Merge branch 'maint-0.2.9' into maint-0.3.1

1 files changed, 25 insertions, 3 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 1c47cf9882..71de59896a 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -566,13 +566,35 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
 
 /** List of ciphers that servers should select from when the client might be
  * claiming extra unsupported ciphers in order to avoid fingerprinting.  */
-#define SERVER_CIPHER_LIST                         \
-  (TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"           \
-   TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
+static const char SERVER_CIPHER_LIST[] =
+#ifdef  TLS1_3_TXT_AES_128_GCM_SHA256
+  /* This one can never actually get selected, since if the client lists it,
+   * we will assume that the client is honest, and not use this list.
+   * Nonetheless we list it if it's available, so that the server doesn't
+   * conclude that it has no valid ciphers if it's running with TLS1.3.
+   */
+  TLS1_3_TXT_AES_128_GCM_SHA256 ":"
+#endif
+  TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
+  TLS1_TXT_DHE_RSA_WITH_AES_128_SHA;
 
 /** List of ciphers that servers should select from when we actually have
  * our choice of what cipher to use. */
 static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
+  /* Here are the TLS 1.3 ciphers we like, in the order we prefer. */
+#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
+  TLS1_3_TXT_AES_256_GCM_SHA384 ":"
+#endif
+#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
+  TLS1_3_TXT_CHACHA20_POLY1305_SHA256 ":"
+#endif
+#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
+  TLS1_3_TXT_AES_128_GCM_SHA256 ":"
+#endif
+#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
+  TLS1_3_TXT_AES_128_CCM_SHA256 ":"
+#endif
+
   /* This list is autogenerated with the gen_server_ciphers.py script;
    * don't hand-edit it. */
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384