Skip to content

Commit

Permalink
Create new KMS TLS Policy with TLSv1.2 Minimum (#4068)
Browse files Browse the repository at this point in the history
  • Loading branch information
alexw91 authored Jun 23, 2023
1 parent 491e7f8 commit e954ee5
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 0 deletions.
1 change: 1 addition & 0 deletions tests/unit/s2n_security_policies_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,7 @@ int main(int argc, char **argv)
"test_all_tls13",
"20190801",
"20190802",
"KMS-TLS-1-2-2023-06",
/* CloudFront viewer facing */
"CloudFront-SSL-v-3",
"CloudFront-TLS-1-0-2014",
Expand Down
9 changes: 9 additions & 0 deletions tls/s2n_security_policies.c
Original file line number Diff line number Diff line change
Expand Up @@ -385,6 +385,14 @@ const struct s2n_security_policy security_policy_kms_tls_1_0_2021_08 = {
.ecc_preferences = &s2n_ecc_preferences_20200310,
};

const struct s2n_security_policy security_policy_kms_tls_1_2_2023_06 = {
.minimum_protocol_version = S2N_TLS12,
.cipher_preferences = &cipher_preferences_kms_tls_1_0_2021_08,
.kem_preferences = &kem_preferences_null,
.signature_preferences = &s2n_signature_preferences_20200207,
.ecc_preferences = &s2n_ecc_preferences_20200310,
};

const struct s2n_security_policy security_policy_kms_pq_tls_1_0_2019_06 = {
.minimum_protocol_version = S2N_TLS10,
.cipher_preferences = &cipher_preferences_kms_pq_tls_1_0_2019_06,
Expand Down Expand Up @@ -873,6 +881,7 @@ struct s2n_security_policy_selection security_policy_selection[] = {
/* KMS TLS Policies*/
{ .version = "KMS-TLS-1-0-2018-10", .security_policy = &security_policy_kms_tls_1_0_2018_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
{ .version = "KMS-TLS-1-0-2021-08", .security_policy = &security_policy_kms_tls_1_0_2021_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
{ .version = "KMS-TLS-1-2-2023-06", .security_policy = &security_policy_kms_tls_1_2_2023_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
{ .version = "KMS-FIPS-TLS-1-2-2018-10", .security_policy = &security_policy_kms_fips_tls_1_2_2018_10, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
{ .version = "KMS-FIPS-TLS-1-2-2021-08", .security_policy = &security_policy_kms_fips_tls_1_2_2021_08, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
{ .version = "KMS-PQ-TLS-1-0-2019-06", .security_policy = &security_policy_kms_pq_tls_1_0_2019_06, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
Expand Down
1 change: 1 addition & 0 deletions tls/s2n_security_policies.h
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021;
extern const struct s2n_security_policy security_policy_cloudfront_tls_1_2_2021_chacha20_boosted;

extern const struct s2n_security_policy security_policy_kms_tls_1_0_2018_10;
extern const struct s2n_security_policy security_policy_kms_tls_1_2_2023_06;
extern const struct s2n_security_policy security_policy_kms_fips_tls_1_2_2018_10;

extern const struct s2n_security_policy security_policy_20190120;
Expand Down

0 comments on commit e954ee5

Please sign in to comment.