summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES8
-rw-r--r--doc/ssl/SSL_CONF_cmd.pod73
-rw-r--r--doc/ssl/SSL_CTX_new.pod126
-rw-r--r--doc/ssl/SSL_CTX_set_min_proto_version.pod42
-rw-r--r--doc/ssl/SSL_CTX_set_options.pod10
-rw-r--r--include/openssl/dtls1.h1
-rw-r--r--include/openssl/ssl.h13
-rw-r--r--ssl/d1_lib.c16
-rw-r--r--ssl/ssl_conf.c81
-rw-r--r--ssl/ssl_lib.c16
-rw-r--r--ssl/ssl_locl.h9
-rw-r--r--ssl/statem/statem_clnt.c64
-rw-r--r--ssl/statem/statem_srvr.c41
-rw-r--r--test/recipes/80-test_ssl.t518
-rw-r--r--test/ssltest.c142
15 files changed, 1063 insertions, 97 deletions
diff --git a/CHANGES b/CHANGES
index 0c25e0bac9..b0331b2594 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
Changes between 1.0.2e and 1.1.0 [xx XXX xxxx]
+ *) Add support for setting the minimum and maximum supported protocol.
+ It can bet set via the SSL_set_min_proto_version() and
+ SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and
+ MaxProtcol. It's recommended to use the new APIs to disable
+ protocols instead of disabling individual protocols using
+ SSL_set_options() or SSL_CONF's Protocol.
+ [Kurt Roeckx]
+
*) Support for ChaCha20 and Poly1305 added to libcrypto and libssl.
[Andy Polyakov]
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index bebd20485c..cfac7e22d2 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -74,7 +74,7 @@ B<prime256v1>). Curve names are case sensitive.
=item B<-named_curve>
-This sets the temporary curve used for ephemeral ECDH modes. Only used by
+This sets the temporary curve used for ephemeral ECDH modes. Only used by
servers
The B<value> argument is a curve name or the special value B<auto> which
@@ -85,7 +85,7 @@ can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
=item B<-cipher>
Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
-currently not performed unless a B<SSL> or B<SSL_CTX> structure is
+currently not performed unless a B<SSL> or B<SSL_CTX> structure is
associated with B<cctx>.
=item B<-cert>
@@ -109,9 +109,14 @@ Attempts to use the file B<value> as the set of temporary DH parameters for
the appropriate context. This option is only supported if certificate
operations are permitted.
+=item B<-min_protocol>, B<-max_protocol>
+
+Sets the minimum and maximum supported protocol.
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+
=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-Disables protocol support for SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
+Disables protocol support for SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
by setting the corresponding options B<SSL_OP_NO_SSL3>,
B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively.
@@ -177,7 +182,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values.
=item B<CipherString>
Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
-currently not performed unless an B<SSL> or B<SSL_CTX> structure is
+currently not performed unless an B<SSL> or B<SSL_CTX> structure is
associated with B<cctx>.
=item B<Certificate>
@@ -250,7 +255,7 @@ B<prime256v1>). Curve names are case sensitive.
=item B<ECDHParameters>
-This sets the temporary curve used for ephemeral ECDH modes. Only used by
+This sets the temporary curve used for ephemeral ECDH modes. Only used by
servers
The B<value> argument is a curve name or the special value B<Automatic> which
@@ -258,16 +263,37 @@ picks an appropriate curve based on client and server preferences. The curve
can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
(e.g B<prime256v1>). Curve names are case sensitive.
+=item B<MinProtocol>
+
+This sets the minimum supported SSL, TLS or DTLS version.
+
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+
+=item B<MaxProtocol>
+
+This sets the maximum supported SSL, TLS or DTLS version.
+
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+
=item B<Protocol>
-The supported versions of the SSL or TLS protocol.
+This can be used to enable or disable certain versions of the SSL, TLS or DTLS protocol.
+
+The B<value> argument is a comma separated list of supported protocols to enable or disable.
+If a protocol is preceded by B<-> that version is disabled.
+
+All protocol versions are enabled by default.
+You need to disable at least 1 protocol version for this setting have any effect.
+Only enabling some protocol versions does not disable the other protocol versions.
+
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>, B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
+The special value B<ALL> refers to all supported versions.
-The B<value> argument is a comma separated list of supported protocols to
-enable or disable. If an protocol is preceded by B<-> that version is disabled.
