Remove now unnecessary QUIC_CIPHER_SUITES

quinn-rs · Aug 2, 2021 · f154d22 · f154d22
1 parent 1fe526a
commit f154d22
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 21 deletions.
diff --git a/quinn-proto/src/config.rs b/quinn-proto/src/config.rs
@@ -521,7 +521,7 @@ impl ServerConfig<crypto::rustls::TlsSession> {
         key: PrivateKey,
     ) -> Result<Self, rustls::Error> {
         let mut crypto = rustls::ServerConfig::builder()
-            .with_cipher_suites(&crypto::rustls::QUIC_CIPHER_SUITES)
+            .with_safe_default_cipher_suites()
             .with_safe_default_kx_groups()
             .with_protocol_versions(&[&rustls::version::TLS13])
             .unwrap()
@@ -647,7 +647,7 @@ impl ClientConfig<crypto::rustls::TlsSession> {
         }
 
         let mut cfg = rustls::ClientConfig::builder()
-            .with_cipher_suites(&crypto::rustls::QUIC_CIPHER_SUITES)
+            .with_safe_default_cipher_suites()
             .with_safe_default_kx_groups()
             .with_protocol_versions(&[&rustls::version::TLS13])
             .unwrap()

diff --git a/quinn-proto/src/crypto/rustls.rs b/quinn-proto/src/crypto/rustls.rs
@@ -388,17 +388,3 @@ impl crypto::PacketKey for PacketKey {
         self.integrity_limit()
     }
 }
-
-/// Cipher suites suitable for QUIC
-///
-/// The list is equivalent to TLS1.3 ciphers.
-/// It matches the rustls prefernce list that was introduced with
-/// https://github.com/ctz/rustls/commit/7117a805e0104705da50259357d8effa7d599e37.
-/// This list prefers AES ciphers, which are hardware accelerated on most platforms.
-/// This list can be removed if the rustls dependency is updated to a new version
-/// which contains the linked change.
-pub(crate) static QUIC_CIPHER_SUITES: [rustls::SupportedCipherSuite; 3] = [
-    rustls::cipher_suite::TLS13_AES_256_GCM_SHA384,
-    rustls::cipher_suite::TLS13_AES_128_GCM_SHA256,
-    rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
-];
diff --git a/quinn-proto/src/tests/mod.rs b/quinn-proto/src/tests/mod.rs
@@ -14,11 +14,8 @@ use rustls::internal::msgs::enums::AlertDescription;
 use tracing::info;
 
 use super::*;
+use crate::cid_generator::{ConnectionIdGenerator, RandomConnectionIdGenerator};
 use crate::crypto::Session as _;
-use crate::{
-    cid_generator::{ConnectionIdGenerator, RandomConnectionIdGenerator},
-    crypto::rustls::QUIC_CIPHER_SUITES,
-};
 use crate::{Certificate, CertificateChain, PrivateKey};
 mod util;
 use util::*;
@@ -337,7 +334,7 @@ fn reject_missing_client_cert() {
     let cert = util::CERTIFICATE.serialize_der().unwrap();
 
     let config = rustls::ServerConfig::builder()
-        .with_cipher_suites(&QUIC_CIPHER_SUITES)
+        .with_safe_default_cipher_suites()
         .with_safe_default_kx_groups()
         .with_protocol_versions(&[&rustls::version::TLS13])
         .unwrap()