make TLS 1.3 okay

Fixes #118 Updates #119
jmhodges · Jul 26, 2016 · 5e3d730 · 5e3d730
1 parent 093676f
commit 5e3d730
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/all_suites.go b/all_suites.go
@@ -4,10 +4,8 @@ package main
 // Generated with:
 //   curl -s https://www.iana.org/assignments/tls-parameters/tls-parameters.txt | grep '0x.* TLS_' | awk '{ print $1":","\""$2"\","}' | sed 's/,0x//'
 //
-// Plus appending the new ChaCha20/Poly1305 curve ciphers from Chrome 33.0 and
-// the fallback SCSV if the client had to degrade its version of TLS in order
-// to talk to the server. This is currently only in Chrome, and may one day be
-// useful to call out.
+// Plus appending the quantum resistant ones that Chrome is testing if the
+// client had to degrade its version of TLS in order to talk to the server.
 var allCipherSuites = map[uint16]string{
 	0x0000: "TLS_NULL_WITH_NULL_NULL",
 	0x0001: "TLS_RSA_WITH_NULL_MD5",
@@ -341,4 +339,11 @@ var allCipherSuites = map[uint16]string{
 	0x0064: "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
 	0x0065: "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
 	0x0066: "TLS_DHE_DSS_WITH_RC4_128_SHA", // 128-bit RC4, not 56-bit
+
+	// Chrome is testing out some quantum computer resistant cipher suites. We,
+	// for now, assume they are safe.
+	0x16b7: "TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256",
+	0x16b8: "TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+	0x16b9: "TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384",
+	0x16ba: "TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384",
 }
diff --git a/client_info.go b/client_info.go
@@ -86,6 +86,9 @@ func ClientInfo(c *conn) *clientInfo {
 		d.TLSVersion = "TLS 1.1"
 	case tls.VersionTLS12:
 		d.TLSVersion = "TLS 1.2"
+	case 0x0304: // TODO(#119): use crypto/tls's constant when it has it
+		d.TLSVersion = "TLS 1.3"
+
 	default:
 		d.TLSVersion = "an unknown version of SSL/TLS"
 	}

diff --git a/templates/index.html b/templates/index.html
@@ -84,10 +84,10 @@ <h1>Your SSL client is <span class="hero-unit-{{ratingSpan .Rating}}">{{.Rating}
       <div class="row">
         <div class="span4">
           <h2>Version</h2>
-          {{if eq .TLSVersion "TLS 1.2"}}
+          {{if eq .TLSVersion "TLS 1.2" "TLS 1.3"}}
 
           <p><span class="label okay">Good</span> Your client is using
-          TLS 1.2, the most modern version of the encryption
+          {{ .TLSVersion }}, the most modern version of the encryption
           protocol. It gives you access to the fastest, most secure
           encryption possible on the web.</p>