wip: fix ciphersuites

rwf2 · Mar 26, 2024 · 6c7cfc8 · 6c7cfc8
1 parent eefeaba
commit 6c7cfc8
Showing 1 changed file with 17 additions and 11 deletions.
diff --git a/core/lib/src/tls/config.rs b/core/lib/src/tls/config.rs
@@ -3,6 +3,8 @@ use std::io;
 use figment::value::magic::{Either, RelativePathBuf};
 use serde::{Deserialize, Serialize};
 use indexmap::IndexSet;
+use crate::tls::util::default_crypto_provider;
+use rustls::CipherSuite as RustlsCipherSuite;
 
 /// TLS configuration: certificate chain, key, and ciphersuites.
 ///
@@ -477,27 +479,31 @@ impl CipherSuite {
 impl From<CipherSuite> for rustls::SupportedCipherSuite {
     fn from(cipher: CipherSuite) -> Self {
         use rustls::crypto::ring::cipher_suite;
+        let cipher_suites = default_crypto_provider().cipher_suites;
 
-        match cipher {
+        let cipher = match cipher {
             CipherSuite::TLS_CHACHA20_POLY1305_SHA256 =>
-                cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
+                RustlsCipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
             CipherSuite::TLS_AES_256_GCM_SHA384 =>
-                cipher_suite::TLS13_AES_256_GCM_SHA384,
+                RustlsCipherSuite::TLS13_AES_256_GCM_SHA384,
             CipherSuite::TLS_AES_128_GCM_SHA256 =>
-                cipher_suite::TLS13_AES_128_GCM_SHA256,
+                RustlsCipherSuite::TLS13_AES_128_GCM_SHA256,
             CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 =>
-                cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+                RustlsCipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
             CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =>
-                cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+                RustlsCipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
             CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 =>
-                cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+                RustlsCipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
             CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 =>
-                cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+                RustlsCipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
             CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 =>
-                cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+                RustlsCipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
             CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 =>
-                cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-        }
+                RustlsCipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+        };
+
+
+        cipher_suites.into_iter().find(|c| c.suite() == cipher).expect("Default crypto provider doesn't support Rocket cipher suites")
     }
 }