openssl, wolfssl: match mbedTLS ciphersuite list

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Use the same ciphersuite list as mbedTLS.
wolfssl was not honoring setting the minimum protocol with
SSL_CTX_set_options, so we must use TLSv1_2_server_method.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

1 files changed, 54 insertions, 6 deletions

diff --git a/ustream-openssl.c b/ustream-openssl.c
index c6839ea..7c72ce1 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -22,6 +22,53 @@
 #include "ustream-ssl.h"
 #include "ustream-internal.h"
 
+
+/* Ciphersuite preference:
+ * - key exchange: prefer ECDHE, then DHE(client only), then RSA
+ * - prefer AEAD ciphers:
+ *   	chacha20-poly1305, the fastest in software, 256-bits
+ * 	aes128-gcm, 128-bits
+ * 	aes256-gcm, 256-bits
+ * - CBC ciphers
+ *	aes128, aes256, 3DES(client only)
+ */
+
+#define ecdhe_ciphers							\
+				"ECDHE-ECDSA-CHACHA20-POLY1305:"	\
+				"ECDHE-ECDSA-AES128-GCM-SHA256:"	\
+				"ECDHE-ECDSA-AES256-GCM-SHA384:"	\
+				"ECDHE-ECDSA-AES128-SHA:"		\
+				"ECDHE-ECDSA-AES256-SHA:"		\
+				"ECDHE-RSA-CHACHA20-POLY1305:"		\
+				"ECDHE-RSA-AES128-GCM-SHA256:"		\
+				"ECDHE-RSA-AES256-GCM-SHA384:"		\
+				"ECDHE-RSA-AES128-SHA:"			\
+				"ECDHE-RSA-AES256-SHA"
+
+#define dhe_ciphers							\
+				"DHE-RSA-CHACHA20-POLY1305:"		\
+				"DHE-RSA-AES128-GCM-SHA256:"		\
+				"DHE-RSA-AES256-GCM-SHA384:"		\
+				"DHE-RSA-AES128-SHA:"			\
+				"DHE-RSA-AES256-SHA:"			\
+				"DHE-DES-CBC3-SHA"
+
+#define non_pfs_aes							\
+				"AES128-GCM-SHA256:"			\
+				"AES256-GCM-SHA384:"			\
+				"AES128-SHA:"				\
+				"AES256-SHA"
+
+#define server_cipher_list						\
+				ecdhe_ciphers ":"			\
+				non_pfs_aes
+
+#define client_cipher_list						\
+				ecdhe_ciphers ":"			\
+				dhe_ciphers ":"				\
+				non_pfs_aes ":"				\
+				"DES-CBC3-SHA"
+
 __hidden struct ustream_ssl_ctx *
 __ustream_ssl_context_new(bool server)
 {
@@ -36,7 +83,7 @@ __ustream_ssl_context_new(bool server)
 		SSL_library_init();
 		_init = true;
 	}
-# define TLS_server_method SSLv23_server_method
+# define TLS_server_method TLSv1_2_server_method
 # define TLS_client_method SSLv23_client_method
 #endif
 
@@ -50,17 +97,18 @@ __ustream_ssl_context_new(bool server)
 		return NULL;
 
 	SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
-	SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */
-#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L
+	SSL_CTX_set_options(c, SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_ECDH_USE |
+			       SSL_OP_CIPHER_SERVER_PREFERENCE);
+#if defined(SSL_CTX_set_ecdh_auto) && OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_CTX_set_ecdh_auto(c, 1);
 #endif
 	if (server) {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION);
-#else
-		SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
 #endif
-		SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
+		SSL_CTX_set_cipher_list(c, server_cipher_list);
+	} else {
+		SSL_CTX_set_cipher_list(c, client_cipher_list);
 	}
 	SSL_CTX_set_quiet_shutdown(c, 1);