diff options
author | Pauli <pauli@openssl.org> | 2021-09-22 10:32:49 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-09-24 17:38:23 +1000 |
commit | 56ffcce492ffc6f36b2f0d9431e23febe054dd04 (patch) | |
tree | c49c830dbe307257dfdc9ceeeb05a713311035c5 | |
parent | 1a473d1cc67e04ae9fea517b36dc332143250cf5 (diff) |
doc: document the change to the security level of CCM8 cipher suites
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
-rw-r--r-- | doc/man3/SSL_CTX_set_security_level.pod | 5 | ||||
-rw-r--r-- | ssl/s3_lib.c | 22 |
2 files changed, 14 insertions, 13 deletions
diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index 292d6a2333..13109c89a4 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -83,8 +83,9 @@ using MD5 for the MAC is also prohibited. Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. -In addition to the level 1 exclusions any cipher suite using RC4 is also -prohibited. SSL version 3 is also not allowed. Compression is disabled. +In addition to the level 1 exclusions any cipher suite using RC4 and any +cipher suite using CCM with a 64 bit authentication tag are also prohibited. +SSL version 3 is also not allowed. Compression is disabled. =item B<Level 3> diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 88565a7000..9a53e6af20 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -110,7 +110,7 @@ static SSL_CIPHER tls13_ciphers[] = { 0, 0, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 128, } }; @@ -701,7 +701,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -717,7 +717,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -733,7 +733,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -749,7 +749,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -829,7 +829,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -845,7 +845,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -861,7 +861,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -877,7 +877,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -925,7 +925,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -941,7 +941,7 @@ static SSL_CIPHER ssl3_ciphers[] = { DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 64, /* CCM8 uses a short tag, so we have a low security strength */ + 80, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { |