diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-12-10 13:02:21 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-12-10 13:04:39 -0500 |
commit | a360eafc8b7a18a2763d29210cf61c8f2eb698eb (patch) | |
tree | 43ba03267df840f2c78c685035f28e7bbed11aae /src/mod_nss.c | |
parent | 1d73fc23291827bfb5f888f2594ac5e299f76a4e (diff) | |
download | lighttpd-git-a360eafc8b7a18a2763d29210cf61c8f2eb698eb.tar.gz |
[mod_nss] portability fix
check if NSS supports TLSv1.3 ciphers
(very old versions do not, and admins should consider upgrading NSS)
Diffstat (limited to 'src/mod_nss.c')
-rw-r--r-- | src/mod_nss.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/mod_nss.c b/src/mod_nss.c index 9ee9a871..a01a5381 100644 --- a/src/mod_nss.c +++ b/src/mod_nss.c @@ -2995,12 +2995,14 @@ static const cipher_properties ciphers_def[] = {"dhe_rsa_chacha20_poly1305_sha_256", TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "DHE-RSA-CHACHA20-POLY1305", SSL_kDHE|SSL_aRSA|SSL_CHACHA20POLY1305|SSL_AEAD, TLSV1_2, SSL_HIGH, 256, 256, NULL}, //#endif //#ifdef NSS_SUPPORTS_TLS_1_3 + #ifdef TLS_AES_128_GCM_SHA256 /* Special TLS 1.3 cipher suites that really just specify AEAD * TLS 1.3 ciphers don't specify key exchange and authentication. */ {"aes_128_gcm_sha_256", TLS_AES_128_GCM_SHA256, "TLS-AES-128-GCM-SHA256", SSL_AES128GCM|SSL_AEAD, TLSV1_3, SSL_HIGH, 128, 128, NULL}, {"aes_256_gcm_sha_384", TLS_AES_256_GCM_SHA384, "TLS-AES-256-GCM-SHA384", SSL_AES256GCM|SSL_AEAD, TLSV1_3, SSL_HIGH, 256, 256, NULL}, {"chacha20_poly1305_sha_256", TLS_CHACHA20_POLY1305_SHA256, "TLS-CHACHA20-POLY1305_SHA256", SSL_CHACHA20POLY1305|SSL_AEAD, TLSV1_3, SSL_HIGH, 256, 256, NULL}, + #endif //#endif }; |