diff options
| author | Adam Langley <agl@google.com> | 2015-05-13 13:49:45 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2015-05-13 17:18:30 -0700 |
| commit | fc104df40ab7812f749993809b873c139da3d959 (patch) | |
| tree | 73adf1f023afc3cfb5906beff85259eda23de64d /src/ssl/s3_lib.c | |
| parent | 22b306fd55863901f9d4de6c4193a365e31cbf5b (diff) | |
| download | external_boringssl-fc104df40ab7812f749993809b873c139da3d959.zip external_boringssl-fc104df40ab7812f749993809b873c139da3d959.tar.gz external_boringssl-fc104df40ab7812f749993809b873c139da3d959.tar.bz2 | |
external/boringssl: disable ChaCha20-Poly1305 cipher suites.
These cipher suites aren't IETF defined (and the IETF will define them
slightly differently when it finally does assign real code points to
them.) Since an Android system release endures for many years, this
change removes support for them so that we don't have to worry about
this temporary design for years to come.
(cherry picked from commit a070e0505bdc6059effdb77dba24c64f75957604)
Bug: 20950559
Change-Id: I97bc7f72b44cf908e8ce74d4b1ab0b3c2970ec3c
Diffstat (limited to 'src/ssl/s3_lib.c')
| -rw-r--r-- | src/ssl/s3_lib.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/ssl/s3_lib.c b/src/ssl/s3_lib.c index 674277f..13a4a19 100644 --- a/src/ssl/s3_lib.c +++ b/src/ssl/s3_lib.c @@ -452,6 +452,7 @@ const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#if !defined(ANDROID) { TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, @@ -475,6 +476,7 @@ const SSL_CIPHER ssl3_ciphers[] = { SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, 256, 0, }, +#endif }; const SSL3_ENC_METHOD SSLv3_enc_data = { |