From: Michael Sweet Date: Fri, 20 Oct 2017 02:44:12 +0000 (-0400) Subject: Fix cipher suite selection with GNU TLS (Issue #5145) X-Git-Tag: v2.2.6~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=02c88e673ea6d700e52fa89ee83aabae905370a8;p=thirdparty%2Fcups.git Fix cipher suite selection with GNU TLS (Issue #5145) Also make sure that client.conf SSLOptions do not override cupsd.conf SSLOptions, and document the (hopefully obvious) fact that Allow* is less secure and Deny* is more secure. - cups/http-private.h: Add "_HTTP_TLS_SET_DEFAULT" flag for options set from client.conf. - cups/tls-*.c: Use new flag. - cups/tls-gnutls.c: Fix CBC cipher suite exclusion logic, and always disable anonymous DH. - cups/usersys.c: Pass new flag when calling _httpTLSSetOptions. - man/*: Update documentation. --- diff --git a/CHANGES.md b/CHANGES.md index 6749b1c6d6..2fdf93e324 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,6 +6,7 @@ Changes in CUPS v2.2.6 ---------------------- - Added USB quirks rules for Canon MP540 and Samsung ML-2160 (Issue #5148) +- Fixed TLS cipher suite selection with GNU TLS (Issue #5145) Changes in CUPS v2.2.5 diff --git a/cups/http-private.h b/cups/http-private.h index 00afed0df1..f71e564b25 100644 --- a/cups/http-private.h +++ b/cups/http-private.h @@ -172,20 +172,20 @@ extern "C" { * Constants... */ - -#define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */ -#define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ -#define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ -#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ -#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ - -#define _HTTP_TLS_NONE 0 /* No TLS options */ -#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ -#define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */ -#define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */ -#define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */ -#define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */ -#define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */ +# define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */ +# define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ +# define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ +# define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ +# define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ + +# define _HTTP_TLS_NONE 0 /* No TLS options */ +# define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ +# define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */ +# define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */ +# define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */ +# define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */ +# define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */ +# define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */ /* diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c index d2d3687a11..92430aca0f 100644 --- a/cups/tls-darwin.c +++ b/cups/tls-darwin.c @@ -1141,7 +1141,8 @@ _httpTLSRead(http_t *http, /* I - HTTP connection */ void _httpTLSSetOptions(int options) /* I - Options */ { - tls_options = options; + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) + tls_options = options; } diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index 3f13760b2b..4c92b68506 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1226,7 +1226,8 @@ _httpTLSSetCredentials(http_t *http) /* I - Connection to server */ void _httpTLSSetOptions(int options) /* I - Options */ { - tls_options = options; + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) + tls_options = options; } @@ -1517,10 +1518,9 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ if (!(tls_options & _HTTP_TLS_ALLOW_RC4)) strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string)); - if (!(tls_options & _HTTP_TLS_ALLOW_DH)) - strlcat(priority_string, ":!ANON-DH", sizeof(priority_string)); + strlcat(priority_string, ":!ANON-DH", sizeof(priority_string)); - if (!(tls_options & _HTTP_TLS_DENY_CBC)) + if (tls_options & _HTTP_TLS_DENY_CBC) strlcat(priority_string, ":!AES-128-CBC:!AES-256-CBC:!CAMELLIA-128-CBC:!CAMELLIA-256-CBC:!3DES-CBC", sizeof(priority_string)); #ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT diff --git a/cups/tls-sspi.c b/cups/tls-sspi.c index 77b883b229..6eaec4c83a 100644 --- a/cups/tls-sspi.c +++ b/cups/tls-sspi.c @@ -2,7 +2,7 @@ * TLS support for CUPS on Windows using the Security Support Provider * Interface (SSPI). * - * Copyright 2010-2015 by Apple Inc. + * Copyright 2010-2017 by Apple Inc. * * These coded instructions, statements, and computer programs are the * property of Apple Inc. and are protected by Federal copyright @@ -913,7 +913,8 @@ _httpTLSRead(http_t *http, /* I - HTTP connection */ void _httpTLSSetOptions(int options) /* I - Options */ { - tls_options = options; + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) + tls_options = options; } diff --git a/cups/usersys.c b/cups/usersys.c index 026b4a7cc4..2a004b5402 100644 --- a/cups/usersys.c +++ b/cups/usersys.c @@ -957,7 +957,7 @@ _cupsSetDefaults(void) cg->validate_certs = cc.validate_certs; #ifdef HAVE_SSL - _httpTLSSetOptions(cc.ssl_options); + _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT); #endif /* HAVE_SSL */ } diff --git a/man/client.conf.man.in b/man/client.conf.man.in index fba9fe9777..c9fb91da28 100644 --- a/man/client.conf.man.in +++ b/man/client.conf.man.in @@ -10,7 +10,7 @@ .\" which should have been included with this file. If this file is .\" file is missing or damaged, see the license at "http://www.cups.org/". .\" -.TH client.conf 5 "CUPS" "26 June 2017" "Apple Inc." +.TH client.conf 5 "CUPS" "19 October 2017" "Apple Inc." .SH NAME client.conf \- client configuration file for cups .SH DESCRIPTION @@ -61,8 +61,10 @@ Specifies the address and optionally the port to use when connecting to a server \fBSSLOptions None\fR Sets encryption options (only in /etc/cups/client.conf). By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. -The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation. -The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. +Security is reduced when \fIAllow\fR options are used. +Security is enhanced when \fIDeny\fR options are used. +The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). +The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. The \fIDenyCBC\fR option disables all CBC cipher suites. The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in index 918bbee7aa..ab89e156a7 100644 --- a/man/cupsd.conf.man.in +++ b/man/cupsd.conf.man.in @@ -10,7 +10,7 @@ .\" which should have been included with this file. If this file is .\" file is missing or damaged, see the license at "http://www.cups.org/". .\" -.TH cupsd.conf 5 "CUPS" "28 August 2017" "Apple Inc." +.TH cupsd.conf 5 "CUPS" "19 October 2017" "Apple Inc." .SH NAME cupsd.conf \- server configuration file for cups .SH DESCRIPTION @@ -445,8 +445,10 @@ Listens on the specified address and port for encrypted connections. \fBSSLOptions None\fR Sets encryption options. By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. -The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation. -The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. +Security is reduced when \fIAllow\fR options are used. +Security is enhanced when \fIDeny\fR options are used. +The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). +The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. The \fIDenyCBC\fR option disables all CBC cipher suites. The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.