Secure the testing infrastructure

2025-05-25 06:42:27 +00:00 · 2021-08-07 13:22:35 -07:00 · 2021-08-07 13:22:35 -07:00 · 0cdba6878b
commit 0cdba6878b
parent 1f766a332f
15 changed files with 354 additions and 71 deletions
--- a/third_party/mbedtls/ssl_ciphersuites.c
+++ b/third_party/mbedtls/ssl_ciphersuites.c
@ -72,16 +72,20 @@ static const uint16_t ciphersuite_preference[] =
 #endif

 #ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+    /* TODO(jart): RFC8442 */
+    /* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384, */
+    /* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, */
+    /* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256, */
    MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
    MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
 #endif