From 9c80706c488480f07a265238152f69a6aa01b747 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 May 2025 09:01:37 -0400
Subject: [PATCH] Remove attempt to override TLS 1.3 server ciphersuites

This was unnecessary _and_ broken!

It was unnecessary because the default list of TLS 1.3 ciphersuites
has always been pretty reasonable.

It was broken because:
 - SSL_CTX_set_cipher_list only affects the list of TLS 1.2 ciphersuites.
 - There have _never_ been a set of macros  named TLS1_3_TXT_*
   in any openssl version, as far as I can tell.
---
 src/lib/tls/ciphers.inc      | 19 +------------------
 src/lib/tls/tortls_openssl.c | 22 ++++------------------
 2 files changed, 5 insertions(+), 36 deletions(-)

diff --git a/src/lib/tls/ciphers.inc b/src/lib/tls/ciphers.inc
index 0084b3e325..4361ad3892 100644
--- a/src/lib/tls/ciphers.inc
+++ b/src/lib/tls/ciphers.inc
@@ -2,26 +2,9 @@
  * advertise.  Before including it, you should define the CIPHER and XCIPHER
  * macros.
  *
- * This file was automatically generated by get_mozilla_ciphers.py;
- * TLSv1.3 ciphers were added manually.
+ * This file was automatically generated by get_mozilla_ciphers.py.
  */
 
-/* Here are the TLS1.3 ciphers. Note that we don't have XCIPHER instances
- * here, since we don't want to ever fake them.
- */
-#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
-   CIPHER(0x1301, TLS1_3_TXT_AES_128_GCM_SHA256)
-#endif
-#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
-   CIPHER(0x1302, TLS1_3_TXT_AES_256_GCM_SHA384)
-#endif
-#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
-   CIPHER(0x1303, TLS1_3_TXT_CHACHA20_POLY1305_SHA256)
-#endif
-#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
-   CIPHER(0x1304, TLS1_3_TXT_AES_128_CCM_SHA256)
-#endif
-
 /* Here's the machine-generated list. */
 #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
     CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 3e6948f992..1068cc10f1 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -348,23 +348,8 @@ always_accept_verify_cb(int preverify_ok,
   return 1;
 }
 
-/** List of ciphers that servers should select from when we actually have
- * our choice of what cipher to use. */
-static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
-  /* Here are the TLS 1.3 ciphers we like, in the order we prefer. */
-#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
-  TLS1_3_TXT_AES_256_GCM_SHA384 ":"
-#endif
-#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
-  TLS1_3_TXT_CHACHA20_POLY1305_SHA256 ":"
-#endif
-#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
-  TLS1_3_TXT_AES_128_GCM_SHA256 ":"
-#endif
-#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
-  TLS1_3_TXT_AES_128_CCM_SHA256 ":"
-#endif
-
+/** List of ciphers that servers should select from when using TLS 1.2 */
+static const char UNRESTRICTED_TLS1_2_SERVER_CIPHER_LIST[] =
   /* This list is autogenerated with the gen_server_ciphers.py script;
    * don't hand-edit it. */
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
@@ -731,7 +716,7 @@ tor_tls_new(tor_socket_t sock, int isServer)
 #endif /* defined(SSL_CTRL_SET_MAX_PROTO_VERSION) */
 
   if (!SSL_set_cipher_list(result->ssl,
-                           isServer ? UNRESTRICTED_SERVER_CIPHER_LIST
+                           isServer ? UNRESTRICTED_TLS1_2_SERVER_CIPHER_LIST
                                     : CLIENT_CIPHER_LIST)) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "setting ciphers");
 #ifdef SSL_set_tlsext_host_name
@@ -741,6 +726,7 @@ tor_tls_new(tor_socket_t sock, int isServer)
     tor_free(result);
     goto err;
   }
+
   result->socket = sock;
   bio = BIO_new_socket(sock, BIO_CLOSE);
   if (! bio) {
-- 
2.47.2