>From 28b1a922a7c8b0bcd4aedd0a6f83f232693546a9 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 17 May 2013 21:59:38 +0200 Subject: [PATCH 3/3] advertize and use salsa20 on new gnutls versions Signed-off-by: Nikos Mavrogiannopoulos --- cstp.c | 5 +++++ dtls.c | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/cstp.c b/cstp.c index bb79e7e..55609c1 100644 --- a/cstp.c +++ b/cstp.c @@ -220,8 +220,13 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) buf_append(buf, sizeof(buf), "X-DTLS-Master-Secret: "); for (i = 0; i < sizeof(vpninfo->dtls_secret); i++) buf_append(buf, sizeof(buf), "%02X", vpninfo->dtls_secret[i]); +#if GNUTLS_VERSION_NUMBER >= 0x030201 + buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n", + vpninfo->dtls_ciphers ? : "X-ESTREAM-SALSA20-UMAC96:X-SALSA20-UMAC96:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA"); +#else buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n", vpninfo->dtls_ciphers ? : "AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA"); +#endif openconnect_SSL_write(vpninfo, buf, strlen(buf)); diff --git a/dtls.c b/dtls.c index ec44446..9c02a12 100644 --- a/dtls.c +++ b/dtls.c @@ -358,6 +358,12 @@ struct { "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-256-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" }, { "DES-CBC3-SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, "NONE:+VERS-DTLS0.9:+COMP-NULL:+3DES-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" }, +#if GNUTLS_VERSION_NUMBER >= 0x030201 + { "X-SALSA20-UMAC96", GNUTLS_CIPHER_SALSA20_256, GNUTLS_MAC_UMAC_96, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+SALSA20-256:+UMAC-96:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" }, + { "X-ESTREAM-SALSA20-UMAC96", GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_MAC_UMAC_96, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+ESTREAM-SALSA20-256:+UMAC-96:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" }, +#endif }; #define DTLS_SEND gnutls_record_send -- 1.7.10.4