use super::*;
macro_rules! tls_options {
(1, $cipher_list:expr) => {
SafariTlsConfig::builder()
.cipher_list($cipher_list)
.build()
.into()
};
(2, $cipher_list:expr, $sigalgs_list:expr) => {
SafariTlsConfig::builder()
.cipher_list($cipher_list)
.sigalgs_list($sigalgs_list)
.build()
.into()
};
(3, $cipher_list:expr, $sigalgs_list:expr, $curves:expr) => {
SafariTlsConfig::builder()
.curves($curves)
.cipher_list($cipher_list)
.sigalgs_list($sigalgs_list)
.preserve_tls13_cipher_list(true)
.min_tls_version(hpx::tls::TlsVersion::TLS_1_2)
.max_tls_version(hpx::tls::TlsVersion::TLS_1_3)
.build()
.into()
};
}
pub const CURVES_1: &str = join!(":", "X25519", "P-256", "P-384", "P-521");
pub const CURVES_2: &str = join!(":", "X25519MLKEM768", "X25519", "P-256", "P-384", "P-521");
pub const CIPHER_LIST_1: &str = join!(
":",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
);
pub const CIPHER_LIST_2: &str = join!(
":",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
);
pub const CIPHER_LIST_3: &str = join!(
":",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
);
pub const SIGALGS_LIST_1: &str = join!(
":",
"ecdsa_secp256r1_sha256",
"rsa_pss_rsae_sha256",
"rsa_pkcs1_sha256",
"ecdsa_secp384r1_sha384",
"ecdsa_sha1",
"rsa_pss_rsae_sha384",
"rsa_pkcs1_sha384",
"rsa_pss_rsae_sha512",
"rsa_pkcs1_sha512",
"rsa_pkcs1_sha1"
);
pub const SIGALGS_LIST_2: &str = join!(
":",
"ecdsa_secp256r1_sha256",
"rsa_pss_rsae_sha256",
"rsa_pkcs1_sha256",
"ecdsa_secp384r1_sha384",
"rsa_pss_rsae_sha384",
"rsa_pkcs1_sha384",
"rsa_pss_rsae_sha512",
"rsa_pkcs1_sha512",
"rsa_pkcs1_sha1"
);
pub const CERT_COMPRESSION_ALGORITHM: &[CertificateCompressionAlgorithm] =
&[CertificateCompressionAlgorithm::ZLIB];
#[derive(TypedBuilder)]
pub struct SafariTlsConfig {
#[builder(default = TlsVersion::TLS_1_0)]
min_tls_version: TlsVersion,
#[builder(default = TlsVersion::TLS_1_3)]
max_tls_version: TlsVersion,
#[builder(default = CURVES_1)]
curves: &'static str,
#[builder(default = SIGALGS_LIST_1)]
sigalgs_list: &'static str,
cipher_list: &'static str,
#[builder(default, setter(strip_option))]
preserve_tls13_cipher_list: Option<bool>,
}
impl From<SafariTlsConfig> for TlsOptions {
fn from(val: SafariTlsConfig) -> Self {
TlsOptions::builder()
.session_ticket(false)
.grease_enabled(true)
.enable_ocsp_stapling(true)
.enable_signed_cert_timestamps(true)
.preserve_tls13_cipher_list(val.preserve_tls13_cipher_list)
.curves_list(val.curves)
.sigalgs_list(val.sigalgs_list)
.cipher_list(val.cipher_list)
.min_tls_version(val.min_tls_version)
.max_tls_version(val.max_tls_version)
.certificate_compression_algorithms(CERT_COMPRESSION_ALGORITHM)
.build()
}
}