aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/manual/tls.rst37
-rw-r--r--doc/relnotes/1_11_13.rst3
-rw-r--r--doc/website/algos.rst8
-rw-r--r--src/lib/engine/core_engine/lookup_mac.cpp9
-rw-r--r--src/lib/kdf/kdf.cpp9
-rw-r--r--src/lib/kdf/prf_ssl3/info.txt7
-rw-r--r--src/lib/kdf/prf_ssl3/prf_ssl3.cpp75
-rw-r--r--src/lib/kdf/prf_ssl3/prf_ssl3.h30
-rw-r--r--src/lib/mac/ssl3mac/info.txt5
-rw-r--r--src/lib/mac/ssl3mac/ssl3_mac.cpp90
-rw-r--r--src/lib/mac/ssl3mac/ssl3_mac.h48
-rw-r--r--src/lib/tls/info.txt2
-rw-r--r--src/lib/tls/msg_cert_verify.cpp24
-rw-r--r--src/lib/tls/msg_client_hello.cpp53
-rw-r--r--src/lib/tls/msg_client_kex.cpp18
-rw-r--r--src/lib/tls/msg_finished.cpp45
-rw-r--r--src/lib/tls/msg_server_hello.cpp8
-rw-r--r--src/lib/tls/tls_handshake_hash.cpp42
-rw-r--r--src/lib/tls/tls_handshake_hash.h5
-rw-r--r--src/lib/tls/tls_handshake_state.cpp22
-rw-r--r--src/lib/tls/tls_magic.h1
-rw-r--r--src/lib/tls/tls_messages.h5
-rw-r--r--src/lib/tls/tls_policy.h5
-rw-r--r--src/lib/tls/tls_record.cpp70
-rw-r--r--src/lib/tls/tls_record.h3
-rw-r--r--src/lib/tls/tls_server.cpp9
-rw-r--r--src/lib/tls/tls_session_key.cpp8
-rw-r--r--src/lib/tls/tls_version.cpp3
-rw-r--r--src/lib/tls/tls_version.h1
-rw-r--r--src/tests/data/kdf/ssl3prf.vec166
-rw-r--r--src/tests/data/mac/ssl3mac.vec26
-rw-r--r--src/tests/unit_tls.cpp1
32 files changed, 59 insertions, 779 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 1b7929f1b..c2cdeb667 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -4,14 +4,15 @@ Transport Layer Security (TLS)
.. versionadded:: 1.11.0
-Botan supports both client and server implementations of the SSL/TLS
-protocols, including SSL v3, TLS v1.0, TLS v1.1, and TLS v1.2 (the
-insecure and obsolete SSL v2 protocol is not supported, beyond
-processing SSL v2 client hellos which some clients still send for
-backwards compatability with ancient servers). There is also support
-for DTLS (v1.0 and v1.2), a variant of TLS adapted for operation on
-datagram transports such as UDP and SCTP. DTLS support should be
-considered as beta quality and further testing is invited.
+Botan has client and server implementations of various versions of the
+TLS protocol, including TLS v1.0, TLS v1.1, and TLS v1.2. As of
+version 1.11.13, support for the insecure SSLv3 protocol has been
+removed.
+
+There is also support for DTLS (v1.0 and v1.2), a variant of TLS
+adapted for operation on datagram transports such as UDP and
+SCTP. DTLS support should be considered as beta quality and further
+testing is invited.
The TLS implementation does not know anything about sockets or the
network layer. Instead, it calls a user provided callback (hereafter
@@ -369,9 +370,8 @@ There are also functions for serialization and deserializing sessions:
binary value that can later be passed to ``decrypt``. The key
may be of any length.
- Currently the implementation uses AES-256 in CBC mode with a
- SHA-256 HMAC. The keys for these are derived from *key* using
- KDF2(SHA-256).
+ Currently the implementation encrypts the session using AES-256
+ in GCM mode with a random nonce.
.. cpp:function:: static Session decrypt(const byte ciphertext[], \
size_t length, \
@@ -587,13 +587,7 @@ be negotiated during a handshake.
Return true if this version of the protocol is one that we are
willing to negotiate.
- Default: Accepts TLS v1.0 or higher, or DTLS v1.2.
-
- .. note::
-
- SSLv3 is rejected by default; it has serious security flaws
- which cannot be fixed without protocol changes. SSLv3 support
- is deprecated and will be removed in a future release.
+ Default: Accepts TLS v1.0 or higher and DTLS v1.2 or higher.
.. cpp:function:: bool server_uses_own_ciphersuite_preferences() const
@@ -740,8 +734,7 @@ The ``TLS::Protocol_Version`` class represents a specific version:
.. cpp:type:: enum Version_Code
- ``SSL_V3``, ``TLS_V10``, ``TLS_V11``, ``TLS_V12``, ``DTLS_V10``,
- ``DTLS_V12``
+ ``TLS_V10``, ``TLS_V11``, ``TLS_V12``, ``DTLS_V10``, ``DTLS_V12``
.. cpp:function:: static Protocol_Version latest_tls_version()
@@ -767,8 +760,8 @@ The ``TLS::Protocol_Version`` class represents a specific version:
.. cpp:function:: std::string to_string() const
- Returns string description of the version, for instance "SSL v3",
- "TLS v1.1", or "DTLS v1.0".
+ Returns string description of the version, for instance "TLS
+ v1.1" or "DTLS v1.0".
.. cpp:function:: static Protocol_Version latest_tls_version()
diff --git a/doc/relnotes/1_11_13.rst b/doc/relnotes/1_11_13.rst
index d0ca04245..f617ec3b9 100644
--- a/doc/relnotes/1_11_13.rst
+++ b/doc/relnotes/1_11_13.rst
@@ -1,6 +1,9 @@
Version 1.11.13, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* All support for the insecure SSLv3 protocol and the server support
+ for processing SSLv2 client hellos has been removed.
+
* The command line tool now has `tls_proxy` which negotiates TLS with
clients and forwards the plaintext to a specified port.
diff --git a/doc/website/algos.rst b/doc/website/algos.rst
index d2afbd2ba..5184564af 100644
--- a/doc/website/algos.rst
+++ b/doc/website/algos.rst
@@ -8,8 +8,8 @@ including:
TLS/Public Key Infrastructure
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- * SSL/TLS (from SSL v3 to TLS v1.2), including using preshared
- keys (TLS-PSK) or passwords (TLS-SRP)
+ * TLS/DTLS (v1.0 to v1.2), including using preshared keys (TLS-PSK) or
+ passwords (TLS-SRP) and most important extensions.