-All versions are enabled by default, though applications may choose to
-explicitly disable some. Currently supported protocol values are
-B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers
-to all supported versions.
+This can't enable protocols that are disabled using B<MinProtocol> or B<MaxProtocol>, but can disable protocols that are still allowed by them.
+
+The B<Protocol> command is fragile and deprecated; do not use it.
+Use B<MinProtocol> and B<MaxProtocol> instead.
+If you do use B<Protocol>, make sure that the resulting range of enabled protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make sure to also leave TLS 1.1 enabled.
=item B<Options>
@@ -404,7 +430,7 @@ can be checked instead. If -3 is returned a required argument is missing
and an error is indicated. If 0 is returned some other error occurred and
this can be reported back to the user.
-The function SSL_CONF_cmd_value_type() can be used by applications to
+The function SSL_CONF_cmd_value_type() can be used by applications to
check for the existence of a command or to perform additional syntax
checking or translation of the command value. For example if the return
value is B<SSL_CONF_TYPE_FILE> an application could translate a relative
@@ -416,12 +442,29 @@ Set supported signature algorithms:
SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
-Enable all protocols except SSLv3:
+There are various ways to select the supported procotols.
+
+This set the minimum protocol version to TLSv1, and so disables SSLv3.
+This is the recommended way to disable protocols.
+
+ SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
+
+The following also disables SSLv3:
+
+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+
+The following will first enable all protocols, and then disable SSLv3.
+If nothing was disabled before it has the same effect as "-SSLv3", but if things were disables it will first enable them again before disabling SSLv3.
SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
Only enable TLSv1.2:
+ SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
+ SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
+
+This also only enables TLSv1.2:
+
SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
Disable TLS session tickets:
@@ -474,4 +517,6 @@ B<SSL_CONF_TYPE_NONE> was first added to OpenSSL 1.1.0. In earlier versions of
OpenSSL passing a command which didn't take an argument would return
B<SSL_CONF_TYPE_UNKNOWN>.
+B<MinProtocol> and B<MaxProtocol> where added in OpenSSL 1.1.0.
+
=cut
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
index 15011f8fc1..2c2120a647 100644
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -2,7 +2,7 @@
=head1 NAME
-SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions
+SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method - create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions
=head1 SYNOPSIS
@@ -10,51 +10,77 @@ SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_metho
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ const SSL_METHOD *TLS_method(void);
+ const SSL_METHOD *TLS_server_method(void);
+ const SSL_METHOD *TLS_client_method(void);
+
+ #define SSLv23_method TLS_method
+ #define SSLv23_server_method TLS_server_method
+ #define SSLv23_client_method TLS_client_method
+
+ #ifndef OPENSSL_NO_SSL3_METHOD
+ const SSL_METHOD *SSLv3_method(void);
+ const SSL_METHOD *SSLv3_server_method(void);
+ const SSL_METHOD *SSLv3_client_method(void);
+ #endif
+
+ const SSL_METHOD *TLSv1_method(void);
+ const SSL_METHOD *TLSv1_server_method(void);
+ const SSL_METHOD *TLSv1_client_method(void);
+
+ const SSL_METHOD *TLSv1_1_method(void);
+ const SSL_METHOD *TLSv1_1_server_method(void);
+ const SSL_METHOD *TLSv1_1_client_method(void);
+
+ const SSL_METHOD *TLSv1_2_method(void);
+ const SSL_METHOD *TLSv1_2_server_method(void);
+ const SSL_METHOD *TLSv1_2_client_method(void);
+
+ const SSL_METHOD *DTLS_method(void);
+ const SSL_METHOD *DTLS_server_method(void);
+ const SSL_METHOD *DTLS_client_method(void);
+
+ const SSL_METHOD *DTLSv1_method(void);
+ const SSL_METHOD *DTLSv1_server_method(void);
+ const SSL_METHOD *DTLSv1_client_method(void);
+
+ const SSL_METHOD *DTLSv1_2_method(void);
+ const SSL_METHOD *DTLSv1_2_server_method(void);
+ const SSL_METHOD *DTLSv1_2_client_method(void);
+
=head1 DESCRIPTION
-SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
-TLS/SSL enabled connections.
+SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish TLS/SSL or DTLS enabled connections.
