nss: allow to enable/disable new HMAC-SHA256 cipher-suites

... if built against a new enough version of NSS
author: Kamil Dudka <kdudka@redhat.com> 2014-03-07 13:10:54 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2014-03-15 13:07:55 +0100
commit: c864d81289297b04dbbca14e3c5307ef15e6f258 (patch)
tree: be1b06b17e9044aab2890f79417f667cc1fc7f31
parent: b4f6cd46eb1b5a98573e0c0e619dc71646affdc8 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index e22b09841..119a910fe 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -155,6 +155,16 @@ static const cipher_s cipherlist[] = {
   {"ecdh_anon_3des_sha",         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
   {"ecdh_anon_aes_128_sha",      TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
   {"ecdh_anon_aes_256_sha",      TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
+#ifdef TLS_RSA_WITH_NULL_SHA256
+  /* new HMAC-SHA256 cipher suites specified in RFC */
+  {"rsa_null_sha_256",                TLS_RSA_WITH_NULL_SHA256},
+  {"rsa_aes_128_cbc_sha_256",         TLS_RSA_WITH_AES_128_CBC_SHA256},
+  {"rsa_aes_256_cbc_sha_256",         TLS_RSA_WITH_AES_256_CBC_SHA256},
+  {"dhe_rsa_aes_128_cbc_sha_256",     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
+  {"dhe_rsa_aes_256_cbc_sha_256",     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
+  {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
+  {"ecdhe_rsa_aes_128_cbc_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
+#endif
 };
 
 static const char* pem_library = "libnsspem.so";
author	Kamil Dudka <kdudka@redhat.com>	2014-03-07 13:10:54 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2014-03-15 13:07:55 +0100
commit	c864d81289297b04dbbca14e3c5307ef15e6f258 (patch)
tree	be1b06b17e9044aab2890f79417f667cc1fc7f31
parent	b4f6cd46eb1b5a98573e0c0e619dc71646affdc8 (diff)