git.lizzy.rs Git - plan9front.git/commit

author	kemal <kemalinanc8@gmail.com>
	Fri, 18 Jun 2021 19:12:44 +0000 (19:12 +0000)
committer	kemal <kemalinanc8@gmail.com>
	Fri, 18 Jun 2021 19:12:44 +0000 (19:12 +0000)
commit	775a4bea4386c12067057de0e56dd8baa34f43ec
tree	93b3e64c59e94aec1e0a3eddef2ca5b7c3754b09	tree \| snapshot
parent	e7015971091d3fd46b73fc47d8a290961047b71d	commit \| diff

libsec: various changes to tls

1. add the curve x25519 to tls, both client and server.
it's more faster, immune to timing attacks by design,
does not require verifying if the public key is valid,
etc etc. server-side has to check if the client supports
the curve, so a new function has been introduced to parse
the client's extensions.

2. reject weak dhe primes that can be easily cracked with
the number field sieve algorithm. this avoids attacks like
logjam.

3. stop putting unix time to the first 4 bytes of client/
server random. it can allow fingerprinting, tls 1.3 doesn't
recommend it any more and there was a draft to deprecate
this behaviour earlier.[1]

4. simply prf code, remove useless cipher enums.

[1] https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime-00