Commit 9f22c527 authored by Matt Caswell's avatar Matt Caswell
Browse files

Turn on TLSv1.3 downgrade protection by default 



Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
parent 35e742ec

Configure

+0 −2
Original line number Diff line number Diff line
@@ -405,7 +405,6 @@ my @disablables = ( 
    "tests",

    "threads",

    "tls",

    "tls13downgrade",

    "ts",

    "ubsan",

    "ui-console",
@@ -449,7 +448,6 @@ our %disabled = ( # "what" => "comment" 
		  "ssl3"                => "default",

		  "ssl3-method"         => "default",

                  "ubsan"		=> "default",

		  "tls13downgrade"      => "default",

		  "unit-test"           => "default",

		  "weak-ssl-ciphers"    => "default",

		  "zlib"                => "default",

INSTALL

+0 −10
Original line number Diff line number Diff line
@@ -476,16 +476,6 @@ 
                   require additional system-dependent options! See "Note on

                   multi-threading" below.



  enable-tls13downgrade

                   TODO(TLS1.3): Make this enabled by default and remove the

                   option when TLSv1.3 is out of draft

                   TLSv1.3 offers a downgrade protection mechanism. This is

                   implemented but disabled by default. It should not typically

                   be enabled except for testing purposes. Otherwise this could

                   cause problems if a pre-RFC version of OpenSSL talks to an

                   RFC implementation (it will erroneously be detected as a

                   downgrade).



  no-ts

                   Don't build Time Stamping Authority support.

ssl/s3_lib.c

+2 −2
Original line number Diff line number Diff line
@@ -4568,7 +4568,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, 
    } else {

        ret = RAND_bytes(result, len);

    }

#ifndef OPENSSL_NO_TLS13DOWNGRADE



    if (ret > 0) {

        if (!ossl_assert(sizeof(tls11downgrade) < len)

                || !ossl_assert(sizeof(tls12downgrade) < len))
@@ -4580,7 +4580,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, 
            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,

                   sizeof(tls11downgrade));

    }

#endif



    return ret;

}

ssl/statem/statem_lib.c

+0 −2
Original line number Diff line number Diff line
@@ -1914,7 +1914,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) 
        if (s->version != vent->version)

            continue;



#ifndef OPENSSL_NO_TLS13DOWNGRADE

        /* Check for downgrades */

        if (s->version == TLS1_2_VERSION && highver > s->version) {

            if (memcmp(tls12downgrade,
@@ -1941,7 +1940,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) 
                return 0;

            }

        }

#endif



        s->method = method;

        return 1;

test/recipes/70-test_tls13downgrade.t

+0 −4
Original line number Diff line number Diff line
@@ -26,10 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" 
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"

    if disabled("tls1_3") || disabled("tls1_2");



# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft

plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation"

    if disabled("tls13downgrade");



$ENV{OPENSSL_ia32cap} = '~0x200000200000000';



my $proxy = TLSProxy::Proxy->new(