=head1 NOTES
-The SSL_CTX object uses B<method> as connection method. The methods exist
-in a generic type (for client and server use), a server only type, and a
-client only type. B<method> can be of the following types:
+The SSL_CTX object uses B<method> as connection method.
+The methods exist in a generic type (for client and server use), a server only type, and a client only type.
+B<method> can be of the following types:
=over 4
-=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
+=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
-A TLS/SSL connection established with these methods will only understand the
-SSLv3 protocol. A client will send out SSLv3 client hello messages
-and will indicate that it only understands SSLv3. A server will only understand
-SSLv3 client hello messages.
+An SSL connection established with these methods will only understand the SSLv3 protocol.
+A client will send out a SSLv3 client hello messages and will indicate that it supports SSLv3.
+A server will only understand SSLv3 client hello message and only support the SSLv3 protocol.
-=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
+=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
-A TLS/SSL connection established with these methods will only understand the
-TLSv1 protocol. A client will send out TLSv1 client hello messages
-and will indicate that it only understands TLSv1. A server will only understand
-TLSv1 client hello messages.
+A TLS connection established with these methods will only understand the TLS 1.0 protocol.
-=item TLSv1_1_method(void), TLSv1_1_server_method(void), TLSv1_1_client_method(void)
+=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
-A TLS/SSL connection established with these methods will only understand the
-TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages
-and will indicate that it only understands TLSv1.1. A server will only
-understand TLSv1.1 client hello messages.
+A TLS connection established with these methods will only understand the TLS 1.1 protocol.
-=item TLSv1_2_method(void), TLSv1_2_server_method(void), TLSv1_2_client_method(void)
+=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
-A TLS/SSL connection established with these methods will only understand the
-TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages
-and will indicate that it only understands TLSv1.2. A server will only
-understand TLSv1.2 client hello messages.
+A TLS connection established with these methods will only understand the TLS 1.2 protocol.
-=item TLS_method(void), TLS_server_method(void), TLS_client_method(void)
+=item TLS_method(), TLS_server_method(), TLS_client_method()
-A TLS/SSL connection established with these methods may understand the
-SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
+A TLS/SSL connection established with these methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
If extensions are required (for example server name)
a client will send out TLSv1 client hello messages including extensions and
@@ -62,26 +88,36 @@ will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
protocols. This is the best choice when compatibility is a concern.
-=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
+=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
-Use of these functions is deprecated. They have been replaced with TLS_Method(),
+Use of these functions is deprecated. They have been replaced with TLS_method(),
TLS_server_method() and TLS_client_method() respectively. New code should use
those functions instead.
+=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
+
+A DTLS connection established with those methods understands all supported DTLS protocols.
+Currently supported protocols are DTLS 1.0 and DTLS 1.2.
+
+=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
+
+A DTLS connection established with these methods will only understand the DTLS 1.0 protocol.
+
+=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
+
+A DTLS connection established with these methods will only understand the DTLS 1.2 protocol.
+
=back
-The list of protocols available can later be limited using the
-SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
-options of the SSL_CTX_set_options() or SSL_set_options() functions.
-Using these options it is possible to choose e.g. TLS_server_method() and
-be able to negotiate with all possible clients, but to only allow newer
-protocols like TLSv1, TLSv1.1 or TLS v1.2.
+TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(), DTLS_server_method() and DTLS_client_method() are the version flexible methods.
+All other methods only support 1 specific protocol version.
+It's recommended to use those methods instead of the version specific methods.
-Applications which never want to support SSLv3 can set SSL_OP_NO_SSLv3.
+If you want to limit the supported protocols for the version flexible methods you can use SSL_CTX_set_min_proto_version(), SSL_set_min_proto_version(), SSL_CTX_set_max_proto_version() and SSL_set_max_proto_version() functions.
+They can also be limited using by using an option like SSL_OP_NO_SSLv3 of the SSL_CTX_set_options() or SSL_set_options() functions, but that's not recommended.
+Using these functions it is possible to choose e.g. TLS_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like TLS v1, TLS v1.1 or TLS v1.2.
-SSL_CTX_new() initializes the list of ciphers, the session cache setting,
-the callbacks, the keys and certificates and the options to its default
-values.
+SSL_CTX_new() initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to its default values.
=head1 RETURN VALUES
@@ -102,14 +138,14 @@ The return value points to an allocated SSL_CTX object.
