The branch master has been updated
via ef28891bab7054667f2f6739f6d376c38b3ca1cc (commit)
via d33726b92e09605a088369d0e01c99d138c0524f (commit)
from cfd20f64cc4bd440cfc8fe59f2daaa575015af3d (commit)
- Log -----------------------------------------------------------------
commit ef28891bab7054667f2f6739f6d376c38b3ca1cc
Author: Rich Salz <rs...@openssl.org>
Date: Thu Aug 18 08:56:42 2016 -0400
Put DES into "not default" category.
Add CVE to CHANGES
Reviewed-by: Emilia Käsper <emi...@openssl.org>
commit d33726b92e09605a088369d0e01c99d138c0524f
Author: Rich Salz <rs...@openssl.org>
Date: Sat Jul 30 12:21:32 2016 -0400
To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 5 +++++
ssl/s3_lib.c | 40 +++++++++++++++++++++++++++++-----------
test/cipherlist_test.c | 13 -------------
3 files changed, 34 insertions(+), 24 deletions(-)
diff --git a/CHANGES b/CHANGES
index 32a7c7b..78a5a4d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
Changes between 1.0.2h and 1.1.0 [xx XXX xxxx]
+ *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
+ have been disabled by default and removed from DEFAULT, just like RC4.
+ See the RC4 item below to re-enable both.
+ [Rich Salz]
+
*) The method for finding the storage location for the Windows RAND seed file
has changed. First we check %RANDFILE%. If that is not set then we check
the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8925717..e94ee83 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -57,7 +57,7 @@
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/*
- * The list of available ciphers, organized into the following
+ * The list of available ciphers, mostly organized into the following
* groups:
* Always there
* EC
@@ -97,6 +97,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
@@ -107,7 +108,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@ -137,7 +138,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@ -157,6 +158,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
+#endif
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
@@ -849,6 +851,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
@@ -859,11 +862,12 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
@@ -909,6 +913,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
@@ -919,11 +924,12 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@@ -969,6 +975,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
@@ -984,6 +991,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
@@ -1182,6 +1190,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1192,11 +1201,12 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+# endif
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
@@ -1227,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1237,11 +1248,12 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+# endif
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
@@ -1272,6 +1284,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1282,11 +1295,12 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+# endif
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
@@ -1588,6 +1602,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
},
# ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1598,11 +1613,12 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM | SSL_FIPS,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
@@ -1712,6 +1728,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
@@ -1722,7 +1739,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@ -1737,7 +1754,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
- SSL_MEDIUM,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@ -1757,6 +1774,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
112,
168,
},
+# endif
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index e892f9d..d6556e0 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -104,16 +104,6 @@ static const uint32_t default_ciphers_in_order[] = {
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
#endif
-#ifndef OPENSSL_NO_DES
-# ifndef OPENSSL_NO_EC
- TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-# endif
-# ifndef OPENSSL_NO_DH
- SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
-# endif
-#endif /* !OPENSSL_NO_DES */
-
#ifndef OPENSSL_NO_TLS1_2
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
@@ -123,9 +113,6 @@ static const uint32_t default_ciphers_in_order[] = {
TLS1_CK_RSA_WITH_AES_256_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
-#ifndef OPENSSL_NO_DES
- SSL3_CK_RSA_DES_192_CBC3_SHA,
-#endif
};
static int test_default_cipherlist(SSL_CTX *ctx)
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
