Update enabled TLS ciphers

2024-12-28 02:21:21 +01:00 · 2024-12-28 02:21:21 +01:00 · 3bf652a432
commit 3bf652a432
parent 4c977fea77
1 changed files with 16 additions and 7 deletions
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@ -163,13 +163,22 @@ public final class Config {

    //only allow secure tls chipers now
    public static final String[] ENABLED_CIPHERS = {
-            "TLS_CHACHA20_POLY1305_SHA256",
-            "TLS_AES_256_GCM_SHA384",
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512",
-            "TLS_DHE_RSA_WITH_AES_256_GCM_SHA512",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+            //TLS 1.3
+			"TLS_AES_256_GCM_SHA384",
+			"TLS_CHACHA20_POLY1305_SHA256",
+			"TLS_AES_128_GCM_SHA256",
+            //post quantum key agreement with traditional encryption
+			"TLS_ECDHE_KYBER_WITH_CHACHA20_POLY1305_SHA256",
+            //pre shared key for resource constrained devices (e.g. Alexa, IoT)
+            // with post quantum encryption
+			"TLS_PSK_WITH_AES_128_GCM_SHA256",
+            //TLS 1.2 with traditional key agreement and encryption
+			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    };

    public static final String[] WEAK_CIPHER_PATTERNS = {