Gitweb:
https://git.exim.org/exim.git/commitdiff/0c3807a8165cbc982f330831a429571f2ff7beec
Commit: 0c3807a8165cbc982f330831a429571f2ff7beec
Parent: 7a8b95190c22a8176c583985a41beb3e9ae831cd
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jun 20 20:28:54 2018 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jun 20 20:57:02 2018 +0100
OpenSSL: TLSv1.3 notes
---
doc/doc-docbook/spec.xfpt | 17 ++++++++++++++++-
src/src/tls-openssl.c | 4 ++++
test/runtest | 7 ++++++-
3 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7ae09cf..daaf003 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27417,7 +27417,10 @@ the size of the generated prime, so it might still be too large.
.oindex "&%tls_require_ciphers%&" "OpenSSL"
There is a function in the OpenSSL library that can be passed a list of cipher
suites before the cipher negotiation takes place. This specifies which ciphers
-are acceptable. The list is colon separated and may contain names like
+.new
+are acceptable for TLS versions prior to 1.3.
+.wen
+The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
directly to this function call.
Many systems will install the OpenSSL manual-pages, so you may have
@@ -27482,6 +27485,18 @@ This example will prefer ECDSA-authenticated ciphers over RSA ones:
tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
.endd
+.new
+For TLS version 1.3 the control available is less fine-grained
+and Exim does not provide access to it at present.
+The value of the &%tls_require_ciphers%& option is ignored when
+TLS version 1.3 is negociated.
+
+As of writing the library default cipher suite list for TLSv1.3 is
+.code
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+.endd
+.wen
+
.section "Requiring specific ciphers or other parameters in GnuTLS" &&&
"SECTreqciphgnu"
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7e6524d..e7bba02 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1999,6 +1999,10 @@ if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr)
/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
were historically separated by underscores. So that I can use either form in my
tests, and also for general convenience, we turn underscores into hyphens here.
+
+XXX SSL_CTX_set_cipher_list() is replaced by SSL_CTX_set_ciphersuites()
+for TLS 1.3 . Since we do not call it at present we get the default list:
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
*/
if (expciphers)
diff --git a/test/runtest b/test/runtest
index 0dc3cca..a35796c 100755
--- a/test/runtest
+++ b/test/runtest
@@ -544,6 +544,7 @@ RESET_AFTER_EXTRA_LINE_READ:
# TLSv1.1:AES256-SHA:256
# TLSv1.2:AES256-GCM-SHA384:256
# TLSv1.2:DHE-RSA-AES256-SHA:256
+ # TLSv1.3:TLS_AES_256_GCM_SHA384:256
# TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
# We also need to handle the ciphersuite without the TLS part present, for
# client-ssl's output. We also see some older forced ciphersuites, but
@@ -553,10 +554,14 @@ RESET_AFTER_EXTRA_LINE_READ:
#
# Retain the authentication algorith field as we want to test that.
- s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg;
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
+ # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
+ # as it seems the protocol no longer supports a user choice.
+ s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256
# TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256