[exim-cvs] OpenSSL: TLSv1.3 notes

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] OpenSSL: TLSv1.3 notes
Gitweb: https://git.exim.org/exim.git/commitdiff/0c3807a8165cbc982f330831a429571f2ff7beec
Commit:     0c3807a8165cbc982f330831a429571f2ff7beec
Parent:     7a8b95190c22a8176c583985a41beb3e9ae831cd
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Jun 20 20:28:54 2018 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jun 20 20:57:02 2018 +0100


    OpenSSL: TLSv1.3 notes
---
 doc/doc-docbook/spec.xfpt | 17 ++++++++++++++++-
 src/src/tls-openssl.c     |  4 ++++
 test/runtest              |  7 ++++++-
 3 files changed, 26 insertions(+), 2 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7ae09cf..daaf003 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27417,7 +27417,10 @@ the size of the generated prime, so it might still be too large.
.oindex "&%tls_require_ciphers%&" "OpenSSL"
There is a function in the OpenSSL library that can be passed a list of cipher
suites before the cipher negotiation takes place. This specifies which ciphers
-are acceptable. The list is colon separated and may contain names like
+.new
+are acceptable for TLS versions prior to 1.3.
+.wen
+The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
directly to this function call.
Many systems will install the OpenSSL manual-pages, so you may have
@@ -27482,6 +27485,18 @@ This example will prefer ECDSA-authenticated ciphers over RSA ones:
tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
.endd

+.new
+For TLS version 1.3 the control available is less fine-grained
+and Exim does not provide access to it at present.
+The value of the &%tls_require_ciphers%& option is ignored when
+TLS version 1.3 is negociated.
+
+As of writing the library default cipher suite list for TLSv1.3 is
+.code
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+.endd
+.wen
+

 .section "Requiring specific ciphers or other parameters in GnuTLS" &&&
          "SECTreqciphgnu"
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7e6524d..e7bba02 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1999,6 +1999,10 @@ if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr)
 /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
 were historically separated by underscores. So that I can use either form in my
 tests, and also for general convenience, we turn underscores into hyphens here.
+
+XXX SSL_CTX_set_cipher_list() is replaced by SSL_CTX_set_ciphersuites()
+for TLS 1.3 .  Since we do not call it at present we get the default list:
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
 */


if (expciphers)
diff --git a/test/runtest b/test/runtest
index 0dc3cca..a35796c 100755
--- a/test/runtest
+++ b/test/runtest
@@ -544,6 +544,7 @@ RESET_AFTER_EXTRA_LINE_READ:
# TLSv1.1:AES256-SHA:256
# TLSv1.2:AES256-GCM-SHA384:256
# TLSv1.2:DHE-RSA-AES256-SHA:256
+ # TLSv1.3:TLS_AES_256_GCM_SHA384:256
# TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
# We also need to handle the ciphersuite without the TLS part present, for
# client-ssl's output. We also see some older forced ciphersuites, but
@@ -553,10 +554,14 @@ RESET_AFTER_EXTRA_LINE_READ:
#
# Retain the authentication algorith field as we want to test that.

- s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg;
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;

+ # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
+ # as it seems the protocol no longer supports a user choice.
+ s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256
# TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256