From: Felix Fietkau <nbd@nbd.name>
Date: Sun, 7 Apr 2024 14:43:47 +0000 (+0200)
Subject: mbedtls: add TLS 1.3 ciphers
X-Git-Url: http://git.openwrt.org/feed/packa?a=commitdiff_plain;h=9fdf3fb87af55bd295bccd109a36b4b936033126;p=project%2Fustream-ssl.git

mbedtls: add TLS 1.3 ciphers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index b733ea1..c2eb2d4 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -121,6 +121,14 @@ static int _random(void *ctx, unsigned char *out, size_t len)
 
 static const int default_ciphersuites_server[] =
 {
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+	MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+	MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+	MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+	MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+	MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif
+
 	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_GCM_CIPHERS(ECDHE_ECDSA),
 	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -132,6 +140,14 @@ static const int default_ciphersuites_server[] =
 
 static const int default_ciphersuites_client[] =
 {
+#ifdef MBEDTLS_SSL_PROTO_TLS1_3
+	MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
+	MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
+	MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
+	MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
+	MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
+#endif
+
 	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_GCM_CIPHERS(ECDHE_ECDSA),
 	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,