Add new default ciphersuite for tls1.3 in mbedtls, so that the server and client can find common ciphers

author: Dirk Engling <erdgeist@erdgeist.org> 2026-01-21 23:53:16 +0100
committer: Dirk Engling <erdgeist@erdgeist.org> 2026-01-21 23:53:16 +0100
commit: 6d2fb4ff436c9a9c064199fdc5468cd8a1a8a993 (patch)
tree: e8621ddf119ac15625a807c9406ef449f7c64233
parent: d7ecb3d0a7bb1f34def28296deafbb407bee4a77 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/vchat-tls.c b/vchat-tls.c
index 05df4d2..e230487 100644
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -510,7 +510,7 @@ int vc_mbedtls_connect(const char *servername, int serverfd, vc_x509store_t *vc_
  char *ciphers = getstroption(CF_CIPHERSUITE);
  if (!ciphers)
-    ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
+    ciphers = "TLS1-3-AES-256-GCM-SHA384:TLS1-3-AES-128-GCM-SHA256:TLS1-3-AES-128-CCM-SHA256:TLS1-3-AES-128-CCM-8-SHA256:TLS1-3-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
  ciphers = strdup(ciphers);
  for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1;
       token = strtok(NULL, ":")) {
author	Dirk Engling <erdgeist@erdgeist.org>	2026-01-21 23:53:16 +0100
committer	Dirk Engling <erdgeist@erdgeist.org>	2026-01-21 23:53:16 +0100
commit	6d2fb4ff436c9a9c064199fdc5468cd8a1a8a993 (patch)
tree	e8621ddf119ac15625a807c9406ef449f7c64233
parent	d7ecb3d0a7bb1f34def28296deafbb407bee4a77 (diff)

diff --git a/vchat-tls.c b/vchat-tls.c index 05df4d2..e230487 100644 --- a/vchat-tls.c +++ b/vchat-tls.c
@@ -510,7 +510,7 @@ int vc_mbedtls_connect(const char servername, int serverfd, vc_x509store_t vc_
510		510
511	char *ciphers = getstroption(CF_CIPHERSUITE);	511	char *ciphers = getstroption(CF_CIPHERSUITE);
512	if (!ciphers)	512	if (!ciphers)
513	ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";	513	ciphers = "TLS1-3-AES-256-GCM-SHA384:TLS1-3-AES-128-GCM-SHA256:TLS1-3-AES-128-CCM-SHA256:TLS1-3-AES-128-CCM-8-SHA256:TLS1-3-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA";
514	ciphers = strdup(ciphers);	514	ciphers = strdup(ciphers);
515	for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1;	515	for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1;
516	token = strtok(NULL, ":")) {	516	token = strtok(NULL, ":")) {