summaryrefslogtreecommitdiffstats
path: root/src/ssl
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-15 13:51:03 -0700
committerKenny Root <kroot@google.com>2015-06-15 22:46:55 +0000
commita4be71cee108bfed76ddb37552b7e48945d91b49 (patch)
tree4269df94919637220a2cf4bcb612c5266ac5f95b /src/ssl
parentcfb958c9a3369d555e4515a6277be43185af4445 (diff)
downloadexternal_boringssl-a4be71cee108bfed76ddb37552b7e48945d91b49.zip
external_boringssl-a4be71cee108bfed76ddb37552b7e48945d91b49.tar.gz
external_boringssl-a4be71cee108bfed76ddb37552b7e48945d91b49.tar.bz2
Drop ECDHE-PSK-AES-128-GCM.
This is the best PSK cipher suite, but it's non-standard and nobody is using it. Trivial to bring back in the future if we have need of it. (Note that this is a no-op in Android because Android had already disabled this cipher suite.) (This is a cherry-pick of BoringSSL's 1feb42a2.) Bug: 21522548 Change-Id: I2a051724500341053595f59e755349544da63ce5
Diffstat (limited to 'src/ssl')
-rw-r--r--src/ssl/ssl_cipher.c13
-rw-r--r--src/ssl/ssl_test.cc2
-rw-r--r--src/ssl/test/runner/runner.go1
3 files changed, 0 insertions, 16 deletions
diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c
index 5e617b1..2f1548a 100644
--- a/src/ssl/ssl_cipher.c
+++ b/src/ssl/ssl_cipher.c
@@ -429,20 +429,7 @@ const SSL_CIPHER kCiphers[] = {
256, 256,
},
-
#if !defined(ANDROID)
- /* ECDH PSK ciphersuites */
-
- /* Cipher CAFE */
- {
- TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK,
- SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 |
- SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
- 128, 128,
- },
-
{
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index b29d28c..decf893 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -507,8 +507,6 @@ static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
{ TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
- { TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
- "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" },
};
static bool TestCipherGetRFCName(void) {
diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index bd03cb1..f60d8ba 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go
@@ -1615,7 +1615,6 @@ var testCipherSuites = []struct {
{"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
{"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
{"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
- {"ECDHE-PSK-AES128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
{"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
{"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
{"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},