TLS: Add new cipher suites to tls_get_cipher()

This fixes EAP-FAST server side issues for anonymous provisioning when using the internal TLS implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-09 12:31:08 +02:00 · 2014-12-09 12:31:08 +02:00 · c1f5bcb96f
commit c1f5bcb96f
parent c25addb156
2 changed files with 83 additions and 8 deletions
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@ -570,8 +570,26 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
 	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DES-CBC3-SHA";
 		break;
-	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+	case TLS_DHE_RSA_WITH_DES_CBC_SHA:
-		cipher = "ADH-AES-128-SHA256";
+		cipher = "DHE-RSA-DES-CBC-SHA";
 		break;
 	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DHE-RSA-DES-CBC3-SHA";
 		break;
 	case TLS_DH_anon_WITH_RC4_128_MD5:
 		cipher = "ADH-RC4-MD5";
 		break;
 	case TLS_DH_anon_WITH_DES_CBC_SHA:
 		cipher = "ADH-DES-SHA";
 		break;
 	case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
 		cipher = "ADH-DES-CBC3-SHA";
 		break;
 	case TLS_RSA_WITH_AES_128_CBC_SHA:
 		cipher = "AES-128-SHA";
 		break;
 	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
 		cipher = "DHE-RSA-AES-128-SHA";
 		break;
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
 		cipher = "ADH-AES-128-SHA";
@ -579,15 +597,30 @@ int tlsv1_client_get_cipher(struct tlsv1_client *conn, char *buf,
 	case TLS_RSA_WITH_AES_256_CBC_SHA:
 		cipher = "AES-256-SHA";
 		break;
-	case TLS_RSA_WITH_AES_256_CBC_SHA256:
+	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-		cipher = "AES-256-SHA256";
+		cipher = "DHE-RSA-AES-256-SHA";
 		break;
-	case TLS_RSA_WITH_AES_128_CBC_SHA:
+	case TLS_DH_anon_WITH_AES_256_CBC_SHA:
-		cipher = "AES-128-SHA";
+		cipher = "ADH-AES-256-SHA";
 		break;
 	case TLS_RSA_WITH_AES_128_CBC_SHA256:
 		cipher = "AES-128-SHA256";
 		break;
 	case TLS_RSA_WITH_AES_256_CBC_SHA256:
 		cipher = "AES-256-SHA256";
 		break;
 	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
 		cipher = "DHE-RSA-AES-128-SHA256";
 		break;
 	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
 		cipher = "DHE-RSA-AES-256-SHA256";
 		break;
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
 		cipher = "ADH-AES-128-SHA256";
 		break;
 	case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
 		cipher = "ADH-AES-256-SHA256";
 		break;
 	default:
 		return -1;
 	}
--- a/src/tls/tlsv1_server.c
+++ b/src/tls/tlsv1_server.c
@ -516,14 +516,56 @@ int tlsv1_server_get_cipher(struct tlsv1_server *conn, char *buf,
 	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DES-CBC3-SHA";
 		break;
 	case TLS_DHE_RSA_WITH_DES_CBC_SHA:
 		cipher = "DHE-RSA-DES-CBC-SHA";
 		break;
 	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
 		cipher = "DHE-RSA-DES-CBC3-SHA";
 		break;
 	case TLS_DH_anon_WITH_RC4_128_MD5:
 		cipher = "ADH-RC4-MD5";
 		break;
 	case TLS_DH_anon_WITH_DES_CBC_SHA:
 		cipher = "ADH-DES-SHA";
 		break;
 	case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
 		cipher = "ADH-DES-CBC3-SHA";
 		break;
 	case TLS_RSA_WITH_AES_128_CBC_SHA:
 		cipher = "AES-128-SHA";
 		break;
 	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
 		cipher = "DHE-RSA-AES-128-SHA";
 		break;
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA:
 		cipher = "ADH-AES-128-SHA";
 		break;
 	case TLS_RSA_WITH_AES_256_CBC_SHA:
 		cipher = "AES-256-SHA";
 		break;
-	case TLS_RSA_WITH_AES_128_CBC_SHA:
+	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
-		cipher = "AES-128-SHA";
+		cipher = "DHE-RSA-AES-256-SHA";
 		break;
 	case TLS_DH_anon_WITH_AES_256_CBC_SHA:
 		cipher = "ADH-AES-256-SHA";
 		break;
 	case TLS_RSA_WITH_AES_128_CBC_SHA256:
 		cipher = "AES-128-SHA256";
 		break;
 	case TLS_RSA_WITH_AES_256_CBC_SHA256:
 		cipher = "AES-256-SHA256";
 		break;
 	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
 		cipher = "DHE-RSA-AES-128-SHA256";
 		break;
 	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
 		cipher = "DHE-RSA-AES-256-SHA256";
 		break;
 	case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
 		cipher = "ADH-AES-128-SHA256";
 		break;
 	case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
 		cipher = "ADH-AES-256-SHA256";
 		break;
 	default:
 		return -1;