuitesTLS13()
supportedList = hs.clientHello.cipherSuites
// If the client does not seem to have hardware support for AES-GCM,
// prefer other AEAD ciphers even if we prioritized AES-GCM ciphers
// by default.
if !aesgcmPreferred(hs.clientHello.cipherSuites) {
preferenceList = deprioritizeAES(preferenceList)
}
} else {
preferenceList = hs.clientHello.cipherSuites
supportedList = defaultCipherSuitesTLS13()
// If we don't have hardware support for AES-GCM, prefer other AEAD
// ciphers even if the client prioritized AES-GCM.
// If BoringCrypto is enabled, always prioritize AES-GCM.
if !hasAESGCMHardwareSupport && !boringEnabled {
preferenceList = deprioritizeAES(preferenceList)
}
}
for _, suiteID := range preferenceList {
hs.suite = mutualCipherSuiteTLS13(supportedList, suiteID)