diff options
author | Jack Lloyd <[email protected]> | 2018-08-21 15:43:34 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-08-22 15:13:14 -0400 |
commit | e05a7337add6c5f61d5abc05bb69c8d0698aa3ef (patch) | |
tree | 8bb911536d39c43385a59d1bc9a09b2b14bd7075 | |
parent | 2fc2598ebab23aa63f7be30c8a2eff6afb262fb3 (diff) |
Default disable support for TLS v1.0/v1.1 and all CBC and CCM suites
-rw-r--r-- | doc/manual/tls.rst | 23 | ||||
-rw-r--r-- | news.rst | 4 | ||||
-rw-r--r-- | src/cli/tls_utils.cpp | 6 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 12 | ||||
-rwxr-xr-x | src/scripts/test_cli.py | 18 | ||||
-rw-r--r-- | src/tests/data/tls-policy/datagram.txt | 2 | ||||
-rw-r--r-- | src/tests/data/tls-policy/default.txt | 6 |
7 files changed, 54 insertions, 17 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index ba1bee1b0..5e615af0f 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -822,16 +822,19 @@ policy settings from a file. Cipher names without an explicit mode refers to CBC+HMAC ciphersuites. - Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", - "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128" + Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" - Also allowed: "AES-256/CCM(8)", "AES-128/CCM(8)", + Also allowed: "AES-256", "AES-128", + "AES-256/CCM", "AES-128/CCM", "AES-256/CCM(8)", "AES-128/CCM(8)", "Camellia-256/GCM", "Camellia-128/GCM", "ARIA-256/GCM", "ARIA-128/GCM", "Camellia-256", "Camellia-128" Also allowed (though currently experimental): "AES-128/OCB(12)", "AES-256/OCB(12)" + In versions up to 2.8.0, the CBC and CCM ciphersuites "AES-256", + "AES-128", "AES-256/CCM" and "AES-128/CCM" were enabled by default. + Also allowed (although **not recommended**): "SEED", "3DES" .. note:: @@ -1051,6 +1054,20 @@ policy settings from a file. Default: 2048 bits +.. cpp:function:: bool allow_tls10() const + + Return true from here to allow TLS v1.0. Since 2.8.0, returns + ``false`` by default. + +.. cpp:function:: bool allow_tls11() const + + Return true from here to allow TLS v1.1. Since 2.8.0, returns + ``false`` by default. + +.. cpp:function:: bool allow_tls12() const + + Return true from here to allow TLS v1.2. Returns ``true`` by default. + .. cpp:function:: size_t minimum_rsa_bits() const Minimum accepted RSA key size. Default 2048 bits. @@ -4,6 +4,10 @@ Release Notes Version 2.8.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default + TLS policy. In addition, support for negotiating TLS ciphersuites using CBC or + CCM mode is disabled by default. + * During primality testing, use a Lucas test in addition to Miller-Rabin. It is possible to construct a composite integer which passes n Miller-Rabin tests with probability (1/4)^n. So for a incautious verifier using a small number diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index de5c93fe6..2429b5de6 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -34,6 +34,8 @@ class TLS_All_Policy final : public Botan::TLS::Policy "AES-128/CCM(8)", "Camellia-256/GCM", "Camellia-128/GCM", + "ARIA-256/GCM", + "ARIA-128/GCM", "AES-256", "AES-128", "Camellia-256", @@ -52,6 +54,10 @@ class TLS_All_Policy final : public Botan::TLS::Policy { return { "ECDSA", "RSA", "DSA" }; } + + bool allow_tls10() const override { return false; } + bool allow_tls11() const override { return false; } + bool allow_tls12() const override { return true; } }; class TLS_Ciphersuites final : public Command diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 5e8150e4f..c2d3ccf26 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -45,16 +45,16 @@ std::vector<std::string> Policy::allowed_ciphers() const "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", - "AES-256/CCM", - "AES-128/CCM", + //"AES-256/CCM", + //"AES-128/CCM", //"AES-256/CCM(8)", //"AES-128/CCM(8)", //"Camellia-256/GCM", //"Camellia-128/GCM", //"ARIA-256/GCM", //"ARIA-128/GCM", - "AES-256", - "AES-128", + //"AES-256", + //"AES-128", //"Camellia-256", //"Camellia-128", //"SEED" @@ -319,8 +319,8 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite& ciphersuite) const bool Policy::allow_client_initiated_renegotiation() const { return false; } bool Policy::allow_server_initiated_renegotiation() const { return false; } bool Policy::allow_insecure_renegotiation() const { return false; } -bool Policy::allow_tls10() const { return true; } -bool Policy::allow_tls11() const { return true; } +bool Policy::allow_tls10() const { return false; } +bool Policy::allow_tls11() const { return false; } bool Policy::allow_tls12() const { return true; } bool Policy::allow_dtls10() const { return false; } bool Policy::allow_dtls12() const { return true; } diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 0a76d7465..2f5e5bba4 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -425,7 +425,7 @@ def cli_tls_ciphersuite_tests(): for policy in policies: for version in versions: - if policy in ['suiteb_128', 'suiteb_192', 'strict'] and version != 'tls1.2': + if version != 'tls1.2' and policy != 'all': continue output = test_cli("tls_ciphers", ["--version=" + version, "--policy=" + policy], None).split('\n') @@ -648,8 +648,8 @@ def main(args=None): setup_logging(options) - if len(args) != 2: - logging.error("Usage: ./cli_tests.py path_to_botan_cli") + if len(args) < 2: + logging.error("Usage: ./cli_tests.py path_to_botan_cli [test_regex]") return 1 if not os.access(args[1], os.X_OK): @@ -659,6 +659,10 @@ def main(args=None): global CLI_PATH CLI_PATH = args[1] + test_regex = None + if len(args) == 3: + test_regex = re.compile(args[2]) + start_time = time.time() test_fns = [ @@ -694,10 +698,16 @@ def main(args=None): ] for fn in test_fns: + fn_name = fn.__name__ + + if test_regex is not None: + if test_regex.match(fn_name) is None: + continue + start = time.time() fn() end = time.time() - logging.debug("Ran %s in %.02f", fn.__name__, end-start) + logging.debug("Ran %s in %.02f", fn_name, end-start) end_time = time.time() diff --git a/src/tests/data/tls-policy/datagram.txt b/src/tests/data/tls-policy/datagram.txt index 9006c6e87..8c787490d 100644 --- a/src/tests/data/tls-policy/datagram.txt +++ b/src/tests/data/tls-policy/datagram.txt @@ -3,7 +3,7 @@ allow_tls11 = false allow_tls12 = false allow_dtls10 = false allow_dtls12 = true -ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM AES-256/CCM AES-128/CCM AES-256 AES-128 +ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM macs = AEAD signature_hashes = SHA-512 SHA-384 SHA-256 signature_methods = ECDSA RSA diff --git a/src/tests/data/tls-policy/default.txt b/src/tests/data/tls-policy/default.txt index 5ed7890c6..4ff6c293d 100644 --- a/src/tests/data/tls-policy/default.txt +++ b/src/tests/data/tls-policy/default.txt @@ -1,9 +1,9 @@ -allow_tls10 = true -allow_tls11 = true +allow_tls10 = false +allow_tls11 = false allow_tls12 = true allow_dtls10 = false allow_dtls12 = true -ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM AES-256/CCM AES-128/CCM AES-256 AES-128 +ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM macs = AEAD SHA-256 SHA-384 SHA-1 signature_hashes = SHA-512 SHA-384 SHA-256 signature_methods = ECDSA RSA |