* X.509 certificates (including generating new self-signed and CA
certs) and CRLs
* Certificate path validation and OCSP
@@ -63,8 +63,7 @@ Authentication Codes
* HMAC
* CMAC (aka OMAC1)
* Poly1305
- * Obsolete designs CBC-MAC, ANSI X9.19 DES-MAC, and the
- protocol-specific SSLv3 authentication code
+ * Obsolete designs CBC-MAC and ANSI X9.19 DES-MAC
Other Useful Things
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -72,7 +71,6 @@ Other Useful Things
* Key derivation functions for passwords, including PBKDF2
* Password hashing functions, including bcrypt
* General key derivation functions KDF1 and KDF2 from IEEE 1363
- * PRFs from ANSI X9.42, SSL v3.0, TLS v1.0
Recommended Algorithms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/src/lib/engine/core_engine/lookup_mac.cpp b/src/lib/engine/core_engine/lookup_mac.cpp
index 62e23eb57..ba5cd69c6 100644
--- a/src/lib/engine/core_engine/lookup_mac.cpp
+++ b/src/lib/engine/core_engine/lookup_mac.cpp
@@ -25,10 +25,6 @@
#include <botan/poly1305.h>
#endif
-#if defined(BOTAN_HAS_SSL3_MAC)
- #include <botan/ssl3_mac.h>
-#endif
-
#if defined(BOTAN_HAS_ANSI_X919_MAC)
#include <botan/x919_mac.h>
#endif
@@ -62,11 +58,6 @@ Core_Engine::find_mac(const SCAN_Name& request,
return new CBC_MAC(af.make_block_cipher(request.arg(0)));
#endif
-#if defined(BOTAN_HAS_SSL3_MAC)
- if(request.algo_name() == "SSL3-MAC" && request.arg_count() == 1)
- return new SSL3_MAC(af.make_hash_function(request.arg(0)));
-#endif
-
#if defined(BOTAN_HAS_ANSI_X919_MAC)
if(request.algo_name() == "X9.19-MAC" && request.arg_count() == 0)
return new ANSI_X919_MAC(af.make_block_cipher("DES"));
diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp
index 0d963e9a2..820e5234c 100644
--- a/src/lib/kdf/kdf.cpp
+++ b/src/lib/kdf/kdf.cpp
@@ -21,10 +21,6 @@
#include <botan/prf_x942.h>
#endif
-#if defined(BOTAN_HAS_SSL_V3_PRF)
- #include <botan/prf_ssl3.h>
-#endif
-
#if defined(BOTAN_HAS_TLS_V10_PRF)
#include <botan/prf_tls.h>
#endif
@@ -55,11 +51,6 @@ KDF* get_kdf(const std::string& algo_spec)
return new X942_PRF(request.arg(0)); // OID
#endif
-#if defined(BOTAN_HAS_SSL_V3_PRF)
- if(request.algo_name() == "SSL3-PRF" && request.arg_count() == 0)
- return new SSL3_PRF;
-#endif
-
#if defined(BOTAN_HAS_TLS_V10_PRF)
if(request.algo_name() == "TLS-PRF" && request.arg_count() == 0)
return new TLS_PRF;
diff --git a/src/lib/kdf/prf_ssl3/info.txt b/src/lib/kdf/prf_ssl3/info.txt
deleted file mode 100644
index c4e830bac..000000000
--- a/src/lib/kdf/prf_ssl3/info.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-define SSL_V3_PRF 20131128
-
-<requires>
-md5
-sha1
-algo_base
-</requires>
diff --git a/src/lib/kdf/prf_ssl3/prf_ssl3.cpp b/src/lib/kdf/prf_ssl3/prf_ssl3.cpp
deleted file mode 100644
index 40bce53b0..000000000
--- a/src/lib/kdf/prf_ssl3/prf_ssl3.cpp
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
-* SSLv3 PRF
-* (C) 2004-2006 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/prf_ssl3.h>
-#include <botan/symkey.h>
-#include <botan/exceptn.h>
-#include <botan/sha160.h>
-#include <botan/md5.h>
-
-namespace Botan {
-
-namespace {
-
-/*
-* Return the next inner hash
-*/
-OctetString next_hash(size_t where, size_t want,
- HashFunction& md5, HashFunction& sha1,
- const byte secret[], size_t secret_len,
- const byte seed[], size_t seed_len)
- {
- BOTAN_ASSERT(want <= md5.output_length(),
- "Output size producable by MD5");
-
- const byte ASCII_A_CHAR = 0x41;
-
- for(size_t j = 0; j != where + 1; j++)
- sha1.update(static_cast<byte>(ASCII_A_CHAR + where));
- sha1.update(secret, secret_len);
- sha1.update(seed, seed_len);
- secure_vector<byte> sha1_hash = sha1.final();
-
- md5.update(secret, secret_len);
- md5.update(sha1_hash);
- secure_vector<byte> md5_hash = md5.final();
-
- return OctetString(&md5_hash[0], want);
- }
-
-}
-
-/*
-* SSL3 PRF
-*/
-secure_vector<byte> SSL3_PRF::derive(size_t key_len,
- const byte secret[], size_t secret_len,
- const byte seed[], size_t seed_len) const
- {
- if(key_len > 416)
- throw Invalid_Argument("SSL3_PRF: Requested key length is too large");
-
- MD5 md5;
- SHA_160 sha1;
-
- OctetString output;
-
- int counter = 0;
- while(key_len)
- {
- const size_t produce = std::min<size_t>(key_len, md5.output_length());
-
- output = output + next_hash(counter++, produce, md5, sha1,
- secret, secret_len, seed, seed_len);
-
- key_len -= produce;
- }
-
- return output.bits_of();
- }
-
-}
diff --git a/src/lib/kdf/prf_ssl3/prf_ssl3.h b/src/lib/kdf/prf_ssl3/prf_ssl3.h
deleted file mode 100644
index 9679f744e..000000000
--- a/src/lib/kdf/prf_ssl3/prf_ssl3.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-* SSLv3 PRF
-* (C) 1999-2007 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_SSLV3_PRF_H__
-#define BOTAN_SSLV3_PRF_H__
-
-#include <botan/kdf.h>
-
-namespace Botan {
-
-/**
-* PRF used in SSLv3
-*/
-class BOTAN_DLL SSL3_PRF : public KDF
- {
- public:
- secure_vector<byte> derive(size_t, const byte[], size_t,
- const byte[], size_t) const;
-
- std::string name() const { return "SSL3-PRF"; }
- KDF* clone() const { return new SSL3_PRF; }
- };
-
-}
-
-#endif
diff --git a/src/lib/mac/ssl3mac/info.txt b/src/lib/mac/ssl3mac/info.txt
deleted file mode 100644
index 5e69b0ae8..000000000
--- a/src/lib/mac/ssl3mac/info.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-define SSL3_MAC 20131128
-
-<requires>
-hash
-</requires>
