You are reading a single comment by @akot and its replies. Click here to read the full conversation.
  • Hello @Robin, thanks for your response.
    I've spent some time researching the source code and found this file:­b/master/libs/crypto/mbedtls/library/ssl­_ciphersuites.c
    where ciphersuite_definitions array is being filled out depending on defined macros. In­b/master/libs/crypto/mbedtls/config.h there's a MBEDTLS_CIPHER_MODE_CBC macro defined, which adds mentioned above Cipher Suites to ciphersuite_definitions . I've added macros MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED, MBEDTLS_DHM_C, MBEDTLS_GCM_C, and also added two lines:
    libs/crypto/mbedtls/library/dhm.c \

    Now that's what I see at ClientHello:

            Cipher Suites (13 suites)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

    and web-sites that require DHE RSA work.


Avatar for akot @akot started