From 4a512281eccdac959f1a62a3047111120768c198 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 30 Oct 2018 18:21:41 +0000 Subject: [PATCH 1/8] Reduce priority of 3DES ciphersuites --- ChangeLog | 11 +++++--- include/mbedtls/config.h | 13 +++++++++ library/ssl_ciphersuites.c | 57 +++++++++++++++++++++++--------------- library/version_features.c | 3 ++ scripts/config.pl | 2 ++ 5 files changed, 60 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2500919d8..abd12d5b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,10 +7,8 @@ Features which allows copy-less parsing of DER encoded X.509 CRTs, at the cost of additional lifetime constraints on the input buffer, but at the benefit of reduced RAM consumption. - -API Changes - * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. - See the Features section for more information. + * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites + from the default list (inactive by default). Bugfix * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined @@ -53,6 +51,11 @@ Changes underlying OS actually guarantees. * Fix configuration queries in ssl-opt.h. #2030 * Ensure that ssl-opt.h can be run in OS X. #2029 + * Ciphersuites based on 3DES now have the lowest priority by default. + +API Changes + * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. + See the Features section for more information. = mbed TLS 2.16.0 branch released 2018-12-21 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e6abf24d5..131ef232b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -687,6 +687,19 @@ */ #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +/** + * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES + * + * Remove 3DES ciphersuites by default in SSL / TLS. + * This flag removes the ciphersuites based on 3DES from the default list as + * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible + * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including + * them explicitly. + * + * Comment this macro to keep 3DES in the default ciphersuite list. + */ +#define MBEDTLS_REMOVE_3DES_CIPHERSUITES + /** * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED * diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 745474eff..518f7dde0 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -43,11 +43,11 @@ /* * Ordered from most preferred to least preferred in terms of security. * - * Current rule (except rc4, weak and null which come last): + * Current rule (except RC4 and 3DES, weak and null which come last): * 1. By key exchange: * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * 2. By key length and cipher: - * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES + * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 * 4. By hash function used when relevant * 5. By key exchange/auth again: EC > non-EC @@ -126,11 +126,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - /* All remaining >= 128-bit ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - /* The PSK ephemeral suites */ MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, @@ -162,9 +157,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - /* The ECJPAKE suite */ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, @@ -228,11 +220,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - /* All remaining >= 128-bit suites */ - MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - /* The RSA PSK suites */ MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, @@ -251,8 +238,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, @@ -275,6 +260,16 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, + /* 3DES suites */ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, /* RC4 suites */ @@ -2187,6 +2182,26 @@ const int *mbedtls_ssl_list_ciphersuites( void ) static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_init = 0; +static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) +{ + (void)cs_info; + +#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) + if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) + return( 1 ); +#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ + +#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) + if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || + cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC ) + { + return( 1 ); + } +#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ + + return( 0 ); +} + const int *mbedtls_ssl_list_ciphersuites( void ) { /* @@ -2202,14 +2217,12 @@ const int *mbedtls_ssl_list_ciphersuites( void ) *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; p++ ) { -#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) const mbedtls_ssl_ciphersuite_t *cs_info; if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && - cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 ) -#else - if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL ) -#endif + !ciphersuite_is_removed( cs_info ) ) + { *(q++) = *p; + } } *q = 0; diff --git a/library/version_features.c b/library/version_features.c index 61094d4ed..57be0f345 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -303,6 +303,9 @@ static const char *features[] = { #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) "MBEDTLS_REMOVE_ARC4_CIPHERSUITES", #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ +#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) + "MBEDTLS_REMOVE_3DES_CIPHERSUITES", +#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) "MBEDTLS_ECP_DP_SECP192R1_ENABLED", #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ diff --git a/scripts/config.pl b/scripts/config.pl index 18e1dc8be..84069d231 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -30,6 +30,7 @@ # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_PSA_CRYPTO_C # MBEDTLS_REMOVE_ARC4_CIPHERSUITES +# MBEDTLS_REMOVE_3DES_CIPHERSUITES # MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_RSA_NO_CRT # MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -98,6 +99,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_PSA_CRYPTO_C MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES +MBEDTLS_REMOVE_3DES_CIPHERSUITES MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION From 22a8905686836b79db01363fc29c462c9dcd8cd2 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Nov 2018 20:57:49 +0000 Subject: [PATCH 2/8] Fix wording of ChangeLog and 3DES_REMOVE docs --- ChangeLog | 11 ++++++----- include/mbedtls/config.h | 7 +++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index abd12d5b5..ee500131c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,12 @@ Features at the cost of additional lifetime constraints on the input buffer, but at the benefit of reduced RAM consumption. * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites - from the default list (inactive by default). + from the default list (enabled by default). See + https://sweet32.info/SWEET32_CCS16.pdf. + +API Changes + * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. + See the Features section for more information. Bugfix * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined @@ -53,10 +58,6 @@ Changes * Ensure that ssl-opt.h can be run in OS X. #2029 * Ciphersuites based on 3DES now have the lowest priority by default. -API Changes - * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. - See the Features section for more information. - = mbed TLS 2.16.0 branch released 2018-12-21 Features diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 131ef232b..7f38ab9e0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -696,6 +696,13 @@ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * them explicitly. * + * A man-in-the browser attacker can recover authentication tokens sent through + * a TLS connection using a 3DES based cipher suite (see "On the Practical + * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan + * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls + * in your threat model or you are unsure, then you should keep this option + * enabled to remove 3DES based cipher suites. + * * Comment this macro to keep 3DES in the default ciphersuite list. */ #define MBEDTLS_REMOVE_3DES_CIPHERSUITES From 2dadab7d3fc1364b558a3f0136941d6d39a9a294 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 8 Jan 2019 21:42:27 +0000 Subject: [PATCH 3/8] Exclude 3DES tests in test scripts --- tests/compat.sh | 2 +- tests/scripts/all.sh | 4 ++-- tests/scripts/basic-build-test.