Ephemeral ciphers in false start list

Summary: Only include ephemeral ciphers in false start list. Reviewed By: @mzlee Differential Revision: D2429447 fb-gh-sync-id: 430d287a93249ff72b9ebe7db3bc283bb0712600

Ephemeral ciphers in false start list
Summary: Only include ephemeral ciphers in false start list. Reviewed By: @mzlee Differential Revision: D2429447 fb-gh-sync-id: 430d287a93249ff72b9ebe7db3bc283bb0712600
ae574fb9 · Subodh Iyengar · facebook-github-bot-9 · 1c60d757 · ae574fb9
Commit ae574fb9 authored Oct 14, 2015 by Subodh Iyengar Committed by facebook-github-bot-9 Oct 14, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 30 deletions

folly/io/async/SSLContext.cpp folly/io/async/SSLContext.cpp +0 -30

No files found.
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -415,46 +415,21 @@ int SSLContext::advertisedNextProtocolCallback(SSL* ssl,
 #if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH) && \
  FOLLY_SSLCONTEXT_USE_TLS_FALSE_START
 SSLContext::SSLFalseStartChecker::SSLFalseStartChecker() :
-  /**
-   * The list was generated as follows:
-   * grep "_CK_" openssl-1.0.1e/ssl/s3_lib.c -A 4 |
-   * while read A && read B && read C && read D && read E && read F; do
-   * echo $A $B $C $D $E; done |
-   * grep "\(SSL_kDHr\|SSL_kDHd\|SSL_kEDH\|SSL_kECDHr\|
-   *         SSL_kECDHe\|SSL_kEECDH\)" | grep -v SSL_aNULL | grep SSL_AES |
-   * awk -F, '{ print $1"," }'
-   */
  ciphers_{
-    TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-    TLS1_CK_DH_RSA_WITH_AES_128_SHA,
    TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
    TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-    TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-    TLS1_CK_DH_RSA_WITH_AES_256_SHA,
    TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
    TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-    TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-    TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
    TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
    TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-    TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-    TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
    TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
    TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
    TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-    TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
-    TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
    TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
    TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
-    TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-    TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-    TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
@@ -463,15 +438,10 @@ SSLContext::SSLFalseStartChecker::SSLFalseStartChecker() :
    TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
    TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
    TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-    TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-    TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-    TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
    TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-    TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
  } {
  length_ = sizeof(ciphers_)/sizeof(ciphers_[0]);
  width_ = sizeof(ciphers_[0]);