diff --git a/src/lib/mac/ssl3mac/ssl3_mac.cpp b/src/lib/mac/ssl3mac/ssl3_mac.cpp
deleted file mode 100644
index 5ab5ff727..000000000
--- a/src/lib/mac/ssl3mac/ssl3_mac.cpp
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
-* SSL3-MAC
-* (C) 1999-2004 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/ssl3_mac.h>
-
-namespace Botan {
-
-/*
-* Update a SSL3-MAC Calculation
-*/
-void SSL3_MAC::add_data(const byte input[], size_t length)
- {
- m_hash->update(input, length);
- }
-
-/*
-* Finalize a SSL3-MAC Calculation
-*/
-void SSL3_MAC::final_result(byte mac[])
- {
- m_hash->final(mac);
- m_hash->update(m_okey);
- m_hash->update(mac, output_length());
- m_hash->final(mac);
- m_hash->update(m_ikey);
- }
-
-/*
-* SSL3-MAC Key Schedule
-*/
-void SSL3_MAC::key_schedule(const byte key[], size_t length)
- {
- m_hash->clear();
-
- // Quirk to deal with specification bug
- const size_t inner_hash_length =
- (m_hash->name() == "SHA-160") ? 60 : m_hash->hash_block_size();
-
- m_ikey.resize(inner_hash_length);
- m_okey.resize(inner_hash_length);
-
- std::fill(m_ikey.begin(), m_ikey.end(), 0x36);
- std::fill(m_okey.begin(), m_okey.end(), 0x5C);
-
- copy_mem(&m_ikey[0], key, length);
- copy_mem(&m_okey[0], key, length);
-
- m_hash->update(m_ikey);
- }
-
-/*
-* Clear memory of sensitive data
-*/
-void SSL3_MAC::clear()
- {
- m_hash->clear();
- zap(m_ikey);
- zap(m_okey);
- }
-
-/*
-* Return the name of this type
-*/
-std::string SSL3_MAC::name() const
- {
- return "SSL3-MAC(" + m_hash->name() + ")";
- }
-
-/*
-* Return a clone of this object
-*/
-MessageAuthenticationCode* SSL3_MAC::clone() const
- {
- return new SSL3_MAC(m_hash->clone());
- }
-
-/*
-* SSL3-MAC Constructor
-*/
-SSL3_MAC::SSL3_MAC(HashFunction* hash) : m_hash(hash)
- {
- if(m_hash->hash_block_size() == 0)
- throw Invalid_Argument("SSL3-MAC cannot be used with " + m_hash->name());
- }
-
-}
diff --git a/src/lib/mac/ssl3mac/ssl3_mac.h b/src/lib/mac/ssl3mac/ssl3_mac.h
deleted file mode 100644
index 290fffd01..000000000
--- a/src/lib/mac/ssl3mac/ssl3_mac.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-* SSL3-MAC
-* (C) 1999-2004 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_SSL3_MAC_H__
-#define BOTAN_SSL3_MAC_H__
-
-#include <botan/hash.h>
-#include <botan/mac.h>
-
-namespace Botan {
-
-/**
-* A MAC only used in SSLv3. Do not use elsewhere! Use HMAC instead.
-*/
-class BOTAN_DLL SSL3_MAC : public MessageAuthenticationCode
- {
- public:
- std::string name() const;
- size_t output_length() const { return m_hash->output_length(); }
- MessageAuthenticationCode* clone() const;
-
- void clear();
-
- Key_Length_Specification key_spec() const
- {
- return Key_Length_Specification(m_hash->output_length());
- }
-
- /**
- * @param hash the underlying hash to use
- */
- SSL3_MAC(HashFunction* hash);
- private:
- void add_data(const byte[], size_t);
- void final_result(byte[]);
- void key_schedule(const byte[], size_t);
-
- std::unique_ptr<HashFunction> m_hash;
- secure_vector<byte> m_ikey, m_okey;
- };
-
-}
-
-#endif
diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt
index 530ee1121..f65da5eea 100644
--- a/src/lib/tls/info.txt
+++ b/src/lib/tls/info.txt
@@ -78,13 +78,11 @@ gcm
hmac
kdf2
md5
-prf_ssl3
prf_tls
rng
rsa
sha1
sha2_32
srp6
-ssl3mac
x509
</requires>
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp
index 769a8687e..3837e3871 100644
--- a/src/lib/tls/msg_cert_verify.cpp
+++ b/src/lib/tls/msg_cert_verify.cpp
@@ -30,20 +30,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io,
PK_Signer signer(*priv_key, format.first, format.second);
- if(state.version() == Protocol_Version::SSL_V3)
- {
- secure_vector<byte> md5_sha = state.hash().final_ssl3(
- state.session_keys().master_secret());
-
- if(priv_key->algo_name() == "DSA")
- m_signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng);
- else
- m_signature = signer.sign_message(md5_sha, rng);
- }
- else
- {
- m_signature = signer.sign_message(state.hash().get_contents(), rng);
- }
+ m_signature = signer.sign_message(state.hash().get_contents(), rng);
state.hash().update(io.send(*this));
}
@@ -99,15 +86,6 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
PK_Verifier verifier(*key, format.first, format.second);
- if(state.version() == Protocol_Version::SSL_V3)
- {
- secure_vector<byte> md5_sha = state.hash().final_ssl3(
- state.session_keys().master_secret());
-
- return verifier.verify_message(&md5_sha[16], md5_sha.size()-16,
- &m_signature[0], m_signature.size());
- }
-
return verifier.verify_message(state.hash().get_contents(), m_signature);
}
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index cebe8ac9e..473d9235f 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -152,17 +152,6 @@ Client_Hello::Client_Hello(Handshake_IO& io,
hash.update(io.send(*this));
}
-/*
-* Read a counterparty client hello
-*/
-Client_Hello::Client_Hello(const std::vector<byte>& buf, Handshake_Type type)
- {
- if(type == CLIENT_HELLO)
- deserialize(buf);
- else
- deserialize_sslv2(buf);
- }
-
void Client_Hello::update_hello_cookie(const Hello_Verify_Request& hello_verify)
{
if(!m_version.is_datagram_protocol())
@@ -201,48 +190,10 @@ std::vector<byte> Client_Hello::serialize() const
return buf;
}
-void Client_Hello::deserialize_sslv2(const std::vector<byte>& buf)
- {
- if(buf.size() < 12 || buf[0] != 1)
- throw Decoding_Error("Client_Hello: SSLv2 hello corrupted");
-
