This message attempts to summarise SSL changes in ICS in the last six
months, up to V8.33. Most relate to OpenSSL 1.1.0, some are from the
long term wish list, which still contains unfinished jobs, and
information about using and buying SSL certificates.
OpenSSL 1.1.0 Changes
-
New DLL names, different for 32 and 64-bit: libeay32.dll is now
libcrypto-1_1.dll and libcrypto-1_1-x64.dll, ssleay32.dll is now
libssl-1_1.dll and libssl-1_1-x64.dll. ICS handles this, but see below
for new global variables that control how OpenSSL is loaded.
Security fixes: the 3DES and RC4 cipher suites are no longer used, 40
and 56-bit suites are gone, and compression is disabled by default, to
mitigate attacks. No effect on ICS, unless you need to support ancient
browsers.
Support added for ChaCha20-Poly1305 encryption cipher suites by Google,
which is lower overhead for mobile ARM devices which don't have the
benefit of Intel x86 processor instructions for AES. This is not easy
to test, since OpenSSL prefers AES on Windows and Firefox does not
support it yet even on Android, Chrome/Windows prefers AES, so need to
use the Chrome/Android browser. Did manage to force the ICS HTTP
client sample to use ChaCha20-Poly1305 once...
Add support for setting the minimum and maximum supported SSL or TLS
protocol. Previously only a single protocol could be specified, or all
protocols (the badly named sslV23 version method), and then option
flags used to disable certain protocols to leave the ones you really
wanted. SslContext adds SslMinVersion and SslMaxVersion properties to
specify the minimum and maximum SSL/TLS versions supported from:
sslVerSSL3, sslVerTLS1, sslVerTLS1_1, sslVerTLS1_2, sslVerTLS1_3,
sslVerMax, note 1.3 is not yet supported. Although introduced for
1.1.0, these properties have also been implemented for 1.0.1/1.0.2 by
internally using Options. SslVersionMethod is ignored for 1.1.0 if
SslMinVersion > sslVerSSL3 or SslMaxVersion < sslVerMax.
Windows versions now call the Windows API CryptGenRandom to get entropy
for random numbers. Not sure if this effects ICS, which has it's own
seed functions used when creating private keys for certificates.
Many DLL exported functions have new (clearer) names, ICS hides most of
these and still uses the old names for backward compatibility, ie
function SSLeay was renamed to OpenSSL_version_num and SSLeay_version
to OpenSSL_version (and many others).
OpenSSL now self initialises and self cleans up, so more functions have
gone, this is handled internally by ICS.
Many internal structures are now opaque so applications can not access
or corrupt them, with new exported functions provided to access these
structures which were previously done by macros. ICS hides all this,
hopefully.
OpenSSL now uses a new threading API, and thread related functions have
gone. ICS has a unit OverbyteIcsSslThrdLock that handles static thread
locks for SSL applications that used threads. This unit is still
needed for OpenSSL 1.0.2 support, but now checks which OpenSSL version
is running and ignores threads if not required. This unit is
normally dropped on a form, and SSlStaticLock.Enabled set true during
program initialisation, which will load the OpenSSL DLLs. Doing this
early avoid the DLLs being loaded and unloaded when SslContexts are
created and destroyed.
There are changes to the default cipher list and ECC default curves,
but ICS already provides three recommended lists for servers,
sslCiphersMozillaSrvBack, sslCiphersMozillaSrvInter and
sslCiphersMozillaSrvHigh. Clients generally don't specify ciphers.
Added ASN.1 and EVP_PKEY methods for X25519. No real idea about this,
something to do with ecliptic curve.
Changes to ecliptic curves which are now always enabled. For ICS,
SslECDHMethod is ignored for 1.1.0.
Lots of long obsolete SslOptions have been removed, ICS hides all this
by ignoring ones no longer supported. SSL debugging now reports all
set options.
OpenSSL adds support to enable cryptographic operations to be performed
asynchronously as long as an asynchronous capable engine is used. No
idea if such an engine is included.
The handshaking state machine code has been significantly refactored in
order to remove much duplication of code and solve issues with the old
code. ICS has a new function IcsSslGetState which returns
TSslHandshakeState that returns about 37 states rather than the seven
earlier versions supported. This really only effects ICS SSL debugging
when more detailed state information is reported during handshaking.
Added support for OCB (Offset Codebook Mode) and CCM (CBC-MAC Mode)
mode ciphers, an alternate to GCM (AES Galois Counter Mode) with AES.
Added secure heap for storage of private keys (when possible).
Support for RFC6698/RFC7671 DANE TLSA peer authentication. Obtaining
and performing DNSSEC validation of TLSA records is the application's
responsibility. Not sure about this.
Support for Certi
