### Changes between 3.5 and 3.6 [xx XXX xxxx]
+ * Introduce SSL_OP_SERVER_PREFERENCE superceding misleadingly
+ named SSL_OP_CIPHER_SERVER_PREFERENCE.
+
+ *Michael Baentsch*
+
* Introduces use of `<stdbool.h>` when handling JSON encoding in
the OpenSSL codebase, replacing the previous use of `int` for
these boolean values.
opts |= SSL_OP_NO_RENEGOTIATION;
/*
- * Most servers elect to use their own cipher preference rather than that of
- * the client.
+ * Most servers elect to use their own cipher or group preference rather
+ * than that of the client.
*/
- opts |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ opts |= SSL_OP_SERVER_PREFERENCE;
/* Apply the selection options */
SSL_CTX_set_options(ctx, opts);
Options we explicitly want to support:
-- `SSL_OP_CIPHER_SERVER_PREFERENCE`
+- `SSL_OP_SERVER_PREFERENCE`
- `SSL_OP_DISABLE_TLSEXT_CA_NAMES`
- `SSL_OP_NO_TX_CERTIFICATE_COMPRESSION`
- `SSL_OP_NO_RX_CERTIFICATE_COMPRESSION`
Use server and not client preference order when determining which cipher suite,
signature algorithm or elliptic curve to use for an incoming connection.
-Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
+Equivalent to B<SSL_OP_SERVER_PREFERENCE>. Only used by servers.
=item B<-client_renegotiation>
B<ServerPreference>: use server and not client preference order when
determining which cipher suite, signature algorithm or elliptic curve
to use for an incoming connection. Equivalent to
-B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
+B<SSL_OP_SERVER_PREFERENCE>. Only used by servers.
B<PrioritizeChaCha>: prioritizes ChaCha ciphers when the client has a
ChaCha20 cipher at the top of its preference list. This usually indicates
determined by the order of the elements in the array.
For a TLS 1.2 server, the groups determine the selected group. If
-B<SSL_OP_CIPHER_SERVER_PREFERENCE> is set, the order of the elements in the
+B<SSL_OP_SERVER_PREFERENCE> is set, the order of the elements in the
array determines the selected group. Otherwise, the order is ignored and the
client's order determines the selection.
is used for the key agreement. The preference order of the group tuples is determined
by the order of the tuples in the array, and the preference order of the groups within
a group tuple is determined by the order of the groups in the tuple. Server preference
-can be enforced by setting B<SSL_OP_CIPHER_SERVER_PREFERENCE> using
+can be enforced by setting B<SSL_OP_SERVER_PREFERENCE> using
B<SSL_set_options> (default: client preference).
The server will select the group to be used for a key agreement using the following
IF current key-share group is also part of current group tuple: SH, return success
FOR each client supported groups
IF current supported group is also part of current group tuple: HRR, return success
- ELSE (= server preference = with SSL_OP_CIPHER_SERVER_PREFERENCE option set)
+ ELSE (= server preference = with SSL_OP_SERVER_PREFERENCE option set)
FOR each group in current tuple
IF current group is also part of client key-share groups: SH, return success
FOR each group in current tuple
The supported signature algorithms set by a server are not sent to the
client but are used to determine the set of shared signature algorithms
-and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE)
-their order.
+and (if server preferences are set with SSL_OP_SERVER_PREFERENCE) their
+order.
The client authentication signature algorithms set by a server are sent
in a certificate request message if client authentication is enabled,
Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
servers. See the B<SECURE RENEGOTIATION> section for more details.
-=item SSL_OP_CIPHER_SERVER_PREFERENCE
+=item SSL_OP_SERVER_PREFERENCE
-When choosing a cipher, use the server's preferences instead of the client
-preferences. When not set, the SSL server will always follow the clients
-preferences. When set, the SSL/TLS server will choose following its
-own preferences.
+When choosing a cipher, signature, (TLS 1.2) curve or (TLS 1.3) group, use the
+server's preferences instead of the client preferences. When not set, the SSL
+server will always follow the clients preferences. When set, the SSL/TLS server
+will choose following its own preferences.
+Use of the old but somewhat misleading name SSL_OP_CIPHER_SERVER_PREFERENCE
+is still possible but discouraged.
=item SSL_OP_CISCO_ANYCONNECT
=item SSL_OP_PRIORITIZE_CHACHA
-When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize
+When SSL_OP_SERVER_PREFERENCE is set, temporarily reprioritize
ChaCha20-Poly1305 ciphers to the top of the server cipher list if a
ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps
those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere
in the server cipher list; but still allows other clients to use AES and other
-ciphers. Requires B<SSL_OP_CIPHER_SERVER_PREFERENCE>.
