HomeFreeBSD

ktls: Reject attempts to enable AES-CBC with TLS 1.3.

Description

ktls: Reject attempts to enable AES-CBC with TLS 1.3.

AES-CBC cipher suites are not supported in TLS 1.3.

Reported by: syzbot+ab501c50033ec01d53c6@syzkaller.appspotmail.com
Reviewed by: tuexen, markj
Differential Revision: https://reviews.freebsd.org/D32404

(cherry picked from commit a63752cce6462d08bbec08cad931d70dec2f5b4c)

Details

Provenance
jhbAuthored on Oct 13 2021, 7:12 PM
Reviewer
tuexen
Differential Revision
D32404: ktls: Reject attempts to enable AES-CBC with TLS 1.3.
Parents
rG412a8b92d9c0: Further refine the ExpDataSN checks for SCSI Response PDUs.
Branches
Unknown
Tags
Unknown