Remove RC4 ciphersuites from TLS. For now, they can be restored by compiling with -DBORINGSSL_RC4_TLS. Of note, this means that `MEDIUM' is now empty. Change-Id: Ic77308e7bd4849bdb2b4882c6b34af85089fe3cc Reviewed-on: https://boringssl-review.googlesource.com/10580 Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Matt Braithwaite <mab@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Matt Braithwaite <mab@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 5884d93..5c68f26 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc
@@ -169,9 +169,13 @@ {TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0}, {TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0}, {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, 0}, +#ifdef BORINGSSL_ENABLE_RC4_TLS {TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0}, +#endif {TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0}, +#ifdef BORINGSSL_ENABLE_RC4_TLS {SSL3_CK_RSA_RC4_128_SHA, 0}, +#endif {TLS1_CK_RSA_WITH_AES_128_SHA, 0}, {TLS1_CK_RSA_WITH_AES_256_SHA, 0}, }, @@ -255,7 +259,9 @@ "DEFAULT", "ALL:!eNULL", "ALL:!NULL", +#ifdef BORINGSSL_ENABLE_RC4_TLS "MEDIUM", +#endif "HIGH", "FIPS", "SHA", @@ -269,7 +275,9 @@ static const char *kMustNotIncludeCECPQ1[] = { "ALL", "DEFAULT", +#ifdef BORINGSSL_ENABLE_RC4_TLS "MEDIUM", +#endif "HIGH", "FIPS", "SHA", @@ -735,7 +743,9 @@ static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = { { SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, +#ifdef BORINGSSL_ENABLE_RC4_TLS { SSL3_CK_RSA_RC4_128_MD5, "TLS_RSA_WITH_RC4_MD5" }, +#endif { TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA" }, { TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, { TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, @@ -750,7 +760,9 @@ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, { TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, +#ifdef BORINGSSL_ENABLE_RC4_TLS { TLS1_CK_PSK_WITH_RC4_128_SHA, "TLS_PSK_WITH_RC4_SHA" }, +#endif { TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, { TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, @@ -1642,7 +1654,7 @@ SSL_CTX_set_max_version(ctx.get(), version); // Our default cipher list varies by CPU capabilities, so manually place the // ChaCha20 ciphers in front. - if (!SSL_CTX_set_cipher_list(ctx.get(), "CHACHA20:ALL")) { + if (!SSL_CTX_set_cipher_list(ctx.get(), "!RC4:CHACHA20:ALL")) { return false; } ScopedSSL ssl(SSL_new(ctx.get())); @@ -1685,13 +1697,28 @@ // Tests that our ClientHellos do not change unexpectedly. static bool TestClientHello() { static const uint8_t kSSL3ClientHello[] = { - 0x16, 0x03, 0x00, 0x00, 0x47, 0x01, 0x00, 0x00, 0x43, 0x03, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x1c, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, - 0x14, 0x00, 0x39, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, - 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x00, 0xff, 0x01, 0x00, + 0x16, + 0x03, 0x00, + 0x00, 0x3f, + 0x01, + 0x00, 0x00, 0x3b, + 0x03, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x14, + 0xc0, 0x09, + 0xc0, 0x13, + 0x00, 0x33, + 0xc0, 0x0a, + 0xc0, 0x14, + 0x00, 0x39, + 0x00, 0x2f, + 0x00, 0x35, + 0x00, 0x0a, + 0x00, 0xff, 0x01, 0x00, }; if (!ClientHelloMatches(SSL3_VERSION, kSSL3ClientHello, sizeof(kSSL3ClientHello))) { @@ -1699,12 +1726,27 @@ } static const uint8_t kTLS1ClientHello[] = { - 0x16, 0x03, 0x01, 0x00, 0x66, 0x01, 0x00, 0x00, 0x62, 0x03, 0x01, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc0, 0x09, - 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x39, 0xc0, 0x07, - 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, + 0x16, + 0x03, 0x01, + 0x00, 0x5e, + 0x01, + 0x00, 0x00, 0x5a, + 0x03, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x12, + 0xc0, 0x09, + 0xc0, 0x13, + 0x00, 0x33, + 0xc0, 0x0a, + 0xc0, 0x14, + 0x00, 0x39, + 0x00, 0x2f, + 0x00, 0x35, + 0x00, 0x0a, 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, @@ -1715,12 +1757,27 @@ } static const uint8_t kTLS11ClientHello[] = { - 0x16, 0x03, 0x01, 0x00, 0x66, 0x01, 0x00, 0x00, 0x62, 0x03, 0x02, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc0, 0x09, - 0xc0, 0x13, 0x00, 0x33, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x39, 0xc0, 0x07, - 0xc0, 0x11, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, + 0x16, + 0x03, 0x01, + 0x00, 0x5e, + 0x01, + 0x00, 0x00, 0x5a, + 0x03, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x12, + 0xc0, 0x09, + 0xc0, 0x13, + 0x00, 0x33, + 0xc0, 0x0a, + 0xc0, 0x14, + 0x00, 0x39, + 0x00, 0x2f, + 0x00, 0x35, + 0x00, 0x0a, 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, @@ -1731,16 +1788,48 @@ } static const uint8_t kTLS12ClientHello[] = { - 0x16, 0x03, 0x01, 0x00, 0xa4, 0x01, 0x00, 0x00, 0xa0, 0x03, 0x03, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0xcc, 0xa9, - 0xcc, 0xa8, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, - 0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, - 0xc0, 0x27, 0x00, 0x33, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, - 0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x9c, - 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, - 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x35, 0xff, 0x01, 0x00, 0x01, + 0x16, + 0x03, 0x01, + 0x00, 0x9c, + 0x01, + 0x00, 0x00, 0x98, + 0x03, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x3a, + 0xcc, 0xa9, + 0xcc, 0xa8, + 0xcc, 0x14, + 0xcc, 0x13, + 0xc0, 0x2b, + 0xc0, 0x2f, + 0x00, 0x9e, + 0xc0, 0x2c, + 0xc0, 0x30, + 0x00, 0x9f, + 0xc0, 0x09, + 0xc0, 0x23, + 0xc0, 0x13, + 0xc0, 0x27, + 0x00, 0x33, + 0x00, 0x67, + 0xc0, 0x0a, + 0xc0, 0x24, + 0xc0, 0x14, + 0xc0, 0x28, + 0x00, 0x39, + 0x00, 0x6b, + 0x00, 0x9c, + 0x00, 0x9d, + 0x00, 0x2f, + 0x00, 0x3c, + 0x00, 0x35, + 0x00, 0x3d, + 0x00, 0x0a, + 0x01, 0x00, 0x00, 0x35, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x06, 0x01, 0x06, 0x03, 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01,