- const size_t cipher_spec_len = make_u16bit(buf[3], buf[4]);
- const size_t m_session_id_len = make_u16bit(buf[5], buf[6]);
- const size_t challenge_len = make_u16bit(buf[7], buf[8]);
-
- const size_t expected_size =
- (9 + m_session_id_len + cipher_spec_len + challenge_len);
-
- if(buf.size() != expected_size)
- throw Decoding_Error("Client_Hello: SSLv2 hello corrupted");
-
- if(m_session_id_len != 0 || cipher_spec_len % 3 != 0 ||
- (challenge_len < 16 || challenge_len > 32))
- {
- throw Decoding_Error("Client_Hello: SSLv2 hello corrupted");
- }
-
- m_version = Protocol_Version(buf[1], buf[2]);
-
- for(size_t i = 9; i != 9 + cipher_spec_len; i += 3)
- {
- if(buf[i] != 0) // a SSLv2 cipherspec; ignore it
- continue;
-
- m_suites.push_back(make_u16bit(buf[i+1], buf[i+2]));
- }
-
- m_random.resize(challenge_len);
- copy_mem(&m_random[0], &buf[9+cipher_spec_len+m_session_id_len], challenge_len);
-
- if(offered_suite(static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)))
- m_extensions.add(new Renegotiation_Extension());
- }
-
/*
-* Deserialize a Client Hello message
+* Read a counterparty client hello
*/
-void Client_Hello::deserialize(const std::vector<byte>& buf)
+Client_Hello::Client_Hello(const std::vector<byte>& buf)
{
if(buf.size() == 0)
throw Decoding_Error("Client_Hello: Packet corrupted");
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 4bdd9983c..c8dc2aad8 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -239,12 +239,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15");
- std::vector<byte> encrypted_key = encryptor.encrypt(m_pre_master, rng);
+ const std::vector<byte> encrypted_key = encryptor.encrypt(m_pre_master, rng);
- if(state.version() == Protocol_Version::SSL_V3)
- m_key_material = encrypted_key; // no length field
- else
- append_tls_length_value(m_key_material, encrypted_key, 2);
+ append_tls_length_value(m_key_material, encrypted_key, 2);
}
else
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
@@ -299,15 +296,8 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
try
{
- if(state.version() == Protocol_Version::SSL_V3)
- {
- m_pre_master = decryptor.decrypt(contents);
- }
- else
- {
- TLS_Data_Reader reader("ClientKeyExchange", contents);
- m_pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535));
- }
+ TLS_Data_Reader reader("ClientKeyExchange", contents);
+ m_pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535));
if(m_pre_master.size() != 48 ||
client_version.major_version() != m_pre_master[0] ||
diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp
index c6c097c0d..b837172b6 100644
--- a/src/lib/tls/msg_finished.cpp
+++ b/src/lib/tls/msg_finished.cpp
@@ -20,44 +20,25 @@ namespace {
std::vector<byte> finished_compute_verify(const Handshake_State& state,
Connection_Side side)
{
- if(state.version() == Protocol_Version::SSL_V3)
- {
- const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 };
- const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 };
+ const byte TLS_CLIENT_LABEL[] = {
+ 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
+ 0x73, 0x68, 0x65, 0x64 };
- Handshake_Hash hash = state.hash(); // don't modify state
+ const byte TLS_SERVER_LABEL[] = {
+ 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
+ 0x73, 0x68, 0x65, 0x64 };
- std::vector<byte> ssl3_finished;
+ std::unique_ptr<KDF> prf(state.protocol_specific_prf());
- if(side == CLIENT)
- hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL));
- else
- hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL));
-
- return unlock(hash.final_ssl3(state.session_keys().master_secret()));
- }
+ std::vector<byte> input;
+ if(side == CLIENT)
+ input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
else
- {
- const byte TLS_CLIENT_LABEL[] = {
- 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
- 0x73, 0x68, 0x65, 0x64 };
-
- const byte TLS_SERVER_LABEL[] = {
- 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
- 0x73, 0x68, 0x65, 0x64 };
-
- std::unique_ptr<KDF> prf(state.protocol_specific_prf());
-
- std::vector<byte> input;
- if(side == CLIENT)
- input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
- else
- input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
+ input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
- input += state.hash().final(state.version(), state.ciphersuite().prf_algo());
+ input += state.hash().final(state.version(), state.ciphersuite().prf_algo());
- return unlock(prf->derive_key(12, state.session_keys().master_secret(), input));
- }
+ return unlock(prf->derive_key(12, state.session_keys().master_secret(), input));
}
}
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index a0fc008e8..73163a73b 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -35,10 +35,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
m_ciphersuite(ciphersuite),
m_comp_method(compression)
{
- /*
- * Even a client that offered SSLv3 and sent the SCSV will get an
- * extension back. This is probably the right thing to do.
- */
if(client_hello.secure_renegotiation())
m_extensions.add(new Renegotiation_Extension(reneg_info));
@@ -94,10 +90,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
m_ciphersuite(resumed_session.ciphersuite_code()),
m_comp_method(resumed_session.compression_method())
{
- /*
- * Even a client that offered SSLv3 and sent the SCSV will get an
- * extension back. This is probably the right thing to do.
