Commit dcc7b239 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

nghttpx: Remove cipher suite requirement

This makes the library h2-16 compatible now.
parent b9667fd2
...@@ -1370,8 +1370,10 @@ int Http2Session::on_connect() { ...@@ -1370,8 +1370,10 @@ int Http2Session::on_connect() {
return -1; return -1;
} }
if (!get_config()->downstream_no_tls && !ssl::check_http2_requirement(ssl_)) { auto must_terminate =
!get_config()->downstream_no_tls && !ssl::check_http2_requirement(ssl_);
if (must_terminate) {
rv = terminate_session(NGHTTP2_INADEQUATE_SECURITY); rv = terminate_session(NGHTTP2_INADEQUATE_SECURITY);
if (rv != 0) { if (rv != 0) {
...@@ -1384,8 +1386,7 @@ int Http2Session::on_connect() { ...@@ -1384,8 +1386,7 @@ int Http2Session::on_connect() {
return -1; return -1;
} }
if (!get_config()->downstream_no_tls && !ssl::check_http2_requirement(ssl_)) { if (must_terminate) {
return 0; return 0;
} }
......
...@@ -874,40 +874,6 @@ bool in_proto_list(const std::vector<char *> &protos, ...@@ -874,40 +874,6 @@ bool in_proto_list(const std::vector<char *> &protos,
return false; return false;
} }
// This enum was generated by mkcipherlist.py
enum {
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009Eu,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009Fu,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2u,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3u,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AAu,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00ABu,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02Bu,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02Cu,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02Fu,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030u,
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052u,
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053u,
TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056u,
TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057u,
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05Cu,
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05Du,
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060u,
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061u,
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06Cu,
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06Du,
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07Cu,
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07Du,
TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080u,
TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081u,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086u,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087u,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08Au,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08Bu,
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090u,
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091u,
};
bool check_http2_requirement(SSL *ssl) { bool check_http2_requirement(SSL *ssl) {
auto tls_ver = SSL_version(ssl); auto tls_ver = SSL_version(ssl);
...@@ -922,47 +888,6 @@ bool check_http2_requirement(SSL *ssl) { ...@@ -922,47 +888,6 @@ bool check_http2_requirement(SSL *ssl) {
return false; return false;
} }
auto cipher = SSL_get_current_cipher(ssl);
switch (SSL_CIPHER_get_id(cipher) & 0xffffu) {
// This case labels were generated by mkcipherlist.py
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384:
case TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256:
case TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384:
case TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256:
case TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384:
case TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:
case TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256:
case TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384:
case TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
case TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
case TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
case TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
case TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
break;
default:
return false;
}
// TODO Check number of bits
return true; return true;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment