1. Home

Limited Cipher Suites

You are reading a single comment by @akot and its replies. Click here to read the full conversation.

  • Hello @Robin, thanks for your response.
    I've spent some time researching the source code and found this file:
    https://github.com/espruino/Espruino/blob/master/libs/crypto/mbedtls/library/ssl_ciphersuites.c
    where ciphersuite_definitions array is being filled out depending on defined macros. In https://github.com/espruino/Espruino/blob/master/libs/crypto/mbedtls/config.h there's a MBEDTLS_CIPHER_MODE_CBC macro defined, which adds mentioned above Cipher Suites to ciphersuite_definitions . I've added macros MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED, MBEDTLS_DHM_C, MBEDTLS_GCM_C, and also added two lines:
    libs/crypto/mbedtls/library/dhm.c \
    libs/crypto/mbedtls/library/gcm.c
    in https://github.com/espruino/Espruino/blob/master/make/crypto/default.make

    Now that's what I see at ClientHello:

            Cipher Suites (13 suites)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

    and web-sites that require DHE RSA work.

About

Avatar for akot @akot started

About Terms of Use Privacy Policy Cookie Policy Report a problem