nss: allow to specify TLS 1.3 ciphers if supported by NSS

Closes #3916
author: Hubert Kario <hkario@redhat.com> 2019-05-17 17:15:24 +0000
committer: Kamil Dudka <kdudka@redhat.com> 2019-05-27 09:04:09 +0200
commit: 319ae9075efba769c9d5e98e827bb325ad0fcb6f (patch)
tree: f530ee16976ae911133867f3e07410b6c27c54d9
parent: b3173cfa2bf5f34a3fcc5c30d9cf29eda670e789 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 0b7ccebf9..5c0fffea9 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -269,6 +269,12 @@ When specifying multiple cipher names, separate them with colon (`:`).
 `ecdhe_ecdsa_chacha20_poly1305_sha_256`
 `dhe_rsa_chacha20_poly1305_sha_256`
 
+### TLS 1.3 cipher suites
+
+`aes_128_gcm_sha_256`
+`aes_256_gcm_sha_384`
+`chacha20_poly1305_sha_256`
+
 ## GSKit
 
 Ciphers are internally defined as
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 491def106..3125f0b70 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -216,6 +216,11 @@ static const cipher_s cipherlist[] = {
  {"dhe_rsa_chacha20_poly1305_sha_256",
      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
 #endif
+#ifdef TLS_AES_256_GCM_SHA384
+ {"aes_128_gcm_sha_256",              TLS_AES_128_GCM_SHA256},
+ {"aes_256_gcm_sha_384",              TLS_AES_256_GCM_SHA384},
+ {"chacha20_poly1305_sha_256",        TLS_CHACHA20_POLY1305_SHA256},
+#endif
 };
 
 #ifdef WIN32
author	Hubert Kario <hkario@redhat.com>	2019-05-17 17:15:24 +0000
committer	Kamil Dudka <kdudka@redhat.com>	2019-05-27 09:04:09 +0200
commit	319ae9075efba769c9d5e98e827bb325ad0fcb6f (patch)
tree	f530ee16976ae911133867f3e07410b6c27c54d9
parent	b3173cfa2bf5f34a3fcc5c30d9cf29eda670e789 (diff)