Open lstwn opened 1 year ago
@lstwn hello, did you find a way to change the cipher suite? I too need it to use tls 1.3!
Unfortunately, no, I gave up after a while..
Unfortunately this is not possible for the given cipher or TLS 1.3 in general, as the underlying C library, BoringSSL, does not implement this functionality. Citing from its documentation:
"TLS 1.3 ciphers do not participate in this mechanism and instead have a built-in preference order. Functions to set cipher lists do not affect TLS 1.3, and functions to query the cipher list do not include TLS 1.3 ciphers."
For a university project I need to configure TLS to only use the
TLS_CHACHA20_POLY1305_SHA256
cipher suite. I've seen that I can provide a custom BoringSSL Context when initializing the quiche config by usingquiche::Config::with_boring_ssl_ctx(version, ssl_ctx)
.However, I'm not even really sure if this is the right approach to restrict TLS to a concrete cipher suite or a set of cipher suites. If it was, could you provide me an example how to create such a custom BoringSSL context? I could not figure that out by going through the docs of the Boring SSL crate, unfortunately.
I appreciate any pointers and help! Thanks in advance :)