dtls: bump default maximum protocol version to 1.3 Following successful experiment with WebRTC, we will proceed to bump the default protocol versions. Update-Note: DTLS 1.3 is now enabled by default. Callers that wish to disable DTLS 1.3 can call `SSL_set_max_proto_version` or `SSL_CTX_set_max_proto_version` with `DTLS1_2_VERSION`. Fixed: 382915276 Signed-off-by: Xiangfei Ding <xfding@google.com> Change-Id: I209ada52d9f807004fca511b979a65b96a6a6964 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89327 Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 963c8a6..76e88f7 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc
@@ -432,8 +432,8 @@ }, false, }, - // Although aliases like "RSA" do not match 3DES when adding ciphers, they do - // match it when removing ciphers. + // Although aliases like "RSA" do not match 3DES when adding ciphers, they + // do match it when removing ciphers. { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:RSA:RSA+3DES:!RSA", { @@ -642,7 +642,7 @@ } TEST(SSLTest, CipherRulesDeprecated) { - for (const auto& test : kDeprecatedCBCSHA256Rules) { + for (const auto &test : kDeprecatedCBCSHA256Rules) { SCOPED_TRACE(test.rule); bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx); @@ -852,10 +852,9 @@ // An initial groups list and key shares that are compatible. const uint16_t kGroups1[] = {SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519}; const uint16_t kKeyShares[] = {SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519}; + ASSERT_TRUE(SSL_set1_group_ids(ssl.get(), kGroups1, std::size(kGroups1))); ASSERT_TRUE( - SSL_set1_group_ids(ssl.get(), kGroups1, std::size(kGroups1))); - ASSERT_TRUE(SSL_set1_client_key_shares(ssl.get(), kKeyShares, - std::size(kKeyShares))); + SSL_set1_client_key_shares(ssl.get(), kKeyShares, std::size(kKeyShares))); ASSERT_TRUE(ssl->config->client_key_share_selections.has_value()); EXPECT_EQ(ssl->config->client_key_share_selections->size(), 2u); @@ -863,16 +862,14 @@ // shares. const uint16_t kGroups2[] = {SSL_GROUP_MLKEM1024, SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519}; - ASSERT_TRUE( - SSL_set1_group_ids(ssl.get(), kGroups2, std::size(kGroups2))); + ASSERT_TRUE(SSL_set1_group_ids(ssl.get(), kGroups2, std::size(kGroups2))); ASSERT_TRUE(ssl->config->client_key_share_selections.has_value()); EXPECT_EQ(ssl->config->client_key_share_selections->size(), 2u); // A new groups list that is no longer compatible with the previously set key // shares. const uint16_t kGroups3[] = {SSL_GROUP_MLKEM1024, SSL_GROUP_X25519}; - ASSERT_TRUE( - SSL_set1_group_ids(ssl.get(), kGroups3, std::size(kGroups3))); + ASSERT_TRUE(SSL_set1_group_ids(ssl.get(), kGroups3, std::size(kGroups3))); EXPECT_FALSE(ssl->config->client_key_share_selections.has_value()); } @@ -1323,7 +1320,7 @@ ExpectDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method); ExpectDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method); ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &TLSv1_2_method); - ExpectDefaultVersion(DTLS1_2_VERSION, DTLS1_2_VERSION, &DTLS_method); + ExpectDefaultVersion(DTLS1_2_VERSION, DTLS1_3_VERSION, &DTLS_method); ExpectDefaultVersion(DTLS1_VERSION, DTLS1_VERSION, &DTLSv1_method); ExpectDefaultVersion(DTLS1_2_VERSION, DTLS1_2_VERSION, &DTLSv1_2_method); } @@ -4664,7 +4661,7 @@ // Zero is the default version. EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0)); - EXPECT_EQ(DTLS1_2_VERSION, SSL_CTX_get_max_proto_version(ctx.get())); + EXPECT_EQ(DTLS1_3_VERSION, SSL_CTX_get_max_proto_version(ctx.get())); EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0)); EXPECT_EQ(DTLS1_2_VERSION, SSL_CTX_get_min_proto_version(ctx.get())); } @@ -5551,7 +5548,8 @@ bssl::UniquePtr<SSL_CREDENTIAL> cred2(SSL_CREDENTIAL_new_x509()); ASSERT_TRUE(cred2); - SSL_CTX_set_custom_verify(client_ctx.get(), SSL_VERIFY_PEER, AcceptAnyCertificate); + SSL_CTX_set_custom_verify(client_ctx.get(), SSL_VERIFY_PEER, + AcceptAnyCertificate); // Configure one chain (including the leaf), then replace it with another. ASSERT_TRUE(SSL_CREDENTIAL_set1_cert_chain(cred.get(), wrong_chain.data(), @@ -5593,7 +5591,8 @@ bssl::UniquePtr<SSL> client, server; // With no CA requested by client, we should fail with only cred1 and cred2 - ASSERT_FALSE(ConnectClientAndServer(&client, &server, client_ctx.get(), server_ctx.get())); + ASSERT_FALSE(ConnectClientAndServer(&client, &server, client_ctx.get(), + server_ctx.get())); // Have