diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-15 08:43:28 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-15 09:24:36 +0200 |
commit | ec84ab047cbb46d1acaf26cf1ab8b6f38f85a3bb (patch) | |
tree | c637b7d591782c02dc7d21df4489aba005862fb1 | |
parent | fe73839ed232142b174abea9e0a735ea4c0d930c (diff) | |
download | gnutls-tmp-equalize-priorities.tar.gz |
priorities: cipher priorities were made consistent with the 3.6.x branchtmp-equalize-priorities
Current settings in NORMAL priorities which were affected:
* Enabled ciphers:
- AES-GCM
- CHACHA20-POLY1305
- AES-CCM
- AES-CBC
Removed:
* Ciphersuites utilizing CAMELLIA were removed.
That also reduces the size of the client hello which when large
could cause issues with pick middle-boxes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 10 | ||||
-rw-r--r-- | lib/priority.c | 18 | ||||
-rw-r--r-- | tests/priorities.c | 26 |
3 files changed, 18 insertions, 36 deletions
@@ -13,17 +13,17 @@ See the end for copying conditions. ** libgnutls: Corrected infinite loop when an incorrect PIN was provided via pin-value or pin-source. +** Made priorities of cipher algorithms consistent with the 3.6.x branch; the CAMELLIA + ciphers as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the + default priority strings, as they are undefined under TLS1.3 and they provide no advantage + over other options in earlier protocols. + ** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen and Adi Shamir reported that the existing counter-measures had certain issues and were insufficient when the attacker could access the cache and perform chosen- plaintext. This affected the legacy CBC ciphersuites when the encrypt-then-MAC TLS feature was not supported by the peer. -** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default - priority strings. They are not necessary for compatibility or other purpose and - provide no advantage over their SHA1 counter-parts, as they all depend on the legacy - TLS CBC block mode. - ** API and ABI modifications: No changes since last version. diff --git a/lib/priority.c b/lib/priority.c index 7ce44c7cf4..75929eda42 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -238,12 +238,8 @@ static const int _cipher_priority_performance_default[] = { GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_3DES_CBC, 0 }; @@ -254,12 +250,8 @@ static const int _cipher_priority_performance_no_aesni[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_3DES_CBC, 0 }; @@ -271,19 +263,15 @@ static const int _cipher_priority_performance_no_aesni[] = { */ static const int _cipher_priority_normal_default[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_3DES_CBC, 0 @@ -330,16 +318,12 @@ static const int* cipher_priority_suiteb192 = _cipher_priority_suiteb192; static const int _cipher_priority_secure128[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_AES_128_CCM, 0 }; @@ -348,10 +332,8 @@ static const int *cipher_priority_secure128 = _cipher_priority_secure128; static const int _cipher_priority_secure192[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_256_CCM, 0 }; diff --git a/tests/priorities.c b/tests/priorities.c index 0c423b5bae..f5952d2a8e 100644 --- a/tests/priorities.c +++ b/tests/priorities.c @@ -93,29 +93,29 @@ try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers, unsi void doit(void) { - const int normal = 41; + const int normal = 29; const int null = 4; - const int sec128 = 37; + const int sec128 = 25; #ifdef ENABLE_FIPS140 exit(77); #endif - try_prio("PFS", 30, 12, __LINE__); - try_prio("NORMAL", normal, 12, __LINE__); - try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 12, __LINE__); - try_prio("NORMAL:+CIPHER-ALL", normal, 12, __LINE__); /* all (except null) */ + try_prio("PFS", 22, 8, __LINE__); + try_prio("NORMAL", normal, 8, __LINE__); + try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 8, __LINE__); + try_prio("NORMAL:+CIPHER-ALL", normal, 8, __LINE__); /* all (except null) */ try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__); /* null */ - try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 13, __LINE__); /* should be null + all */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 9, __LINE__); /* should be null + all */ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 4, 1, __LINE__); /* should be null + all */ - try_prio("PERFORMANCE", normal, 12, __LINE__); - try_prio("SECURE256", 14, 6, __LINE__); - try_prio("SECURE128", sec128, 11, __LINE__); - try_prio("SECURE128:+SECURE256", sec128, 11, __LINE__); /* should be the same as SECURE128 */ - try_prio("SECURE128:+SECURE256:+NORMAL", normal, 12, __LINE__); /* should be the same as NORMAL */ + try_prio("PERFORMANCE", normal, 8, __LINE__); + try_prio("SECURE256", 10, 4, __LINE__); + try_prio("SECURE128", sec128, 7, __LINE__); + try_prio("SECURE128:+SECURE256", sec128, 7, __LINE__); /* should be the same as SECURE128 */ + try_prio("SECURE128:+SECURE256:+NORMAL", normal, 8, __LINE__); /* should be the same as NORMAL */ try_prio("SUITEB192", 1, 1, __LINE__); try_prio("SUITEB128", 2, 2, __LINE__); /* check legacy strings */ - try_prio("NORMAL:+RSA-EXPORT:+ARCFOUR-40", normal, 12, __LINE__); + try_prio("NORMAL:+RSA-EXPORT:+ARCFOUR-40", normal, 8, __LINE__); } |