From a556f342201473b4bf8dbf879b03890a74e412b6 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Thu, 3 Mar 2016 19:50:03 +0100 Subject: Rework the default cipherlist. - Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: Rich Salz --- ssl/s3_lib.c | 116 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 58 insertions(+), 58 deletions(-) (limited to 'ssl/s3_lib.c') diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c9b27eba4b..78aaf7bae8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -239,7 +239,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_IDEA, SSL_SHA1, SSL_SSLV3, - SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -272,7 +272,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -401,7 +401,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -463,7 +463,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -560,7 +560,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -579,7 +579,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -595,7 +595,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -611,7 +611,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -661,7 +661,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -759,7 +759,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -775,7 +775,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -791,7 +791,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1028,7 +1028,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1044,7 +1044,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1060,7 +1060,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1160,7 +1160,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1176,7 +1176,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1518,7 +1518,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1534,7 +1534,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1550,7 +1550,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1582,7 +1582,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -1598,7 +1598,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -1614,7 +1614,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -1929,7 +1929,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -1977,7 +1977,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2025,7 +2025,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2323,7 +2323,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128}, @@ -2337,7 +2337,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -2351,7 +2351,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128}, @@ -2365,7 +2365,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -2383,7 +2383,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -2397,7 +2397,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -2411,7 +2411,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -2425,7 +2425,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -2439,7 +2439,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -2453,7 +2453,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -2467,7 +2467,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -2481,7 +2481,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -2497,7 +2497,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2513,7 +2513,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2529,7 +2529,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2545,7 +2545,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2561,7 +2561,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2577,7 +2577,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2593,7 +2593,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2609,7 +2609,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2625,7 +2625,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2641,7 +2641,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2657,7 +2657,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2673,7 +2673,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2689,7 +2689,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2705,7 +2705,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2721,7 +2721,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2737,7 +2737,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2753,7 +2753,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2769,7 +2769,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2785,7 +2785,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2801,7 +2801,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, -- cgit v1.2.3