=head1 HISTORY
-SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in
-OpenSSL 1.1.0. SSLv23_method, SSLv23_server_method and SSLv23_client_method were
-deprecated and TLS_method, TLS_server_method and TLS_client_method
-were introduced in OpenSSL 1.1.0.
+SSLv3
+SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in OpenSSL 1.1.0.
+SSLv23_method, SSLv23_server_method and SSLv23_client_method were deprecated and TLS_method, TLS_server_method and TLS_client_method were introduced in OpenSSL 1.1.0.
=head1 SEE ALSO
L<SSL_CTX_free(3)>, L<SSL_accept(3)>,
+L<SSL_CTX_set_min_proto_version(3)>,
L<ssl(3)>, L<SSL_set_connect_state(3)>
=cut
diff --git a/doc/ssl/SSL_CTX_set_min_proto_version.pod b/doc/ssl/SSL_CTX_set_min_proto_version.pod
new file mode 100644
index 0000000000..4cb4c43a2d
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version - Set minimum and maximum supported protocol version
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+ int SSL_set_min_proto_version(SSL *ssl, int version);
+ int SSL_set_max_proto_version(SSL *ssl, int version);
+
+=head1 DESCRIPTION
+
+The functions set the minimum and maximum supported portocol versions for the B<ctx> or B<ssl>.
+This works in combination with the options set via SSL_CTX_set_options() that allows to disable specific protocol versions.
+You should use these functions instead of disabling a specific protocol version.
+
+When setting the minimum or maximum version to 0 it will use the lowest or highest supported version, respectively, by the library.
+
+Currently supported versions are B<SSL3_VERSION>, B<TLS1_VERSION>, B<TLS1_1_VERSION>, B<TLS1_2_VERSION>, B<DTLS1_VERSION> and B<DTLS1_2_VERSION>.
+
+=head1 RETURN VALUES
+
+The function returns 1 on success and 0 on failure.
+
+=head1 NOTES
+
+All these functions are implemented using macros.
+
+=head1 HISTORY
+
+The functions were added in OpenSSL 1.1.0
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_options(3)>, L<SSL_CONF_cmd(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index cf137a5ed4..bf7f7fd318 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -153,13 +153,10 @@ own preferences.
...
-=item SSL_OP_NO_SSLv3
+=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1
-Do not use the SSLv3 protocol.
-
-=item SSL_OP_NO_TLSv1
-
-Do not use the TLSv1 protocol.
+Do not use the SSLv3 or TLSv1 protocol, respectively.
+You should avoid using those settings and instead use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version().
=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
@@ -269,6 +266,7 @@ secure renegotiation and 0 if it does not.
L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
L<SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_min_proto_version(3)>,
L<dhparam(1)>
=head1 HISTORY
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index f214296d4b..1de5f68b6e 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -66,6 +66,7 @@ extern "C" {
# define DTLS1_VERSION 0xFEFF
# define DTLS1_2_VERSION 0xFEFD
+# define DTLS_MIN_VERSION DTLS1_VERSION
# define DTLS_MAX_VERSION DTLS1_2_VERSION
# define DTLS1_VERSION_MAJOR 0xFE
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8d82a6e0c1..a0d66fa0c4 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -438,6 +438,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
/* Removed from previous versions */
# define SSL_OP_PKCS1_CHECK_1 0x0
@@ -1219,6 +1221,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define DTLS_CTRL_SET_LINK_MTU 120
# define DTLS_CTRL_GET_LINK_MIN_MTU 121
# define SSL_CTRL_GET_EXTMS_SUPPORT 122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
@@ -1350,6 +1354,15 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#define SSL_set_min_proto_version(s, version) \
+ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_set_max_proto_version(s, version) \
+ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+
__owur BIO_METHOD *BIO_f_ssl(void);
__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 0fdfd51091..a510b5bebe 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -259,14 +259,24 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_CHECK_PROTO_VERSION:
/*
* For library-internal use; checks that the current protocol is the
- * highest enabled version (according to s->ctx->method, as version
- * negotiation may have changed s->method).
+ * is the highest enabled version.
