[From nobody Thu Jun 25 05:54:45 2020 Received: from sonic317-20.consmr.mail.gq1.yahoo.com ([98.137.66.146]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fkBfk-0001FL-VD for openwrt-devel@lists.openwrt.org; Mon, 30 Jul 2018 17:09:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1532970556; bh=UCRzvOLuDfEERExLN1BYImPg9dX7sw6Jebst4NkZyhA=; h=From:To:Cc:Subject:Date:From:Subject; b=Srn6IYm6Ml9F4bI3eFPUiTmsM1PTOiA2mxp9KAbeHm+Fe298w3OrHCJhBJXDIJXVu9qxLUcEhd1TJmMb9PLgxbxntD9owg+E4lWtIyrwSZmkxop8ahstboVruLcC0N6Y18SjLSyu7XH3AoWbSYzx1YPMUtrAKSa+W63AndRYteI6yocEW9Arg4kbiStO/SwhN0AfDxQJkzTsAkcRhryWwMOXtbbNi5XSj9NYdS1cKGM2kB4SFh3PsiZ2KlF+NTjZtUw5VpBChkhdDY4kBbS5vqdGOSEkZFOQZJhFT87G6qOtgGrvxNTkGhpR3tYLccsQ/5wYTTkBjslg8wWbJPdAMA== X-YMail-OSG: gRnHcpsVM1nglAK4tYzjLZsIiZdspCbF9B8j9Ksu80lAYRdut2jPgvrye2u8Yso Kvu7kEmdohWi0yCjUBI9fqdYHDJ1clz5iddgqcgMhc6UKZQUT1TpIwLq11fGaatK8HQPajfaupKE BYyEnXadZIK.wSk2rTsz6YC97iw67lyvVLpXD_7JbQ6fWe8grgEhOhuWhuMnfTkNgICGa.7HNfDA Q5bzBpllHs6lcvdLRI3inKy3wjnLBF56u9ub4XcfvtcJA.id0Ddij.JdQqIZIXgWeHBzi9aUGGo_ 48gncc8xZxV1dHkFFwtB8i4IoXKJEViexTXDQW9RsHm8zq5puYe567YttJ6Y3Ge_hX3EWlxZfzgK wFJJSagnwbMM3Rn7H5R3y.VQRKFpLqGTgPcsOYFuZxQ4AqOhsmnaZNOBH5cGGFAHBq0aklX1_p5a SZpDsQXAgQ_xohlxBlf_QIzARWI1WKsW3asXWFCkLR6UV7YgnQ76i3y55wurUTp65lyIvsSPR.9C NNSLKtNVmb9MJil2lUV0LSU8NrSR6DQ4EajVm4rf819Vljz2U24PSDEHo8q156lfPnYbykBe.ulY RYIaGpsypP6.zm_NBr2upuY6BuGyJVArLV20eIBGzwyuR7tlDQDz95hlSVpqdpv60ONuI4ETMY1b LHh4MlTtkSiXQutyrzewX4CYN1A15AqIcwjVWuo2U0svOtVWAeCKnM2FMnoFx_wsqjpBWTOr_4zQ VaGO0mzaGqX4sMcGya7IAr3yLsgMywWu3ZHt.IATnZywyXPt4yVmm4hXWLj9hULLIkMPXE8UkXBA vd4FbtmJeZIm93rkmqNllYToghx4CYFsBYqdr4AqM3B6wKxordgG2QxXThrjX9w2RiCSq2Wpsq3z NhsYdOEpbbxH9XGyraTnxmnA2iN25ZN3v90Bn67QZo5v3wvlY9evqWUXIAGPDa2POdmZBg7hqOnd KYhI1oGW1lIhm.LrZxkAyY9hs2DXZMIR8tf99OG1gg353xCzysQZcox68_.cUgRUVfWnt_AIIq8U uC0VdCKlRRg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Mon, 30 Jul 2018 17:09:16 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp422.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID f45544e13dda58d85e2c41423e7e2758; Mon, 30 Jul 2018 17:09:12 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH] ustream-ssl: mbedtls: use chacha-poly ciphersuites Date: Mon, 30 Jul 2018 14:08:46 -0300 Message-Id: <20180730170846.30043-1-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.16.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180730_100929_040970_2CC2BCEE X-CRM114-Status: UNSURE ( 2.99 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [98.137.66.146 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [98.137.66.146 listed in wl.mailspike.net] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain These ciphersuites were added in mbedtls v2.12.0, our current version. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index 347c600..b7d7629 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len) static const int default_ciphersuites_server[] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_ECDSA), + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_RSA), AES_CIPHERS(RSA), 0 @@ -102,8 +104,11 @@ static const int default_ciphersuites_server[] = static const int default_ciphersuites_client[] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_ECDSA), + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_RSA), + MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(DHE_RSA), MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, AES_CIPHERS(RSA), -- 2.16.4 ]