diff options
| author |   daurnimator <quae@daurnimator.com>
| 2018-10-29 15:31:32 +1100 |
|---|---|---|
| committer | daurnimator <quae@daurnimator.com>
| 2018-10-29 15:43:39 +1100 |
| commit | 9228c0dea5feab7f71510e46e207e61c1188ec44 (patch) | |
| tree | 548260f48794ee015a756a0ef303e3fe92a501d3 | |
| parent | e8aadd0794de73a2a44988c6d2c763e201471930 (diff) | |
| download | luaossl-9228c0dea5feab7f71510e46e207e61c1188ec44.tar.gz luaossl-9228c0dea5feab7f71510e46e207e61c1188ec44.tar.bz2 luaossl-9228c0dea5feab7f71510e46e207e61c1188ec44.zip | |
src/openssl.c: Add new SSL options introduce in OpenSSL 1.1.1
| -rw-r--r-- | doc/luaossl.tex | 4 | ||||
| -rw-r--r-- | src/openssl.c | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 418dac5..c9e7141 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -868,6 +868,7 @@ name & \href{https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html}{descript \small{\texttt{OP\_SSLEAY\_080\_CLIENT\_DH\_BUG}} & $\ldots$ \\ \small{\texttt{OP\_TLS\_D5\_BUG}} & $\ldots$ \\ \small{\texttt{OP\_TLS\_BLOCK\_PADDING\_BUG}} & $\ldots$ \\ +\small{\texttt{OP\_ALLOW\_NO\_DHE\_KEX}} & Allow a non-(ec)dhe based kex_mode. \\ \small{\texttt{OP\_DONT\_INSERT\_EMPTY\_FRAGMENTS}} & Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. \\ \small{\texttt{OP\_NO\_QUERY\_MTU}} & $\ldots$ \\ \small{\texttt{OP\_COOKIE\_EXCHANGE}} & $\ldots$ \\ @@ -880,6 +881,9 @@ name & \href{https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html}{descript \small{\texttt{OP\_NO\_ENCRYPT\_THEN MAC}} & $\ldots$ \\ \small{\texttt{OP\_SINGLE\_DH\_USE}} & Always create a new key when using temporary/ephemeral DH parameters. \\ \small{\texttt{OP\_EPHEMERAL\_RSA}} & Always use ephemeral (temporary) RSA key when doing RSA operations. \\ +\small{\texttt{OP\_PRIORITIZE\_CHACHA}} & Prioritize ChaCha20Poly1305 on servers when client does. \\ +\small{\texttt{OP\_ENABLE\_MIDDLEBOX\_COMPAT}} & TLSv1.3 Compatibility mode. \\ +\small{\texttt{OP\_NO\_ANTI\_REPLAY}} & TLSv1.3 anti-replay protection for early data. \\ \small{\texttt{OP\_CIPHER\_SERVER\_PREFERENCE}} & When choosing a cipher, use the server's preferences instead of the client preferences. \\ \small{\texttt{OP\_TLS\_ROLLBACK\_BUG}} & Disable version rollback attack detection. \\ \small{\texttt{OP\_NO\_SSLv2}} & Do not use the SSLv2 protocol. \\ diff --git a/src/openssl.c b/src/openssl.c index 12211ea..8ecd57e 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -9136,6 +9136,9 @@ static const auxL_IntegerReg sx_option[] = { { "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG }, { "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG }, { "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG }, +#ifdef SSL_OP_ALLOW_NO_DHE_KEX + { "OP_ALLOW_NO_DHE_KEX", SSL_OP_ALLOW_NO_DHE_KEX }, +#endif { "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS }, { "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU }, { "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE }, @@ -9152,6 +9155,15 @@ static const auxL_IntegerReg sx_option[] = { #endif { "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE }, { "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA }, +#ifdef SSL_OP_PRIORITIZE_CHACHA + { "OP_PRIORITIZE_CHACHA", SSL_OP_PRIORITIZE_CHACHA }, +#endif +#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT + { "OP_ENABLE_MIDDLEBOX_COMPAT", SSL_OP_ENABLE_MIDDLEBOX_COMPAT }, +#endif +#ifdef SSL_OP_NO_ANTI_REPLAY + { "OP_NO_ANTI_REPLAY", SSL_OP_NO_ANTI_REPLAY }, +#endif { "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE }, { "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG }, { "OP_NO_SSLv2", SSL_OP_NO_SSLv2 }, |