diff options
| author | Bodo Möller <bodo@openssl.org> | 2007-02-19 18:41:41 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2007-02-19 18:41:41 +0000 |
| commit | 0a05123a6c90390c1290fe3bc119f1daf256b834 (patch) | |
| tree | 34c7ee359825151da85292b0051a11cf9d80db9b /ssl | |
| parent | 2afe316721982828eba29744f59244d443fc27a3 (diff) | |
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl.h | 9 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 35 |
2 files changed, 42 insertions, 2 deletions
@@ -315,8 +315,13 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:!AECDH:+aECDH:+kRSA:+RC4:@STRENGTH" -/* low priority for ciphersuites w/o forwared secrecy (fixed ECDH, RSA key exchange), and for RC4 */ +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL" +/* As of OpenSSL 0.9.9, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! + * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable + * some of them.) + */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 3e94de8f83..787aec1e31 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1120,6 +1120,40 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, co_list, &head, &tail); + + /* Now arrange all ciphers by preference: */ + + /* Temporarily enabled AES first (preferred cipher) */ + ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + + /* Temporarily enable everything else */ + ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + + /* Move anonymous ciphers to the end. Usually, these will remain disabled. + * (For applications that allow them, they aren't too bad, but we prefer + * authenticated ciphers.) */ + ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + + /* Move ciphers without forward secrecy to then end */ + ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, SSL_kPSK, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + + /* RC4 is sort-of broken -- move the the end */ + ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); + + /* Now sort by symmetric encryption strength. The above ordering remains + * in force within each class */ + if (!ssl_cipher_strength_sort(&head, &tail)) + { + OPENSSL_free(co_list); + return NULL; + } + + /* Now disable everything (maintaining the ordering!) */ + ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); + + /* * We also need cipher aliases for selecting based on the rule_str. * There might be two types of entries in the rule_str: 1) names @@ -1167,6 +1201,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, OPENSSL_free(co_list); return(NULL); } + /* * Allocate new "cipherstack" for the result, return with error * if we cannot get one. |