Support non-AEAD ciphersuites in DTLSv1.2 with GnuTLS

author David Woodhouse <dwmw2@infradead.org>

Tue, 15 Jun 2021 12:02:49 +0000 (13:02 +0100)

committer David Woodhouse <dwmw2@infradead.org>

Tue, 15 Jun 2021 12:10:05 +0000 (13:10 +0100)
author David Woodhouse <dwmw2@infradead.org>
Tue, 15 Jun 2021 12:02:49 +0000 (13:02 +0100)
committer David Woodhouse <dwmw2@infradead.org>
Tue, 15 Jun 2021 12:10:05 +0000 (13:10 +0100)
diff --git a/gnutls-dtls.c b/gnutls-dtls.c

index d36924bb09c7608806ebbcdcd51724a193c05008..0930c3cb20b322ea7df5a868f6ad749cc9799b6a 100644 (file)
--- a/gnutls-dtls.c
+++ b/gnutls-dtls.c
@@ -73,6 +73,14 @@ struct {
         { "OC2-DTLS1_2-CHACHA20-POLY1305", GNUTLS_DTLS1_2, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD,
           "NONE:+VERS-DTLS1.2:+COMP-NULL:+CHACHA20-POLY1305:+AEAD:+PSK:%COMPAT:+SIGN-ALL", "3.4.8" },
         /* Cisco X-DTLS12-CipherSuite: values */
+       { "DHE-RSA-AES128-SHA", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1,
+         "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-CBC:+SHA1:+DHE-RSA:%COMPAT", "3.0.0", 1 },
+       { "DHE-RSA-AES256-SHA", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1,
+         "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-CBC:+SHA1:+DHE-RSA:%COMPAT", "3.0.0", 1 },
+       { "AES128-SHA", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1,
+         "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT", "3.0.0", 1 },
+       { "AES256-SHA", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1,
+         "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-CBC:+SHA1:+RSA:%COMPAT", "3.0.0", 1 },
         { "ECDHE-RSA-AES256-GCM-SHA384", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD,
           "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+ECDHE-RSA:+SIGN-ALL:%COMPAT", "3.2.7", 1 },
         { "ECDHE-RSA-AES128-GCM-SHA256", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD,
diff --git a/www/changelog.xml b/www/changelog.xml

index 401cb5038c1ba5e5f1699ee36681b5ef54004a2b..e7d98e47d15cdbf83e129437cbe52771e18dd8b7 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -15,6 +15,7 @@
  <ul>
     <li><b>OpenConnect HEAD</b>
       <ul>
+       <li>Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (<a href="https://gitlab.com/openconnect/openconnect/-/issues/249">#249</a>)</li>
         <li>Make <tt>tncc-emulate.py</tt> work with Python 3.7+. (<a href="https://gitlab.com/openconnect/openconnect/-/issues/152">!152</a>, <a href="https://gitlab.com/openconnect/openconnect/merge_requests/120">!120</a>)</li>
         <li>Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 (<a href="https://gitlab.com/openconnect/openconnect/merge_requests/131">!131</a>)</li>
         <li>Support Juniper login forms containing both password and 2FA token (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/121">!121</a>)</li>
author	David Woodhouse <dwmw2@infradead.org>
	Tue, 15 Jun 2021 12:02:49 +0000 (13:02 +0100)
committer	David Woodhouse <dwmw2@infradead.org>
	Tue, 15 Jun 2021 12:10:05 +0000 (13:10 +0100)
gnutls-dtls.c		patch \| blob \| history
www/changelog.xml		patch \| blob \| history