+ */
+ if (s->max_proto_version == 0 && s->version == DTLS_MAX_VERSION)
+ return 1;
+ if (s->max_proto_version != 0 && s->version == s->max_proto_version)
+ return 1;
+ /* We're not limited by the max_proto_version but might still have
+ * other reasons why we use an older version like not using a
+ * version-flexible SSL_METHOD. Check s->ctx->method as version
+ * negotiation may have changed s->method.
+ * This check can be removed when we only have version-flexible
+ * SSL_METHODs
*/
if (s->version == s->ctx->method->version)
return 1;
/*
* Apparently we're using a version-flexible SSL_METHOD (not at its
- * highest protocol version).
+ * highest protocol version, not limited by max_proto_version).
*/
if (s->ctx->method->version == DTLS_method()->version) {
#if DTLS_MAX_VERSION != DTLS1_2_VERSION
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 21aa2652fc..1e14a4497e 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -142,6 +142,10 @@ struct ssl_conf_ctx_st {
uint32_t *pcert_flags;
/* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
uint32_t *pvfy_flags;
+ /* Pointer to SSL or SSL_CTX min_version field or NULL if none */
+ int *min_version;
+ /* Pointer to SSL or SSL_CTX max_version field or NULL if none */
+ int *max_version;
/* Current flag table being worked on */
const ssl_flag_tbl *tbl;
/* Size of table */
@@ -307,13 +311,78 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3),
SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
- SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2)
+ SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+ SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
+ SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
};
cctx->tbl = ssl_protocol_list;
cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
}
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+ struct protocol_versions {
+ const char *name;
+ int version;
+ };
+ static const struct protocol_versions versions[] = {
+ {"SSLv3", SSL3_VERSION},
+ {"TLSv1", TLS1_VERSION},
+ {"TLSv1.1", TLS1_1_VERSION},
+ {"TLSv1.2", TLS1_2_VERSION},
+ {"DTLSv1", DTLS1_VERSION},
+ {"DTLSv1.2", DTLS1_2_VERSION}};
+ size_t i;
+ size_t n = OSSL_NELEM(versions);
+
+ for (i = 0; i < n; i++)
+ if (strcmp(versions[i].name, value) == 0)
+ return versions[i].version;
+ return -1;
+}
+
+/*
+ * cmd_MinProtocol - Set min protocol version
+ * @cctx: config structure to save settings in
+ * @value: The min protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+ int version = protocol_from_string(value);
+
+ if (version < 0)
+ return 0;
+
+ *(cctx->min_version) = version;
+ return 1;
+}
+
+/*
+ * cmd_MaxProtocol - Set max protocol version
+ * @cctx: config structure to save settings in
+ * @value: The max protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+ int version = protocol_from_string(value);
+
+ if (version < 0)
+ return 0;
+
+ *(cctx->max_version) = version;
+ return 1;
+}
+
static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
{
static const ssl_flag_tbl ssl_option_list[] = {
@@ -527,6 +596,8 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
#endif
SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+ SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CLIENT),
+ SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CLIENT),
SSL_CONF_CMD_STRING(Options, NULL, 0),
SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
@@ -831,10 +902,14 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
cctx->ctx = NULL;
if (ssl) {
cctx->poptions = &ssl->options;
+ cctx->min_version = &ssl->min_proto_version;
+ cctx->max_version = &ssl->max_proto_version;
cctx->pcert_flags = &ssl->cert->cert_flags;
cctx->pvfy_flags = &ssl->verify_mode;
} else {
cctx->poptions = NULL;
+ cctx->min_version = NULL;
+ cctx->max_version = NULL;
cctx->pcert_flags = NULL;
cctx->pvfy_flags = NULL;
}
@@ -846,10 +921,14 @@ void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
cctx->ssl = NULL;
if (ctx) {
cctx->poptions = &ctx->options;
+ cctx->min_version = &ctx->min_proto_version;
+ cctx->max_version = &ctx->max_proto_version;