the client request a bogus name that will not match bssl::UniquePtr<CRYPTO_BUFFER> bogus_subject = GetBogusIssuerBuffer(); @@ -5706,8 +5705,7 @@ bssl::UniquePtr<CRYPTO_BUFFER> pl( CRYPTO_BUFFER_new(kTestProperties1, sizeof(kTestProperties1), nullptr)); ASSERT_TRUE(pl); - EXPECT_TRUE( - SSL_CREDENTIAL_set1_certificate_properties(cred.get(), pl.get())); + EXPECT_TRUE(SSL_CREDENTIAL_set1_certificate_properties(cred.get(), pl.get())); // A CertificatePropertyList containing a trust_anchors property, and an // unknown property 0xbb with 1 byte of data. @@ -5717,13 +5715,12 @@ pl.reset( CRYPTO_BUFFER_new(kTestProperties2, sizeof(kTestProperties2), nullptr)); ASSERT_TRUE(pl); - EXPECT_TRUE( - SSL_CREDENTIAL_set1_certificate_properties(cred.get(), pl.get())); + EXPECT_TRUE(SSL_CREDENTIAL_set1_certificate_properties(cred.get(), pl.get())); // A CertificatePropertyList containing a trust_anchors property, and an // unknown but malformed property 0xbb with missing data. static const uint8_t kTestProperties3[] = {0x00, 0x09, 0x00, 0x00, 0x00, 0x03, - 0xba, 0xdb, 0x0b, 0x00, 0xbb}; + 0xba, 0xdb, 0x0b, 0x00, 0xbb}; pl.reset( CRYPTO_BUFFER_new(kTestProperties3, sizeof(kTestProperties3), nullptr)); ASSERT_TRUE(pl); @@ -5787,8 +5784,7 @@ pl.reset( CRYPTO_BUFFER_new(kTestProperties8, sizeof(kTestProperties8), nullptr)); ASSERT_TRUE(pl); - EXPECT_TRUE( - SSL_CREDENTIAL_set1_certificate_properties(cred.get(), pl.get())); + EXPECT_TRUE(SSL_CREDENTIAL_set1_certificate_properties(cred.get(), pl.get())); } TEST(SSLTest, SetChainAndKeyCtx) { @@ -10225,7 +10221,7 @@ bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx.get()); EXPECT_FALSE(SSL_CTX_use_certificate_file(ctx.get(), file.path().c_str(), - SSL_FILETYPE_PEM)); + SSL_FILETYPE_PEM)); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_PEM, PEM_R_NO_START_LINE)); ERR_clear_error(); } @@ -10245,7 +10241,7 @@ bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx.get()); EXPECT_FALSE(SSL_CTX_use_PrivateKey_file(ctx.get(), file.path().c_str(), - SSL_FILETYPE_PEM)); + SSL_FILETYPE_PEM)); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_PEM, PEM_R_NO_START_LINE)); ERR_clear_error(); } @@ -10255,7 +10251,7 @@ bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx.get()); EXPECT_FALSE(SSL_CTX_use_RSAPrivateKey_file(ctx.get(), file.path().c_str(), - SSL_FILETYPE_PEM)); + SSL_FILETYPE_PEM)); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_PEM, PEM_R_NO_START_LINE)); ERR_clear_error(); } @@ -10768,7 +10764,7 @@ /*epoch=*/3)); read_secret = Span(data, len); ASSERT_TRUE(SSL_get_dtls_write_traffic_secret(client_.get(), &data, &len, - /*epoch=*/3)); + /*epoch=*/3)); write_secret = Span(data, len); } else { ASSERT_TRUE(
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index 31fd241..d472fe1 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc
@@ -22,7 +22,6 @@ #include <openssl/err.h> #include <openssl/span.h> -#include "../crypto/internal.h" #include "internal.h" @@ -98,12 +97,9 @@ }; static const VersionInfo kVersionNames[] = { - {TLS1_3_VERSION, "TLSv1.3"}, - {TLS1_2_VERSION, "TLSv1.2"}, - {TLS1_1_VERSION, "TLSv1.1"}, - {TLS1_VERSION, "TLSv1"}, - {DTLS1_VERSION, "DTLSv1"}, - {DTLS1_2_VERSION, "DTLSv1.2"}, + {TLS1_3_VERSION, "TLSv1.3"}, {TLS1_2_VERSION, "TLSv1.2"}, + {TLS1_1_VERSION, "TLSv1.1"}, {TLS1_VERSION, "TLSv1"}, + {DTLS1_VERSION, "DTLSv1"}, {DTLS1_2_VERSION, "DTLSv1.2"}, {DTLS1_3_VERSION, "DTLSv1.3"}, }; @@ -156,10 +152,8 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out, uint16_t version) { // Zero is interpreted as the default maximum version. - // TODO(crbug.com/382915276): Enable DTLS 1.3 by default, after it's - // successfully shipped in WebRTC. if (version == 0) { - *out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION; + *out = method->is_dtls ? DTLS1_3_VERSION : TLS1_3_VERSION; return true; }
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 377bdd0..abd89db 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc
@@ -2502,11 +2502,6 @@ if (min_version != 0 && !SSL_set_min_proto_version(ssl.get(), min_version)) { return nullptr; } - // TODO(crbug.com/382915276): Remove this once DTLS 1.3 is enabled by default. - if (is_dtls && max_version == 0 && - !SSL_set_max_proto_version(ssl.get(), DTLS1_3_VERSION)) { - return nullptr; - } if (max_version != 0 && !SSL_set_max_proto_version(ssl.get(), max_version)) { return nullptr; }