diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-18 16:13:14 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-15 12:33:30 +0100 |
commit | 9f22c527232d8babfa4827dff34a6707e8880dd9 (patch) | |
tree | dcc7a43d93421790c76b5a4aab274285e2dcd15d | |
parent | 35e742ecac9239539db016e1282b4cbdf501509c (diff) |
Turn on TLSv1.3 downgrade protection by default
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
-rwxr-xr-x | Configure | 2 | ||||
-rw-r--r-- | INSTALL | 10 | ||||
-rw-r--r-- | ssl/s3_lib.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 2 | ||||
-rw-r--r-- | test/recipes/70-test_tls13downgrade.t | 4 |
5 files changed, 2 insertions, 20 deletions
@@ -405,7 +405,6 @@ my @disablables = ( "tests", "threads", "tls", - "tls13downgrade", "ts", "ubsan", "ui-console", @@ -449,7 +448,6 @@ our %disabled = ( # "what" => "comment" "ssl3" => "default", "ssl3-method" => "default", "ubsan" => "default", - "tls13downgrade" => "default", "unit-test" => "default", "weak-ssl-ciphers" => "default", "zlib" => "default", @@ -476,16 +476,6 @@ require additional system-dependent options! See "Note on multi-threading" below. - enable-tls13downgrade - TODO(TLS1.3): Make this enabled by default and remove the - option when TLSv1.3 is out of draft - TLSv1.3 offers a downgrade protection mechanism. This is - implemented but disabled by default. It should not typically - be enabled except for testing purposes. Otherwise this could - cause problems if a pre-RFC version of OpenSSL talks to an - RFC implementation (it will erroneously be detected as a - downgrade). - no-ts Don't build Time Stamping Authority support. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c170eed5e1..5ecbc3c554 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4568,7 +4568,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, } else { ret = RAND_bytes(result, len); } -#ifndef OPENSSL_NO_TLS13DOWNGRADE + if (ret > 0) { if (!ossl_assert(sizeof(tls11downgrade) < len) || !ossl_assert(sizeof(tls12downgrade) < len)) @@ -4580,7 +4580,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, sizeof(tls11downgrade)); } -#endif + return ret; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d04f8773de..38121b7fd2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1914,7 +1914,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) if (s->version != vent->version) continue; -#ifndef OPENSSL_NO_TLS13DOWNGRADE /* Check for downgrades */ if (s->version == TLS1_2_VERSION && highver > s->version) { if (memcmp(tls12downgrade, @@ -1941,7 +1940,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) return 0; } } -#endif s->method = method; return 1; diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t index cc5fb16d2b..f7c8812345 100644 --- a/test/recipes/70-test_tls13downgrade.t +++ b/test/recipes/70-test_tls13downgrade.t @@ -26,10 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled" if disabled("tls1_3") || disabled("tls1_2"); -# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft -plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation" - if disabled("tls13downgrade"); - $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( |