TLS server: enforce minimal TLS version and no compression

Server side now enforces security requirements from
draft-ietf-dprive-dtls-and-tls-profiles-11 section 9

diff --git a/daemon/tls.c b/daemon/tls.c
index 8e077955d3386891fa0a16d97cc4fb69e4f05a94..3031542c94adebfd8ba1569ad72c16a1a67d155c 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 American Civil Liberties Union (ACLU)
- *               2016 CZ.NIC, z.s.p.o
+ *               2016-2018 CZ.NIC, z.s.p.o
  * 
  * Initial Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  *                 Ondřej Surý <ondrej@sury.org>
@@ -37,7 +37,13 @@
 
 #define EPHEMERAL_CERT_EXPIRATION_SECONDS_RENEW_BEFORE 60*60*24*7
 
-static const char *priorities = "NORMAL";
+/* Mandatory security settings from
+ * https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-11#section-9
+ * Performance optimizations are not implemented at the moment. */
+static const char *priorities = "@SYSTEM:" /* GnuTLS system-wide settings*/
+                               "-VERS-DTLS-ALL:" /* we do not support DTLS yet */
+                               "-VERS-TLS1.0:-VERS-TLS1.1:" /* TLS 1.2 and higher */
+                               "-COMP-ALL:+COMP-NULL"; /* no compression*/
 
 /* gnutls_record_recv and gnutls_record_send */
 struct tls_ctx_t {