From 3bf652a4323b3d54e123737ddce5c5a475dbf339 Mon Sep 17 00:00:00 2001
From: Arne <arne@monocles.de>
Date: Sat, 28 Dec 2024 02:21:21 +0100
Subject: [PATCH] Update enabled TLS ciphers

---
 .../java/eu/siacs/conversations/Config.java   | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index 8762dc143..1fca62354 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -163,13 +163,22 @@ public final class Config {
 
     //only allow secure tls chipers now
     public static final String[] ENABLED_CIPHERS = {
-            "TLS_CHACHA20_POLY1305_SHA256",
-            "TLS_AES_256_GCM_SHA384",
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA512",
-            "TLS_DHE_RSA_WITH_AES_256_GCM_SHA512",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+            //TLS 1.3
+			"TLS_AES_256_GCM_SHA384",
+			"TLS_CHACHA20_POLY1305_SHA256",
+			"TLS_AES_128_GCM_SHA256",
+            //post quantum key agreement with traditional encryption
+			"TLS_ECDHE_KYBER_WITH_CHACHA20_POLY1305_SHA256",
+            //pre shared key for resource constrained devices (e.g. Alexa, IoT)
+            // with post quantum encryption
+			"TLS_PSK_WITH_AES_128_GCM_SHA256",
+            //TLS 1.2 with traditional key agreement and encryption
+			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
     };
 
     public static final String[] WEAK_CIPHER_PATTERNS = {