+ciphers. Requires B<SSL_OP_SERVER_PREFERENCE>.
=item SSL_OP_TLS_ROLLBACK_BUG
in preprocessor C<#if> conditions. However it is still possible to test
whether these macros are defined or not.
+As of OpenSSL 3.6, use of the B<SSL_OP_CIPHER_SERVER_PREFERENCE> constant
+is discouraged and its semantics became available using the more aptly named
+B<SSL_OP_SERVER_PREFERENCE> constant.
+
=head1 COPYRIGHT
Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
opts |= SSL_OP_NO_RENEGOTIATION;
/*
- * Most servers elect to use their own cipher preference rather than that of
- * the client.
+ * Most servers elect to use their own cipher or group preference rather than
+ * that of the client.
*/
- opts |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ opts |= SSL_OP_SERVER_PREFERENCE;
/* Apply the selection options */
SSL_CTX_set_options(ctx, opts);
# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20)
/*
* Prioritize Chacha20Poly1305 when client does.
- * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE
+ * Modifies SSL_OP_SERVER_PREFERENCE
*/
# define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21)
/*
- * Set on servers to choose the cipher according to server's preferences.
+ * Set on servers to choose cipher, curve or group according to server's
+ * preferences.
*/
-# define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22)
+# define SSL_OP_SERVER_PREFERENCE SSL_OP_BIT(22)
+ /* Equivalent definition for backwards compatibility: */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_SERVER_PREFERENCE
/*
* If set, a server will allow a client to issue an SSLv3.0 version
* number as latest version supported in the premaster secret, even when
if (tls1_suiteb(s)) {
prio = srvr;
allow = clnt;
- } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ } else if (s->options & SSL_OP_SERVER_PREFERENCE) {
prio = srvr;
allow = clnt;
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
- SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
+ SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_SERVER_PREFERENCE),
SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation",
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
{SSL_OP_NO_RX_CERTIFICATE_COMPRESSION, SSL_TFLAG_INV}, /* rx_cert_comp */
{SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
{SSL_OP_NO_TICKET, 0}, /* no_ticket */
- {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
+ {SSL_OP_SERVER_PREFERENCE, 0}, /* serverpref */
/* legacy_renegotiation */
{SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
/* Allow client renegotiation */
#define OSSL_QUIC_PERMITTED_OPTIONS_CONN \
(OSSL_LEGACY_SSL_OPTIONS | \
OSSL_TLS1_2_OPTIONS | \
- SSL_OP_CIPHER_SERVER_PREFERENCE | \
+ SSL_OP_SERVER_PREFERENCE | \
SSL_OP_DISABLE_TLSEXT_CA_NAMES | \
SSL_OP_NO_TX_CERTIFICATE_COMPRESSION | \
SSL_OP_NO_RX_CERTIFICATE_COMPRESSION | \
int prio_group_idx = 0, candidate_group_idx = 0;
/* Server or client preference ? */
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ if (s->options & SSL_OP_SERVER_PREFERENCE) {
/* Server preference */
/* Is there overlap with a key share group? */
check_overlap(s,
* If server preference set, our groups are the preference order
* otherwise peer decides.
*/
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ if (s->options & SSL_OP_SERVER_PREFERENCE) {
tls1_get_supported_groups(s, &pref, &num_pref);
tls1_get_peer_groups(s, &supp, &num_supp);
} else {
conflen = c->conf_sigalgslen;
} else
conflen = tls12_get_psigalgs(s, 0, &conf);
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
+ if (s->options & SSL_OP_SERVER_PREFERENCE || is_suiteb) {
pref = conf;
preflen = conflen;
allow = s->s3.tmp.peer_sigalgs;
TEST_true_or_end(SSL_CTX_set_min_proto_version(client_ctx, TLS1_3_VERSION));
TEST_true_or_end(SSL_CTX_set_min_proto_version(server_ctx, TLS1_3_VERSION));
if (current_test_vector->preference == SERVER_PREFERENCE)
- SSL_CTX_set_options(server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ SSL_CTX_set_options(server_ctx, SSL_OP_SERVER_PREFERENCE);
}
/* Creation of the SSL objects */
if (!TEST_true(create_ssl_objects(server_ctx, client_ctx,
TEST_true_or_end(SSL_set_min_proto_version(serverssl, TLS1_3_VERSION));
if (current_test_vector->preference == SERVER_PREFERENCE)
- SSL_set_options(serverssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ SSL_set_options(serverssl, SSL_OP_SERVER_PREFERENCE);
}
/* We set the message callback on the client side (which checks SH/HRR) */
projects / thirdparty / openssl.git / commitdiff
