moved default tls1.3 ciphersuite preferences to internal header

aws · Jan 9, 2025 · ff11f99 · ff11f99
1 parent 6707995
commit ff11f99
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
@@ -1698,18 +1698,6 @@ OPENSSL_EXPORT size_t SSL_get_all_standard_cipher_names(const char **out,
 // substituted when a cipher string starts with 'DEFAULT'.
 #define SSL_DEFAULT_CIPHER_LIST "ALL"
 
-// TLS13_DEFAULT_CIPHER_LIST_AES_HW is the default TLS 1.3 cipher suite
-// configuration when AES hardware acceleration is enabled.
-#define TLS13_DEFAULT_CIPHER_LIST_AES_HW "TLS_AES_128_GCM_SHA256:" \
-                                          "TLS_AES_256_GCM_SHA384:" \
-                                          "TLS_CHACHA20_POLY1305_SHA256"
-
-// TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW is the default TLS 1.3 cipher suite
-// configuration when no AES hardware acceleration is enabled.
-#define TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW "TLS_CHACHA20_POLY1305_SHA256:" \
-                                            "TLS_AES_128_GCM_SHA256:" \
-                                            "TLS_AES_256_GCM_SHA384"
-
 // SSL_CTX_set_strict_cipher_list configures the cipher list for |ctx|,
 // evaluating |str| as a cipher string and returning error if |str| contains
 // anything meaningless. It returns one on success and zero on failure.

diff --git a/ssl/internal.h b/ssl/internal.h
@@ -3724,6 +3724,18 @@ struct ssl_method_st {
   const bssl::SSL_X509_METHOD *x509_method;
 };
 
+// TLS13_DEFAULT_CIPHER_LIST_AES_HW is the default TLS 1.3 cipher suite
+// configuration when AES hardware acceleration is enabled.
+#define TLS13_DEFAULT_CIPHER_LIST_AES_HW "TLS_AES_128_GCM_SHA256:" \
+                                         "TLS_AES_256_GCM_SHA384:" \
+                                         "TLS_CHACHA20_POLY1305_SHA256"
+
+// TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW is the default TLS 1.3 cipher suite
+// configuration when no AES hardware acceleration is enabled.
+#define TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW "TLS_CHACHA20_POLY1305_SHA256:" \
+                                            "TLS_AES_128_GCM_SHA256:" \
+                                            "TLS_AES_256_GCM_SHA384"
+
 #define MIN_SAFE_FRAGMENT_SIZE 512
 struct ssl_ctx_st : public bssl::RefCounted<ssl_ctx_st> {
   explicit ssl_ctx_st(const SSL_METHOD *ssl_method);