diff options
| author | Pauli <pauli@openssl.org> | 2021-09-22 10:31:22 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-09-24 17:38:23 +1000 |
| commit | 1a473d1cc67e04ae9fea517b36dc332143250cf5 (patch) | |
| tree | 8c1577a61ca49ac1ff97ab35526f60c263d002f6 | |
| parent | c3b5fa4ab7d19e35311a21fec3ebc0a333c352b6 (diff) | |
tls: reduce the strength of CCM_8 ciphers due to their short IV.
Fixes #16154
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
| -rw-r--r-- | CHANGES.md | 5 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 44 |
2 files changed, 27 insertions, 22 deletions
diff --git a/CHANGES.md b/CHANGES.md index c9d3825eec..cfb6eb0821 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,11 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX xxxx] + * CCM8 cipher suites in TLS have been downgraded to security level 1 because + they use a short tag which lowers their strength. + + *Paul Dale* + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings by default. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ef027d79e0..88565a7000 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -108,9 +108,9 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, 0, 0, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256, - 128, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 128, } }; @@ -699,9 +699,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -715,9 +715,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -731,9 +731,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -747,9 +747,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -827,9 +827,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -843,9 +843,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -859,9 +859,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -875,9 +875,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { @@ -923,9 +923,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 128, }, { @@ -939,9 +939,9 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, - SSL_NOT_DEFAULT | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ 256, }, { |