No objection here. Anyone else?
> On Aug 25, 2016, at 8:54 AM, Guenther Niess wrote:
>
> Hi,
>
> is there a reason why the Camellia cipher suits with SHA2 HMAC is not
> supported?
>
> I added them and tested the result with an Nginx server and the s_client
> command.
>
> I would like to have a look to support the Camellia GCM based cipher
> suites, but if there is a reason why libressl shouldn't support them, I
> would spend my time with something else.
>
> Best Regards,
> Guenther
>
>
>
> Index: lib/libssl/src/ssl/s3_lib.c
> ===
> RCS file: /cvs/src/lib/libssl/src/ssl/s3_lib.c,v
> retrieving revision 1.108
> diff -u -p -r1.108 s3_lib.c
> --- lib/libssl/src/ssl/s3_lib.c 28 Apr 2016 16:39:45 - 1.108
> +++ lib/libssl/src/ssl/s3_lib.c 25 Aug 2016 13:45:27 -
> @@ -1805,6 +1805,138 @@ SSL_CIPHER ssl3_ciphers[] = {
> .strength_bits = 256,
> .alg_bits = 256,
> },
> +
> +#ifndef OPENSSL_NO_CAMELLIA
> + /* TLS 1.2 ECDH Camellia based ciphersuites from RFC 6367 */
> +
> + /* Cipher C072 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aECDSA,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C073 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aECDSA,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher C074 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHe,
> + .algorithm_auth = SSL_aECDH,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C075 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHe,
> + .algorithm_auth = SSL_aECDH,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher C076 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aRSA,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C077 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aRSA,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher