diff options
| author | Eneas U de Queiroz <cote2004-github@yahoo.com> | 2018-08-01 10:59:13 -0300 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2019-06-24 16:29:27 +0200 |
| commit | 738e8d2489fc64f782affd1292388c66f6d69e82 (patch) | |
| tree | 81df70afcb9b13dee3888fce7e9913467d1ea2b5 | |
| parent | 23a3f2830341acd1db149175baf7315a33bd0edb (diff) | |
| download | ustream-ssl-738e8d2489fc64f782affd1292388c66f6d69e82.tar.gz | |
ustream-ssl: mbedtls: use chacha-poly ciphersuites
These ciphersuites were added in mbedtls v2.12.0,
so we may add them to the ustream-ssl ciphersuite list.
They were already part of the list for openssl and wolfssl.
Chacha20-Poly1305 is a 256-bit cipher with AEAD, much faster than AES on
CPUs without special AES instructions (the case for most embedded
chips).
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
| -rw-r--r-- | ustream-mbedtls.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index 347c600..b7d7629 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len) static const int default_ciphersuites_server[] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_ECDSA), + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_RSA), AES_CIPHERS(RSA), 0 @@ -102,8 +104,11 @@ static const int default_ciphersuites_server[] = static const int default_ciphersuites_client[] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_ECDSA), + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_RSA), + MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(DHE_RSA), MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, AES_CIPHERS(RSA), |