priorities: hmac-sha256 ciphersuites were removed from defaults

These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-06-06 09:25:20 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-12 09:31:03 +0200
commit: 62248b6adf0c11d469b04b4bf58aa97deff5a813 (patch)
tree: 0c17eae21180e9525b8a38facd6c73ae4ffdd38d
parent: 70ebf53b9e19596660b27c3522e8596a31fab4b7 (diff)
download: gnutls-62248b6adf0c11d469b04b4bf58aa97deff5a813.tar.gz
5 files changed, 13 insertions, 17 deletions
diff --git a/NEWS b/NEWS
index 53c9601d21..4dc1c24463 100644
--- a/NEWS
+++ b/NEWS
@@ -25,7 +25,7 @@ See the end for copying conditions.
    with an anonymous credentials structure.
 
 ** Provide a uniform cipher list across different protocols; the CAMELLIA ciphers
-   as well as ciphers utilizing HMAC-SHA384 have been removed from the default
+   as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
    priority strings.
 
 ** libgnutls: Introduced low-level function to assist applications attempting client
diff --git a/lib/priority.c b/lib/priority.c
index 0dc39f362c..1ebd6b4695 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -455,14 +455,12 @@ static const int* sign_priority_secure192 = _sign_priority_secure192;
 
 static const int mac_priority_normal_default[] = {
 	GNUTLS_MAC_SHA1,
-	GNUTLS_MAC_SHA256,
 	GNUTLS_MAC_AEAD,
 	0
 };
 
 static const int mac_priority_normal_fips[] = {
 	GNUTLS_MAC_SHA1,
-	GNUTLS_MAC_SHA256,
 	GNUTLS_MAC_AEAD,
 	0
 };
@@ -496,14 +494,12 @@ static const int* mac_priority_suiteb = _mac_priority_suiteb;
 
 static const int _mac_priority_secure128[] = {
 	GNUTLS_MAC_SHA1,
-	GNUTLS_MAC_SHA256,
 	GNUTLS_MAC_AEAD,
 	0
 };
 static const int* mac_priority_secure128 = _mac_priority_secure128;
 
 static const int _mac_priority_secure192[] = {
-	GNUTLS_MAC_SHA256,
 	GNUTLS_MAC_AEAD,
 	0
 };
diff --git a/tests/dtls1-2-mtu-check.c b/tests/dtls1-2-mtu-check.c
index 707fa32e37..460aa9442b 100644
--- a/tests/dtls1-2-mtu-check.c
+++ b/tests/dtls1-2-mtu-check.c
@@ -79,7 +79,7 @@ static void dtls_mtu_try(const char *name, const char *client_prio,
 				serverx509cred);
 
 	assert(gnutls_priority_set_direct(server,
-				   "NORMAL:+ANON-ECDH:+ANON-DH:+3DES-CBC:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519",
+				   "NORMAL:+ANON-ECDH:+ANON-DH:+3DES-CBC:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+SHA256:+CURVE-X25519",
 				   NULL) >= 0);
 	gnutls_transport_set_push_function(server, server_push);
 	gnutls_transport_set_pull_function(server, server_pull);
diff --git a/tests/priorities.c b/tests/priorities.c
index 1f85d7966f..3cbde6e566 100644
--- a/tests/priorities.c
+++ b/tests/priorities.c
@@ -113,19 +113,19 @@ try_prio_err(const char *prio, int err)
 
 void doit(void)
 {
-	const int null = 4;
-	int sec128_cs = 31;
-	int sec256_cs = 12;
-	int normal_cs = 31;
+	const int null = 3;
+	int sec128_cs = 25;
+	int sec256_cs = 10;
+	int normal_cs = 25;
 	int normal_ciphers = 7;
-	int pfs_cs = 23;
+	int pfs_cs = 19;
 
 	if (gnutls_fips140_mode_enabled()) {
-		normal_cs = 28;
+		normal_cs = 22;
 		normal_ciphers = 6;
 		pfs_cs = 22;
-		sec256_cs = 9;
-		sec128_cs = 28;
+		sec256_cs = 7;
+		sec128_cs = 22;
 	}
 
 	try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__);
@@ -136,7 +136,7 @@ void doit(void)
 		try_prio("NORMAL:+CIPHER-ALL", normal_cs, 7, __LINE__);	/* all (except null) */
 		try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__);	/* null */
 		try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal_cs + null, 8, __LINE__);	/* should be null + all */
-		try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 8, 1, __LINE__);	/* should be null + all */
+		try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 4, 1, __LINE__);	/* should be null + all */
 	}
 
 	try_prio("PERFORMANCE", normal_cs, normal_ciphers, __LINE__);
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
index 62d75344f7..b4b7c10883 100755
--- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
+++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh
@@ -49,10 +49,10 @@ wait_for_free_port $PORT
 
 retval=0
 
-PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0"
+PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0:+SHA256"
 ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1
 if test $? != 0;then
-	PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0"
+	PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0:+SHA256"
 fi
 
 TLS_PY=./tlslite-ng/scripts/tls.py
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-06 09:25:20 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-12 09:31:03 +0200
commit	62248b6adf0c11d469b04b4bf58aa97deff5a813 (patch)
tree	0c17eae21180e9525b8a38facd6c73ae4ffdd38d
parent	70ebf53b9e19596660b27c3522e8596a31fab4b7 (diff)
download	gnutls-62248b6adf0c11d469b04b4bf58aa97deff5a813.tar.gz