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 181452803..cadc5780b 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -62,7 +62,7 @@ FILTER="" # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) # - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 # - ChachaPoly: requires OpenSSL >= 1.1.0 -EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' +EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 26881595a..f1c0a2705 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -730,8 +730,8 @@ component_test_full_cmake_clang () { msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' - msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' msg "test: compat.sh ARIA + ChachaPoly" if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 28fc68747..003ebda25 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -91,7 +91,7 @@ OPENSSL_CMD="$OPENSSL_LEGACY" \ OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + sh compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ tee -a compat-test-$TEST_OUTPUT OPENSSL_CMD="$OPENSSL_NEXT" \ sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \ From bdfba79f0dd78e8ec1bcaebb8acb0e24709ce9c7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 11 Feb 2019 21:47:30 +0000 Subject: [PATCH 4/8] Fix documentation for 3DES removal --- include/mbedtls/config.h | 2 +- tests/compat.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 7f38ab9e0..c8a0d99a2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -696,7 +696,7 @@ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * them explicitly. * - * A man-in-the browser attacker can recover authentication tokens sent through + * A man-in-the-browser attacker can recover authentication tokens sent through * a TLS connection using a 3DES based cipher suite (see "On the Practical * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls diff --git a/tests/compat.sh b/tests/compat.sh index cadc5780b..c3939b884 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -62,6 +62,7 @@ FILTER="" # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) # - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 # - ChachaPoly: requires OpenSSL >= 1.1.0 +# - 3DES: not in default config EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' VERBOSE="" MEMCHECK=0 From f8dffb3f34a9df0b1d5c710d132da56b14dda32d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 19 Feb 2019 20:14:00 +0000 Subject: [PATCH 5/8] Clarify 3DES changes in ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ee500131c..0db29b15e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,7 +56,8 @@ Changes underlying OS actually guarantees. * Fix configuration queries in ssl-opt.h. #2030 * Ensure that ssl-opt.h can be run in OS X. #2029 - * Ciphersuites based on 3DES now have the lowest priority by default. + * Ciphersuites based on 3DES now have the lowest priority by default when + they are enabled. = mbed TLS 2.16.0 branch released 2018-12-21 From 419bd0011f1aa474ea2b73cb38e5a2d93c35caa2 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 19 Feb 2019 20:20:57 +0000 Subject: [PATCH 6/8] Adjust DES exclude lists in test scripts --- tests/compat.sh | 2 +- tests/scripts/all.sh | 2 +- tests/scripts/basic-build-test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index c3939b884..0eae1eab3 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -63,7 +63,7 @@ FILTER="" # - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 # - ChachaPoly: requires OpenSSL >= 1.1.0 # - 3DES: not in default config -EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' +EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f1c0a2705..734af65c4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -731,7 +731,7 @@ component_test_full_cmake_clang () { if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' msg "test: compat.sh ARIA + ChachaPoly" if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 003ebda25..ab95e2290 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -91,7 +91,7 @@ OPENSSL_CMD="$OPENSSL_LEGACY" \ OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ tee -a compat-test-$TEST_OUTPUT OPENSSL_CMD="$OPENSSL_NEXT" \ sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \ From aa946b2d49969e47698a95cd6e77808426b2842d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 1 Mar 2019 10:14:58 +0100 Subject: [PATCH 7/8] Fix failure in SSLv3 per-version suites test The test used 3DES as the suite for SSLv3, which now makes the handshake fails with "no ciphersuite in common", failing the test as well. Use Camellia instead (as there are not enough AES ciphersuites before TLS 1.2 to distinguish between the 3 versions). Document some dependencies, but not all. Just trying to avoid introducing new issues by using a new cipher here, not trying to make it perfect, which is a much larger task out of scope of this commit. --- tests/ssl-opt.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ff05f6493..f3e12d81d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4341,26 +4341,37 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Tests for ciphersuites per version requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: SSL3" \ - "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ 0 \ - -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" + -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.0" \ - "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1 arc4=1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.1" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.2" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_2" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" From 56b9a939a01b8655109d92a9024c5cc9827b423e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 1 Mar 2019 10:23:46 +0100 Subject: [PATCH 8/8] Update query_config.c --- programs/ssl/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 329a5dfee..1c3da54e5 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -850,6 +850,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ +#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) + if( strcmp( "MBEDTLS_REMOVE_3DES_CIPHERSUITES", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_3DES_CIPHERSUITES ); + return( 0 ); + } +#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ + #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 ) {