- */
if(client_hello.secure_renegotiation())
m_extensions.add(new Renegotiation_Extension(reneg_info));
diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp
index 77605309c..a4222c60e 100644
--- a/src/lib/tls/tls_handshake_hash.cpp
+++ b/src/lib/tls/tls_handshake_hash.cpp
@@ -38,48 +38,6 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version,
return hash->final();
}
-/**
-* Return a SSLv3 Handshake Hash
-*/
-secure_vector<byte> Handshake_Hash::final_ssl3(const secure_vector<byte>& secret) const
- {
- const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C;
-
- Algorithm_Factory& af = global_state().algorithm_factory();
-
- std::unique_ptr<HashFunction> md5(af.make_hash_function("MD5"));
- std::unique_ptr<HashFunction> sha1(af.make_hash_function("SHA-1"));
-
- md5->update(data);
- sha1->update(data);
-
- md5->update(secret);
- sha1->update(secret);
-
- for(size_t i = 0; i != 48; ++i)
- md5->update(PAD_INNER);
- for(size_t i = 0; i != 40; ++i)
- sha1->update(PAD_INNER);
-
- secure_vector<byte> inner_md5 = md5->final(), inner_sha1 = sha1->final();
-
- md5->update(secret);
- sha1->update(secret);
-
- for(size_t i = 0; i != 48; ++i)
- md5->update(PAD_OUTER);
- for(size_t i = 0; i != 40; ++i)
- sha1->update(PAD_OUTER);
-
- md5->update(inner_md5);
- sha1->update(inner_sha1);
-
- secure_vector<byte> output;
- output += md5->final();
- output += sha1->final();
- return output;
- }
-
}
}
diff --git a/src/lib/tls/tls_handshake_hash.h b/src/lib/tls/tls_handshake_hash.h
index 0b4fa7120..c6b412473 100644
--- a/src/lib/tls/tls_handshake_hash.h
+++ b/src/lib/tls/tls_handshake_hash.h
@@ -33,10 +33,7 @@ class Handshake_Hash
secure_vector<byte> final(Protocol_Version version,
const std::string& mac_algo) const;
- secure_vector<byte> final_ssl3(const secure_vector<byte>& master_secret) const;
-
- const std::vector<byte>& get_contents() const
- { return data; }
+ const std::vector<byte>& get_contents() const { return data; }
void reset() { data.clear(); }
private:
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp
index 4a6714f15..111087041 100644
--- a/src/lib/tls/tls_handshake_state.cpp
+++ b/src/lib/tls/tls_handshake_state.cpp
@@ -29,7 +29,6 @@ u32bit bitmask_for_handshake_type(Handshake_Type type)
* Same code point for both client hello styles
*/
case CLIENT_HELLO:
- case CLIENT_HELLO_SSLV2:
return (1 << 2);
case SERVER_HELLO:
@@ -258,11 +257,7 @@ std::vector<byte> Handshake_State::session_ticket() const
KDF* Handshake_State::protocol_specific_prf() const
{
- if(version() == Protocol_Version::SSL_V3)
- {
- return get_kdf("SSL3-PRF");
- }
- else if(version().supports_ciphersuite_specific_prf())
+ if(version().supports_ciphersuite_specific_prf())
{
const std::string prf_algo = ciphersuite().prf_algo();
@@ -291,9 +286,6 @@ std::string choose_hash(const std::string& sig_algo,
{
if(!negotiated_version.supports_negotiable_signature_algorithms())
{
- if(for_client_auth && negotiated_version == Protocol_Version::SSL_V3)
- return "Raw";
-
if(sig_algo == "RSA")
return "Parallel(MD5,SHA-160)";
@@ -405,11 +397,7 @@ Handshake_State::understand_sig_format(const Public_Key& key,
if(algo_name == "RSA")
{
- if(for_client_auth && this->version() == Protocol_Version::SSL_V3)
- {
- hash_algo = "Raw";
- }
- else if(!this->version().supports_negotiable_signature_algorithms())
+ if(!this->version().supports_negotiable_signature_algorithms())
{
hash_algo = "Parallel(MD5,SHA-160)";
}
@@ -419,11 +407,7 @@ Handshake_State::understand_sig_format(const Public_Key& key,
}
else if(algo_name == "DSA" || algo_name == "ECDSA")
{
- if(algo_name == "DSA" && for_client_auth && this->version() == Protocol_Version::SSL_V3)
- {
- hash_algo = "Raw";
- }
- else if(!this->version().supports_negotiable_signature_algorithms())
+ if(!this->version().supports_negotiable_signature_algorithms())
{
hash_algo = "SHA-1";
}
diff --git a/src/lib/tls/tls_magic.h b/src/lib/tls/tls_magic.h
index 6a29ea0a1..4a7237722 100644
--- a/src/lib/tls/tls_magic.h
+++ b/src/lib/tls/tls_magic.h
@@ -39,7 +39,6 @@ enum Record_Type {
enum Handshake_Type {
HELLO_REQUEST = 0,
CLIENT_HELLO = 1,
- CLIENT_HELLO_SSLV2 = 253, // Not a wire value
SERVER_HELLO = 2,
HELLO_VERIFY_REQUEST = 3,
NEW_SESSION_TICKET = 4, // RFC 5077
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 4fb3d2535..18cc90c39 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -181,13 +181,10 @@ class Client_Hello : public Handshake_Message
const Session& resumed_session,
bool next_protocol = false);
- Client_Hello(const std::vector<byte>& buf,
- Handshake_Type type);
+ Client_Hello(const std::vector<byte>& buf);
private:
std::vector<byte> serialize() const override;
- void deserialize(const std::vector<byte>& buf);
- void deserialize_sslv2(const std::vector<byte>& buf);
Protocol_Version m_version;
std::vector<byte> m_session_id;
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 0e81dd7f7..089494f24 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -138,10 +138,7 @@ class BOTAN_DLL Policy
/**
* @return true if and only if we are willing to accept this version
- * Default accepts TLS v1.0 and later.
-
- * Override if you want to allow negotiating SSLv3 (*not recommended*)
- * Override if you want to enable DTLS in your application.
+ * Default accepts TLS v1.0 and later or DTLS v1.2 or later.
