Question: How to add more cipher suites?
Porok12 opened this issue · 3 comments
Porok12 commented
Hello,
I would like to fork this project and add more cipher suites, let's say TLS_PSK_WITH_AES_128_CBC_SHA256
, what I should change/add (in conscript/boringSSL) to make it working?
I'm getting
org.conscrypt.ConscryptSuite > org.conscrypt.javax.net.ssl.SSLSocketVersionCompatibilityTest.test_SSLSocket_TlsUniqueLength[2: TLSv1.3 client, TLSv1.2 server] FAILED
java.lang.AssertionError: Cipher suite is TLS_PSK_WITH_AES_128_CBC_SHA256
at org.conscrypt.javax.net.ssl.SSLSocketVersionCompatibilityTest.test_SSLSocket_TlsUniqueLength(SSLSocketVersionCompatibilityTest.java:2077)
Caused by:
java.lang.RuntimeException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: connection closed
at org.conscrypt.javax.net.ssl.TestSSLSocketPair.connect(TestSSLSocketPair.java:126)
at org.conscrypt.javax.net.ssl.SSLSocketVersionCompatibilityTest.test_SSLSocket_TlsUniqueLength(SSLSocketVersionCompatibilityTest.java:2066)
Caused by:
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: connection closed
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:205)
at org.conscrypt.javax.net.ssl.TestSSLSocketPair.connect(TestSSLSocketPair.java:99)
... 1 more
Caused by:
javax.net.ssl.SSLHandshakeException: connection closed
at org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
at org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:232)
at org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:212)
at org.conscrypt.javax.net.ssl.TestSSLSocketPair$1.call(TestSSLSocketPair.java:79)
at org.conscrypt.javax.net.ssl.TestSSLSocketPair$1.call(TestSSLSocketPair.java:72)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by:
java.io.EOFException: connection closed
at org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:232)
... 7 more
I added to ssl_cipher.cc
{
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
"TLS_PSK_WITH_AES_128_CBC_SHA256",
TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
SSL_kPSK,
SSL_aPSK,
SSL_AES128,
SSL_AEAD,
SSL_HANDSHAKE_MAC_SHA256,
},
kruton commented
TLS-PSK was deprecated a long time ago and support for that negotiation was removed.
Porok12 commented
Thanks, but can I easily add it again in my fork project ?
Already there is support for TLS_PSK_WITH_AES_128_CBC_SHA
, so adding TLS_PSK_WITH_AES_128_CBC_SHA256
should be fairly easy right?
Perhaps I should modify ssl_cipher_get_evp_aead
somehow to handle SHA256.
Porok12 commented
It seems that this is possible