Merge pull request #430 from h2o/kazuho/tls12-cipher-name
[tls12] drop support for cipher-suites that are rarely used
diff --git a/include/picotls.h b/include/picotls.h
index df3e65c..aac817b 100644
--- a/include/picotls.h
+++ b/include/picotls.h
@@ -117,16 +117,8 @@
#define PTLS_CIPHER_SUITE_NAME_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
/* TLS/1.2 cipher-suites that we support (for compatibility, OpenSSL names are used) */
-#define PTLS_CIPHER_SUITE_RSA_WITH_AES_128_GCM_SHA256 0x009c
-#define PTLS_CIPHER_SUITE_NAME_RSA_WITH_AES_128_GCM_SHA256 "RSA-AES128-GCM-SHA256"
-#define PTLS_CIPHER_SUITE_RSA_WITH_AES_256_GCM_SHA384 0x009d
-#define PTLS_CIPHER_SUITE_NAME_RSA_WITH_AES_256_GCM_SHA384 "RSA-AES256-GCM-SHA384"
-#define PTLS_CIPHER_SUITE_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009e
-#define PTLS_CIPHER_SUITE_NAME_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
-#define PTLS_CIPHER_SUITE_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009f
-#define PTLS_CIPHER_SUITE_NAME_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
#define PTLS_CIPHER_SUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xc02b
-#define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES256-GCM-SHA384"
+#define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
#define PTLS_CIPHER_SUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xc02c
#define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
#define PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f
@@ -137,8 +129,6 @@
#define PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-RSA-CHACHA20-POLY1305"
#define PTLS_CIPHER_SUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xcca9
#define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-ECDSA-CHACHA20-POLY1305"
-#define PTLS_CIPHER_SUITE_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xccaa
-#define PTLS_CIPHER_SUITE_NAME_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 "DHE-RSA-CHACHA20-POLY1305"
/* negotiated_groups */
#define PTLS_GROUP_SECP256R1 23
diff --git a/include/picotls/openssl.h b/include/picotls/openssl.h
index 2617108..8ecbcc3 100644
--- a/include/picotls/openssl.h
+++ b/include/picotls/openssl.h
@@ -83,16 +83,11 @@
extern ptls_cipher_suite_t ptls_openssl_chacha20poly1305sha256;
#endif
-extern ptls_cipher_suite_t ptls_openssl_tls12_rsa_aes128gcmsha256;
-extern ptls_cipher_suite_t ptls_openssl_tls12_dhe_rsa_aes128gcmsha256;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_ecdsa_aes128gcmsha256;
-extern ptls_cipher_suite_t ptls_openssl_tls12_rsa_aes256gcmsha384;
-extern ptls_cipher_suite_t ptls_openssl_tls12_dhe_rsa_aes256gcmsha384;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_aes256gcmsha384;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_ecdsa_aes256gcmsha384;
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
-extern ptls_cipher_suite_t ptls_openssl_tls12_dhe_rsa_chacha20poly1305sha256;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_chacha20poly1305sha256;
extern ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_ecdsa_chacha20poly1305sha256;
#endif
diff --git a/lib/openssl.c b/lib/openssl.c
index 8b23903..d2e2552 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c
@@ -1788,14 +1788,6 @@
.name = PTLS_CIPHER_SUITE_NAME_AES_128_GCM_SHA256,
.aead = &ptls_openssl_aes128gcm,
.hash = &ptls_openssl_sha256};
-ptls_cipher_suite_t ptls_openssl_tls12_rsa_aes128gcmsha256 = {.id = PTLS_CIPHER_SUITE_RSA_WITH_AES_128_GCM_SHA256,
- .name = PTLS_CIPHER_SUITE_NAME_RSA_WITH_AES_128_GCM_SHA256,
- .aead = &ptls_openssl_aes128gcm,
- .hash = &ptls_openssl_sha256};
-ptls_cipher_suite_t ptls_openssl_tls12_dhe_rsa_aes128gcmsha256 = {.id = PTLS_CIPHER_SUITE_DHE_RSA_WITH_AES_128_GCM_SHA256,
- .name = PTLS_CIPHER_SUITE_NAME_DHE_RSA_WITH_AES_128_GCM_SHA256,
- .aead = &ptls_openssl_aes128gcm,
- .hash = &ptls_openssl_sha256};
ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256 = {.id = PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
.name =
PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -1810,14 +1802,6 @@
.name = PTLS_CIPHER_SUITE_NAME_AES_256_GCM_SHA384,
.aead = &ptls_openssl_aes256gcm,
.hash = &ptls_openssl_sha384};
-ptls_cipher_suite_t ptls_openssl_tls12_rsa_aes256gcmsha384 = {.id = PTLS_CIPHER_SUITE_RSA_WITH_AES_256_GCM_SHA384,
- .name = PTLS_CIPHER_SUITE_NAME_RSA_WITH_AES_256_GCM_SHA384,
- .aead = &ptls_openssl_aes256gcm,
- .hash = &ptls_openssl_sha384};
-ptls_cipher_suite_t ptls_openssl_tls12_dhe_rsa_aes256gcmsha384 = {.id = PTLS_CIPHER_SUITE_DHE_RSA_WITH_AES_256_GCM_SHA384,
- .name = PTLS_CIPHER_SUITE_NAME_DHE_RSA_WITH_AES_256_GCM_SHA384,
- .aead = &ptls_openssl_aes256gcm,
- .hash = &ptls_openssl_sha384};
ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_aes256gcmsha384 = {.id = PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
.name =
PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
@@ -1849,11 +1833,6 @@
.name = PTLS_CIPHER_SUITE_NAME_CHACHA20_POLY1305_SHA256,
.aead = &ptls_openssl_chacha20poly1305,
.hash = &ptls_openssl_sha256};
-ptls_cipher_suite_t ptls_openssl_tls12_dhe_rsa_chacha20poly1305sha256 = {
- .id = PTLS_CIPHER_SUITE_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- .name = PTLS_CIPHER_SUITE_NAME_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- .aead = &ptls_openssl_chacha20poly1305,
- .hash = &ptls_openssl_sha256};
ptls_cipher_suite_t ptls_openssl_tls12_ecdhe_rsa_chacha20poly1305sha256 = {
.id = PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
.name = PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -1871,16 +1850,11 @@
#endif
NULL};
-ptls_cipher_suite_t *ptls_openssl_tls12_cipher_suites[] = {&ptls_openssl_tls12_rsa_aes128gcmsha256,
- &ptls_openssl_tls12_dhe_rsa_aes128gcmsha256,
- &ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256,
+ptls_cipher_suite_t *ptls_openssl_tls12_cipher_suites[] = {&ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256,
&ptls_openssl_tls12_ecdhe_ecdsa_aes128gcmsha256,
- &ptls_openssl_tls12_rsa_aes256gcmsha384,
- &ptls_openssl_tls12_dhe_rsa_aes256gcmsha384,
&ptls_openssl_tls12_ecdhe_rsa_aes256gcmsha384,
&ptls_openssl_tls12_ecdhe_ecdsa_aes256gcmsha384,
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
- &ptls_openssl_tls12_dhe_rsa_chacha20poly1305sha256,
&ptls_openssl_tls12_ecdhe_rsa_chacha20poly1305sha256,
&ptls_openssl_tls12_ecdhe_ecdsa_chacha20poly1305sha256,
#endif