From c85c1e08ce4148b64a80497525fa5e5efc87d13a Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 8 Mar 2015 15:11:33 +0100 Subject: [PATCH] Disable export and SSLv2 ciphers by default They are moved to the COMPLEMENTOFDEFAULT instead. Reviewed-by: Dr. Stephen Henson --- CHANGES | 3 ++- doc/apps/ciphers.pod | 2 +- ssl/ssl.h | 3 +-- ssl/ssl_ciph.c | 16 +++++++++++++--- ssl/ssl_lib.c | 1 + 5 files changed, 18 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 71856bed25..c2a3931185 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx] - *) + *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers + [Kurt Roeckx] Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015] diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 694e433ef3..01d31ddfca 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings. =item B the default cipher list. This is determined at compile time and is normally -B. This must be the first cipher string +B. This must be the first cipher string specified. =item B diff --git a/ssl/ssl.h b/ssl/ssl.h index 29f8870c85..ee9944f9cb 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -323,8 +323,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -/* low priority for RC4 */ -# define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH" /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 33a472e72a..773a5d1c96 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -174,12 +174,11 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL}, /* - * TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC - * cipher suites handled properly. + * TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly. */ /* COMPLEMENT OF ALL */ {0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0}, - {0, SSL_TXT_CMPDEF, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK, 0}, + {0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0}, /* VRS Kerberos5 */ {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0}, {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0}, @@ -636,6 +635,15 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, curr2 = curr->next; cp = curr->cipher; + /* Special case: only satisfied by COMPLEMENTOFDEFAULT */ + if (algo_strength == SSL_EXP_MASK) { + if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2 + || cp->algorithms & SSL_aNULL) + && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH))) + goto ok; + else + continue; + } /* * If explicit cipher suite, match only that one for its own protocol @@ -675,6 +683,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, } else if (strength_bits != cp->strength_bits) continue; /* does not apply */ + ok: + #ifdef CIPHER_DEBUG printf("Action = %d\n", rule); #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bdbea75a0b..7182bd2257 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1562,6 +1562,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ssl_create_cipher_list(ret->method, &ret->cipher_list, &ret->cipher_list_by_id, + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); -- 2.39.2