cctx->pcert_flags = &ctx->cert->cert_flags;
cctx->pvfy_flags = &ctx->verify_mode;
} else {
cctx->poptions = NULL;
+ cctx->min_version = NULL;
+ cctx->max_version = NULL;
cctx->pcert_flags = NULL;
cctx->pvfy_flags = NULL;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7f4bca058b..cfc73de9ca 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -293,6 +293,8 @@ SSL *SSL_new(SSL_CTX *ctx)
RECORD_LAYER_init(&s->rlayer, s);
s->options = ctx->options;
+ s->min_proto_version = ctx->min_proto_version;
+ s->max_proto_version = ctx->max_proto_version;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
s->references = 1;
@@ -1198,6 +1200,12 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return 1;
else
return 0;
+ case SSL_CTRL_SET_MIN_PROTO_VERSION:
+ s->min_proto_version = larg;
+ return 1;
+ case SSL_CTRL_SET_MAX_PROTO_VERSION:
+ s->max_proto_version = larg;
+ return 1;
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
@@ -1314,6 +1322,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return (ctx->cert->cert_flags |= larg);
case SSL_CTRL_CLEAR_CERT_FLAGS:
return (ctx->cert->cert_flags &= ~larg);
+ case SSL_CTRL_SET_MIN_PROTO_VERSION:
+ ctx->min_proto_version = larg;
+ return 1;
+ case SSL_CTRL_SET_MAX_PROTO_VERSION:
+ ctx->max_proto_version = larg;
+ return 1;
default:
return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
}
@@ -1794,6 +1808,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
goto err;
ret->method = meth;
+ ret->min_proto_version = 0;
+ ret->max_proto_version = 0;
ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
/* We take the system default. */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 4db32a9294..9482fc91ad 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -264,6 +264,11 @@
c[1]=(unsigned char)(((l)>> 8)&0xff), \
c[2]=(unsigned char)(((l) )&0xff)),c+=3)
+#define DTLS_VERSION_GT(v1, v2) ((v1) < (v2))
+#define DTLS_VERSION_GE(v1, v2) ((v1) <= (v2))
+#define DTLS_VERSION_LT(v1, v2) ((v1) > (v2))
+#define DTLS_VERSION_LE(v1, v2) ((v1) >= (v2))
+
/* LOCAL STUFF */
# define SSL_DECRYPT 0
@@ -796,6 +801,8 @@ struct ssl_ctx_st {
uint32_t options;
uint32_t mode;
+ int min_proto_version;
+ int max_proto_version;
long max_cert_list;
struct cert_st /* CERT */ *cert;
@@ -1066,6 +1073,8 @@ struct ssl_st {
uint32_t options;
/* API behaviour */
uint32_t mode;
+ int min_proto_version;
+ int max_proto_version;
long max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d168b19cb8..26acdc5488 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -852,6 +852,14 @@ static int ssl_set_version(SSL *s)
s->version = SSL3_VERSION;
#endif
+ if (s->max_proto_version != 0 && (s->version > s->max_proto_version))
+ s->version = s->max_proto_version;
+ if (s->version < s->min_proto_version)
+ {
+ SSLerr(SSL_F_SSL_SET_VERSION, SSL_R_NO_PROTOCOLS_AVAILABLE);
+ return 0;
+ }
+
if (s->version != TLS1_2_VERSION && tls1_suiteb(s)) {
SSLerr(SSL_F_SSL_SET_VERSION,
SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
@@ -864,9 +872,17 @@ static int ssl_set_version(SSL *s)
}
} else if (s->method->version == DTLS_ANY_VERSION) {
- /* Determine which DTLS version to use */
+ int max_version = DTLS_MAX_VERSION;
+ int min_version = DTLS_MIN_VERSION;
+
+ if (s->max_proto_version != 0)
+ max_version = s->max_proto_version;
+ if (s->min_proto_version != 0)
+ min_version = s->min_proto_version;
+
/* If DTLS 1.2 disabled correct the version number */
- if (options & SSL_OP_NO_DTLSv1_2) {
+ if (options & SSL_OP_NO_DTLSv1_2
+ || DTLS_VERSION_GT(DTLS1_2_VERSION, max_version)) {
if (tls1_suiteb(s)) {
SSLerr(SSL_F_SSL_SET_VERSION,
SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
@@ -875,7 +891,8 @@ static int ssl_set_version(SSL *s)
/*
* Disabling all versions is silly: return an error.
*/
- if (options & SSL_OP_NO_DTLSv1) {
+ if (options & SSL_OP_NO_DTLSv1
+ || DTLS_VERSION_GT(min_version, DTLS1_VERSION)) {
SSLerr(SSL_F_SSL_SET_VERSION, SSL_R_WRONG_SSL_VERSION);
return 0;
}
@@ -888,7 +905,8 @@ static int ssl_set_version(SSL *s)
/*
* We only support one version: update method
*/