*/
virtual bool acceptable_protocol_version(Protocol_Version version) const;
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index b2653c54a..3edeab7e3 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -26,8 +26,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
const Session_Keys& keys) :
m_start_time(std::chrono::system_clock::now()),
m_nonce_bytes_from_handshake(suite.nonce_bytes_from_handshake()),
- m_nonce_bytes_from_record(suite.nonce_bytes_from_record()),
- m_is_ssl3(version == Protocol_Version::SSL_V3)
+ m_nonce_bytes_from_record(suite.nonce_bytes_from_record())
{
SymmetricKey mac_key, cipher_key;
InitializationVector iv;
@@ -83,10 +82,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
else
throw Invalid_Argument("Unknown TLS cipher " + cipher_algo);
- if(version == Protocol_Version::SSL_V3)
- m_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")"));
- else
- m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")"));
+ m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")"));
m_mac->set_key(mac_key);
}
@@ -128,11 +124,8 @@ Connection_Cipher_State::format_ad(u64bit msg_sequence,
m_ad.push_back(get_byte(i, msg_sequence));
m_ad.push_back(msg_type);
- if(version != Protocol_Version::SSL_V3)
- {
- m_ad.push_back(version.major_version());
- m_ad.push_back(version.minor_version());
- }
+ m_ad.push_back(version.major_version());
+ m_ad.push_back(version.minor_version());
m_ad.push_back(get_byte(0, msg_length));
m_ad.push_back(get_byte(1, msg_length));
@@ -312,8 +305,7 @@ size_t fill_buffer_to(secure_vector<byte>& readbuf,
*
* @fixme This should run in constant time
*/
-size_t tls_padding_check(bool sslv3_padding,
- size_t block_size,
+size_t tls_padding_check(size_t block_size,
const byte record[],
size_t record_len)
{
@@ -323,18 +315,6 @@ size_t tls_padding_check(bool sslv3_padding,
return 0;
/*
- * SSL v3 requires that the padding be less than the block size
- * but not does specify the value of the padding bytes.
- */
- if(sslv3_padding)
- {
- if(padding_length > 0 && padding_length < block_size)
- return (padding_length + 1);
- else
- return 0;
- }
-
- /*
* TLS v1.0 and up require all the padding bytes be the same value
* and allows up to 255 bytes.
*/
@@ -425,8 +405,7 @@ void decrypt_record(secure_vector<byte>& output,
{
cbc_decrypt_record(record_contents, record_len, cs, *bc);
- pad_size = tls_padding_check(cs.cipher_padding_single_byte(),
- cs.block_size(),
+ pad_size = tls_padding_check(cs.block_size(),
record_contents, record_len);
padding_bad = (pad_size == 0);
@@ -490,43 +469,6 @@ size_t read_tls_record(secure_vector<byte>& readbuf,
BOTAN_ASSERT_EQUAL(readbuf.size(), TLS_HEADER_SIZE, "Have an entire header");
}
- // Possible SSLv2 format client hello
- if(!sequence_numbers && (readbuf[0] & 0x80) && (readbuf[2] == 1))
- {
- if(readbuf[3] == 0 && readbuf[4] == 2)
- throw TLS_Exception(Alert::PROTOCOL_VERSION,
- "Client claims to only support SSLv2, rejecting");
-
- if(readbuf[3] >= 3) // SSLv2 mapped TLS hello, then?
- {
- const size_t record_len = make_u16bit(readbuf[0], readbuf[1]) & 0x7FFF;
-
- if(size_t needed = fill_buffer_to(readbuf,
- input, input_sz, consumed,
- record_len + 2))
- return needed;
-
- BOTAN_ASSERT_EQUAL(readbuf.size(), (record_len + 2),
- "Have the entire SSLv2 hello");
-
- // Fake v3-style handshake message wrapper
- *record_version = Protocol_Version::TLS_V10;
- *record_sequence = 0;
- *record_type = HANDSHAKE;
-
- record.resize(4 + readbuf.size() - 2);
-
- record[0] = CLIENT_HELLO_SSLV2;
- record[1] = 0;
- record[2] = readbuf[0] & 0x7F;
- record[3] = readbuf[1];
- copy_mem(&record[4], &readbuf[2], readbuf.size() - 2);
-
- readbuf.clear();
- return 0;
- }
- }
-
*record_version = Protocol_Version(readbuf[1], readbuf[2]);
BOTAN_ASSERT(!record_version->is_datagram_protocol(), "Expected TLS");
diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h
index 5ed3ed6ea..c9bf8aade 100644
--- a/src/lib/tls/tls_record.h
+++ b/src/lib/tls/tls_record.h
@@ -69,8 +69,6 @@ class Connection_Cipher_State
size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; }
- bool cipher_padding_single_byte() const { return m_is_ssl3; }
-
bool cbc_without_explicit_iv() const
{ return (m_block_size > 0) && (m_iv_size == 0); }
@@ -94,7 +92,6 @@ class Connection_Cipher_State
size_t m_nonce_bytes_from_handshake;
size_t m_nonce_bytes_from_record;
size_t m_iv_size = 0;
- bool m_is_ssl3 = false;
};
/**
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 43be3788d..1490fc2a4 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -269,13 +269,10 @@ void Server::process_handshake_msg(const Handshake_State* active_state,
*/
if(type != HANDSHAKE_CCS && type != FINISHED && type != CERTIFICATE_VERIFY)
