Merge pull request #646 from zowe/zss-tls1.3

support for tls1.3
zowe · Oct 10, 2023 · dbfe158 · dbfe158
2 parents 1f18c24 + 021e750
commit dbfe158
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/c/zss.c b/c/zss.c
@@ -108,7 +108,15 @@ static int traceLevel = 0;
 
 #define JSON_ERROR_BUFFER_SIZE 1024
 
+#define DEFAULT_TLS_KEY_SHARES  \
+  TLS_SECP256R1                 \
+  TLS_SECP521R1                 \
+  TLS_X25519
+
 #define DEFAULT_TLS_CIPHERS               \
+  TLS_AES_256_GCM_SHA384                  \
+  TLS_AES_128_GCM_SHA256                  \
+  TLS_CHACHA20_POLY1305_SHA256            \
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     \
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384     \
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
@@ -1149,7 +1157,22 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh,
   }
   JsonObject *httpsConfigObject = jsonAsObject(httpsConfig);
   TlsSettings *settings = (TlsSettings*)SLHAlloc(slh, sizeof(*settings));
-  settings->ciphers = DEFAULT_TLS_CIPHERS;
+  char *ciphers = jsonObjectGetString(httpsConfigObject, "ciphers");
+  /* 
+   * Takes a string of ciphers. This isn't ideal, but any other methods are
+   * going to be fairly complicated.
+   *
+   * ciphers: 13021303003500380039002F00320033
+   */
+  settings->ciphers = ciphers ? ciphers : DEFAULT_TLS_CIPHERS;
+  /* 
+   * Takes a string of keyshares. This isn't ideal, but any other methods are
+   * going to be fairly complicated.
+   *
+   * keyshares: 002300250029
+   */
+  char *keyshares = jsonObjectGetString(httpsConfigObject, "keyshares");
+  settings->keyshares = keyshares ? keyshares : DEFAULT_TLS_KEY_SHARES;
   settings->keyring = jsonObjectGetString(httpsConfigObject, "keyring");
   settings->label = jsonObjectGetString(httpsConfigObject, "label");
   /*  settings->stash = jsonObjectGetString(httpsConfigObject, "stash"); - this is obsolete */

diff --git a/deps/zowe-common-c b/deps/zowe-common-c
diff --git a/schemas/zss-config.json b/schemas/zss-config.json
@@ -117,6 +117,14 @@
             "password": {
               "type": [ "string", "null" ],
               "description": "The password to the keyring"
+            },
+            "ciphers": {
+              "type": [ "string", "null" ],
+              "description": "The list of ciphers in order of priority"
+            },
+            "keyshares": {
+              "type": [ "string", "null" ],
+              "description": "The list of key shares in order of priority"
             }
           }
         },