ref: d1916decd51b854462c892f47c961272aed53388
parent: b248b868f3152b48926b9c9257a6e1da952da507
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Wed Oct 28 13:09:22 EDT 2015
devtls: reject SHA2_256 mac for SSL, but TLS is fine sha256 is only defined for TLS1.2, however, technically, theres no reason not to use it in TLS1.0/TLS1.1. the choice is up to tlshand and pushtls, not the kernel.
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -1421,12 +1421,9 @@
static void
initsha2_256key(Hashalg *ha, int version, Secret *s, uchar *p)
{+ if(version == SSL3Version)
+ error("sha256 cannot be used with SSL");s->maclen = ha->maclen;
-
- /* only TLS 1.2 has SHA256. */
- if(version != TLS12Version)
- error("sha256 is TLS 1.2 only");-
s->mac = hmac_sha2_256;
memmove(s->mackey, p, ha->maclen);
}
--
⑨