{
- if(type == CLIENT_HELLO_SSLV2)
- state.hash().update(contents);
- else
- state.hash().update(state.handshake_io().format(contents, type));
+ state.hash().update(state.handshake_io().format(contents, type));
}
- if(type == CLIENT_HELLO || type == CLIENT_HELLO_SSLV2)
+ if(type == CLIENT_HELLO)
{
const bool initial_handshake = !active_state;
@@ -286,7 +283,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state,
return;
}
- state.client_hello(new Client_Hello(contents, type));
+ state.client_hello(new Client_Hello(contents));
const Protocol_Version client_version = state.client_hello()->version();
diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp
index 570470732..574b6940b 100644
--- a/src/lib/tls/tls_session_key.cpp
+++ b/src/lib/tls/tls_session_key.cpp
@@ -41,10 +41,7 @@ Session_Keys::Session_Keys(const Handshake_State* state,
else
{
secure_vector<byte> salt;
-
- if(state->version() != Protocol_Version::SSL_V3)
- salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
-
+ salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
salt += state->client_hello()->random();
salt += state->server_hello()->random();
@@ -52,8 +49,7 @@ Session_Keys::Session_Keys(const Handshake_State* state,
}
secure_vector<byte> salt;
- if(state->version() != Protocol_Version::SSL_V3)
- salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
+ salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
salt += state->server_hello()->random();
salt += state->client_hello()->random();
diff --git a/src/lib/tls/tls_version.cpp b/src/lib/tls/tls_version.cpp
index 67069c738..37360b410 100644
--- a/src/lib/tls/tls_version.cpp
+++ b/src/lib/tls/tls_version.cpp
@@ -51,8 +51,7 @@ bool Protocol_Version::operator>(const Protocol_Version& other) const
bool Protocol_Version::known_version() const
{
- return (m_version == Protocol_Version::SSL_V3 ||
- m_version == Protocol_Version::TLS_V10 ||
+ return (m_version == Protocol_Version::TLS_V10 ||
m_version == Protocol_Version::TLS_V11 ||
m_version == Protocol_Version::TLS_V12 ||
m_version == Protocol_Version::DTLS_V10 ||
diff --git a/src/lib/tls/tls_version.h b/src/lib/tls/tls_version.h
index 8e686e8e4..a025b27ba 100644
--- a/src/lib/tls/tls_version.h
+++ b/src/lib/tls/tls_version.h
@@ -22,7 +22,6 @@ class BOTAN_DLL Protocol_Version
{
public:
enum Version_Code {
- SSL_V3 = 0x0300,
TLS_V10 = 0x0301,
TLS_V11 = 0x0302,
TLS_V12 = 0x0303,
diff --git a/src/tests/data/kdf/ssl3prf.vec b/src/tests/data/kdf/ssl3prf.vec
deleted file mode 100644
index cb405083f..000000000
--- a/src/tests/data/kdf/ssl3prf.vec
+++ /dev/null
@@ -1,166 +0,0 @@
-[SSL3-PRF]
-Secret = 6E60
-Salt = 17FEBCA565786528F84A
-OutputLen = 16
-Output = D626B75AB8BD4F5B9458BDDA8589FD39
-
-Secret = 66BEEC6EDE7FCDF50B76EBCD5C0FE0A472F2EA8B1E2BE2971E49CA
-Salt = 5C461D77ACDB631ABAE2E7AFED5E9ABBBAA99B
-OutputLen = 1
-Output = EB
-
-Secret = 1171D78F812512DEFBA258574E41F2832BB9B359EB0CA79E7669
-Salt = 73D677854D88F62417774A2A5645CCAE9C1AEF8E9D1B48
-OutputLen = 2
-Output = 2C8B
-
-Secret = 6162DEC990B2132C30C153F2B200
-Salt = 2666F0B22E8E48DB1640
-OutputLen = 3
-Output = 1B9430
-
-Secret = D3C0DD69C18F17D35C5296FE45F0
-Salt = 320C9EEC122C19AFB8E90F72
-OutputLen = 4
-Output = C7C19FCD
-
-Secret = EE6A733EC671DA7477AE18916895A133CC92E23DBACEE2634846CAEF0B08
-Salt = B7F9722B37389C11
-OutputLen = 5
-Output = C264D9D0C9
-
-Secret = 97D7F3D2AFB3198862F6FAC8B17CCEFB26
-Salt = D3583CD13AC119CAFBD44CAEA5AB
-OutputLen = 6
-Output = C1CB767626AC
-
-Secret = E87A9BBC656884A13295B8D4DD4645905846C249D2470ACD2BE5
-Salt = 542D044668EDC104A9266C2EC79EC37F72A0C6B7301EFDF267CF39
-OutputLen = 7
-Output = 3DC5B6402F451C
-
-Secret = 7463F0B9F822E17311E47680DC5B505811E9
-Salt = 02AB98439528C994
-OutputLen = 8
-Output = FE4B1DA4EDA36820
-
-Secret = EE8999703E5D9C628AA404235F3C94C3A890B1
-Salt = 161DEB5AB705BD15
-OutputLen = 9
-Output = EF317D3E81DAEF0F89
-
-Secret = AE531918E679D2D7B32C61BA31415484E9725B2905095819
-Salt = A162AC0F0AB41CB80735D1EDAEA3C562CF261C0067
-OutputLen = 10
-Output = 18D5272345C1695BE38C
-
-Secret = 8FE402D6ED0BD018A532FC063E7D81D97CDEA7
-Salt = BF7F091B6E0DDB90897B6BF80A4F
-OutputLen = 11
-Output = D61088CA1CE8944B17CD3E
-
-Secret = 4279DB52505E7B505BBC26CE0FBF2F4353086C1363
-Salt = 8710A8A12B2D18A27A50E5F32C37448A
-OutputLen = 12
-Output = 4A84A8E829528393FF890129
-
-Secret = B80B58DAB89B1C4D1335C48E479220E253B8EACFD64319544A
-Salt = E9158BA5F6E25D013A37B9D65406E989CB77D05D97B2B04F9C7F26DF987A
-OutputLen = 13
-Output = 1450E50B7D86B76015930BA420
-
-Secret = 965F1BC656F01C1C7F977419A5F99FB54FA34548C332EA79B5B0EE
-Salt = 3F6FF94F05596ACBAF5AE7CBD97E3FF3233992D988361E
-OutputLen = 14
-Output = CEE11A3A9A406FE9DA77FE6FB007
-
