Limited Cipher Suites

You are reading a single comment by @akot and its replies. Click here to read the full conversation.

•

akot

Hello @Robin, thanks for your response.
I've spent some time researching the source code and found this file:
https://github.com/espruino/Espruino/blob/master/libs/crypto/mbedtls/library/ssl_ciphersuites.c
where ciphersuite_definitions array is being filled out depending on defined macros. In https://github.com/espruino/Espruino/blob/master/libs/crypto/mbedtls/config.h there's a MBEDTLS_CIPHER_MODE_CBC macro defined, which adds mentioned above Cipher Suites to ciphersuite_definitions . I've added macros MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED, MBEDTLS_DHM_C, MBEDTLS_GCM_C, and also added two lines:
libs/crypto/mbedtls/library/dhm.c \
libs/crypto/mbedtls/library/gcm.c
in https://github.com/espruino/Espruino/blob/master/make/crypto/default.make

Now that's what I see at ClientHello:

        Cipher Suites (13 suites)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

and web-sites that require DHE RSA work.

Limited Cipher Suites

About

Espruino