search

mozilla / ssl-config-generator

Mozilla SSL Configuration Generator
https://ssl-config.mozilla.org/
Mozilla Public License 2.0
357 stars 59 forks source link

Add TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher to intermediate configuration #204

Closed gene1wood closed 1 year ago

gene1wood commented 1 year ago

This adds the TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 / DHE-RSA-CHACHA20-POLY1305 cipher to the end of the intermediate cipher lists for openssl and iana.

You can see the specific cipher list change in b2a5a068fbfbe46007c16dd6528c7ada56bcf20f

See related PR https://github.com/mozilla/server-side-tls/pull/291

Fixes mozilla/server-side-tls#285

gene1wood commented 1 year ago

I checked this out and there is a versioned symlink in the src/static/guidelines directory that probably needs to be updated as well. Approval is conditional on fixing that up.

Good catch, thanks for pointing that out. Fixed in f842855f970e23ffeb030029d6cffc90ab953dc8

That's all I can see (you could update the changelog to point to this commit, but then that might not work out once this merges in).

Indeed, since we don't have versioned tags or releases in this repo (I figured that I didn't want to start versioning the entire repo just for the guideline) I figured I'd go in after and update the changelog to point to the right commit.

Long term, we may want to version the guideline outside of this repo so it can have tagged version, distinct from the version of the ssl-config-generator.