-Secret = 657B5F618710AF88BF4F0328E7071D022D02EA5E
-Salt = BD0A575481E823931F68BE84E31DE56B2D95F3ECE4F614CBFD31CE
-OutputLen = 15
-Output = 8EA957C330D55CC208326CEA06D25A
-
-Secret = 33CE7917528009F2A1011CFCD494B80D4BBFD901
-Salt = 81851CC61D3E910E04D5EC38A465
-OutputLen = 16
-Output = 2FB1FDD16FCE41C9C563226A564D1647
-
-Secret = 40ED568CFC6C0A17866C67B7660C96BF9DA54C
-Salt = A3502B96214854E5AF5720E8970D3F240AAB2E21319A88E901
-OutputLen = 17
-Output = 321118AA031C5C9EFF145542B4426C3C71
-
-Secret = 12695F5B19541C8B0092418A72A7ED8482F35FCC4A82D4E1C5AE
-Salt = 2CE5F4676C06D0CB61E91F7D751F0F
-OutputLen = 18
-Output = 22BC94F745F6E247054DDA2C772E5D2D3EC4
-
-Secret = F36E535A1C2C6F6771
-Salt = 290BE26068D887AA6E86500E85C606
-OutputLen = 19
-Output = 6004BBD20BB68E2F1FFC65977807EE25A3FBFE
-
-Secret = 7C7EE43D46AE85D23F0D5264DBD410
-Salt = FC4A7F986331A012CBDAD765288C2CEC08AAD045
-OutputLen = 20
-Output = 0E1FE69316D67CF65D62196C25CC4F517664BD43
-
-Secret = C580B05EC577F45434C13640AAB31B
-Salt = 6C9F5929EA435A86E117BD586B34F7E4F97794573C0B4C90
-OutputLen = 21
-Output = 937E22F90D1493317B0B068A44859036905540AF67
-
-Secret = E275AEB758A949CBB11256E74412E1DA3743899F9007DD5D80A7
-Salt = 585B267A9E08EF4DBF48F6
-OutputLen = 22
-Output = 69C2640797F38E87F1C870891164F0B31F1A3A02627A
-
-Secret = DCF06E7AC257DA73CC6FC0A086B4
-Salt = 16F0355230F105EB316F558512EC3B51871741
-OutputLen = 23
-Output = 30CCF63491F642A55E45136E42FDD0355DB272502EA1B0
-
-Secret = C4C38EC6A1EA975D0ECA535B0CC4D6D0
-Salt = E84EE4D9DC701DE04E250768F2DFB9B6A2
-OutputLen = 24
-Output = 3B50F91EDFDD96CBA8B6329616D4F5964CD8C961CB1D9332
-
-Secret = 7B557AC16D60B74ECAA87641887E6467BAC107
-Salt = D7B9EB91BCDE1F6C144A0799
-OutputLen = 25
-Output = CA148D27F3DC362B0F43C68312058C1CD9B92ECAC2CFDD601F
-
-Secret = B23EFA7FAA11D0E597F00867992CB3B9DA93D607FAC0
-Salt = DA5E3A17C6DDE81CC69A5AC11904D2E9E969D9F2D1731E842C
-OutputLen = 26
-Output = 510297144BA4E0FB5C94749576F756AA36F51289CA463419DC06
-
-Secret = 1A5063B374A5F7769AD59432CFFA6B
-Salt = FE0314911D4C07803C48A9EA86
-OutputLen = 27
-Output = 3437D8B56E573E724B72DD08A5D144E86E646BD24EA0795BA2C3BD
-
-Secret = 870515C65F0AF7AAB10C365AF8AC535E1AA8997D139645A21F71FD23ABBB
-Salt = AA33C0BFF91FC9F1C97BFD00D5F5AC2953C6D1EC43E5838887A2F984C5A53F
-OutputLen = 28
-Output = 1895554BD0A1DE7F48FA8776D314EAE2B9E8D7E3CF2A418D17659DC1
-
-Secret = 1BAE220F6AFEB0A2F51D44721A7A9B9C
-Salt = 11555530CBAECFF82C76147416A50831532A40BD29F15F1E0EA49129
-OutputLen = 29
-Output = 13720151D256DEBAAA668359A876A9A9788D540F509E90372952A91757
-
-Secret = BC55F2BAC14370BB5832575A233F1FCE32322E5B4CE1955153CAF3C84493DF
-Salt = 00E8D1BAA9142A646C5DBCC680FB
-OutputLen = 30
-Output = 972B190F7EC73DA7C5B8B38E9B6DCEE452AB0BC2220F37BEA3FAC596B2F6
-
-Secret = 834CD382FBF84FF54CC8D3BCB778ACD7DDE8FE32ABA212ABB1
-Salt = EE768F1AAF889EFB5B20F7536FECA037BF
-OutputLen = 31
-Output = 6151C82D7384ED41264424827766B6A7279593C86DCBAC9A4D711009E30EC3
-
-Secret = E0BDEBC1D1EEDB393368D489
-Salt = 5D2B46C7BB5258ABC13514995E518FD4D77BECB738D77909
-OutputLen = 32
-Output = F3D8ED6D46280C3694F33D2D4A210248D657277DD78ACD3B34063D085657A58E
-
diff --git a/src/tests/data/mac/ssl3mac.vec b/src/tests/data/mac/ssl3mac.vec
deleted file mode 100644
index 5026b165e..000000000
--- a/src/tests/data/mac/ssl3mac.vec
+++ /dev/null
@@ -1,26 +0,0 @@
-[SSL3-MAC(MD5)]
-Key = 0123456789ABCDEF0123456789ABCDEF
-In = 00
-Out = A856430AF077AE2C328D9FFE4E56813A
-
-Key = 0123456789ABCDEF0123456789ABCDEF
-In = 01
-Out = 96279D16E7812EDDA2EC64DAC996348F
-
-Key = 0123456789ABCDEF0123456789ABCDEF
-In = 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
-Out = 475006C7DC7A3F371352D948B4BE950E
-
-[SSL3-MAC(SHA-1)]
-Key = 0123456789ABCDEF0123456789ABCDEF01234567
-In = 00
-Out = DD2BA1F4A721F22C8A9BA7350B5CD6838B225827
-
-Key = 0123456789ABCDEF0123456789ABCDEF01234567
-In = 01
-Out = CD6289A1FEC0BB104C271BE488343BA92328B073
-
-Key = 0123456789ABCDEF0123456789ABCDEF01234567
-In = 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
-Out = 98E523EADE38B3BF4EBF51D7EE814316C9EB3159
-
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index ef445c99a..60b7297a1 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -290,7 +290,6 @@ size_t test_tls()
auto& rng = test_rng();
std::auto_ptr<Credentials_Manager> basic_creds(create_creds(rng));
- errors += basic_test_handshake(rng, TLS::Protocol_Version::SSL_V3, *basic_creds, default_policy);
errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V10, *basic_creds, default_policy);
errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V11, *basic_creds, default_policy);
errors += basic_test_handshake(rng, TLS::Protocol_Version::TLS_V12, *basic_creds, default_policy);