8 years ago · 28476ee3c4
--- a/psiphon/common/tls/cipher_suites.go
+++ b/psiphon/common/tls/cipher_suites.go
@@ -102,19 +102,6 @@ var cipherSuites = []*cipherSuite{
 
				 	{TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil},
			
 
				 	{TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil},
			
 
				 	{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil},
			
 
				-
			
 
				-	// [Psiphon]
			
 
				-	// TLS_..._CHACHA20_POLY1305_OLD are required for EmulateChrome.
			
 
				-	{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, 32, 0, 12, ecdheRSAKA, suiteDefaultOff | suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
			
 
				-	{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, 32, 0, 12, ecdheECDSAKA, suiteDefaultOff | suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
			
 
				-}
			
 
				-
			
 
				-// [Psiphon]
			
 
				-// The following are not stock golang cipher suites and must be ignored
			
 
				-// when running automated tests against pre-recorded "testdata".
			
 
				-var ignoreCipherSuites = []uint16{
			
 
				-	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
			
 
				-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
			
 
				 }
			
 
				 
			
 
				 func cipherRC4(key, iv []byte, isRead bool) interface{} {
			
@@ -406,9 +393,4 @@ const (
 
				 	// that the client is doing version fallback. See
			
 
				 	// https://tools.ietf.org/html/rfc7507.
			
 
				 	TLS_FALLBACK_SCSV uint16 = 0x5600
			
 
				-
			
 
				-	// [Psiphon]
			
 
				-	// TLS_..._CHACHA20_POLY1305_OLD are required for EmulateChrome.
			
 
				-	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD   uint16 = 0xcc13
			
 
				-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD uint16 = 0xcc14
			
 
				 )
			
--- a/psiphon/common/tls/handshake_client.go
+++ b/psiphon/common/tls/handshake_client.go
@@ -194,12 +194,6 @@ NextCipherSuite:
 
				 			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			
 
				 			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
			
 
				 			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
			
 
				-
			
 
				-			// TODO: remove these soon
			
 
				-			// See: https://github.com/google/boringssl/commit/2e839244b078205ff677ada3fb83cf9d60ef055b
			
 
				-			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
			
 
				-			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
			
 
				-
			
 
				 			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
			
 
				 			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
			
 
				 			TLS_RSA_WITH_AES_128_GCM_SHA256,
			
--- a/psiphon/common/tls/handshake_server_test.go
+++ b/psiphon/common/tls/handshake_server_test.go
@@ -38,27 +38,9 @@ func (zeroSource) Read(b []byte) (n int, err error) {
 
				 var testConfig *Config
			
 
				 
			
 
				 func allCipherSuites() []uint16 {
			
 
				-
			
 
				-	// [Psiphon]
			
 
				-	// Ignore cipher suites added for EmulateChrome.
			
 
				-
			
 
				-	//ids := make([]uint16, len(cipherSuites))
			
 
				-	//for i, suite := range cipherSuites {
			
 
				-	//	ids[i] = suite.id
			
 
				-	//}
			
 
				-
			
 
				-	ids := make([]uint16, 0)
			
 
				-	for _, suite := range cipherSuites {
			
 
				-		ignore := false
			
 
				-		for _, ignoreSuiteID := range ignoreCipherSuites {
			
 
				-			if ignoreSuiteID == suite.id {
			
 
				-				ignore = true
			
 
				-				break
			
 
				-			}
			
 
				-		}
			
 
				-		if !ignore {
			
 
				-			ids = append(ids, suite.id)
			
 
				-		}
			
 
				+	ids := make([]uint16, len(cipherSuites))
			
 
				+	for i, suite := range cipherSuites {
			
 
				+		ids[i] = suite.id
			
 
				 	}
			
 
				 
			
 
				 	return ids