Rework the default cipherlist. (a556f342) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+9 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,15 @@

		Changes between 1.0.2g and 1.1.0 [xx XXX xxxx]

		*) Changes to the DEFAULT cipherlist:
		- Prefer (EC)DHE handshakes over plain RSA.
		- Prefer AEAD ciphers over legacy ciphers.
		- Prefer ECDSA over RSA when both certificates are available.
		- Prefer TLSv1.2 ciphers/PRF.
		- Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
		default cipherlist.
		[Emilia Käsper]

		*) Change the ECC default curve list to be this, in order: x25519,
		secp256r1, secp521r1, secp384r1.
		[Rich Salz]

ssl/s3_lib.c

+58 −58

Original line number	Diff line number	Diff line
		@@ -239,7 +239,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_IDEA,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -272,7 +272,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_3DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -401,7 +401,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -463,7 +463,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -560,7 +560,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -579,7 +579,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -595,7 +595,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -611,7 +611,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -661,7 +661,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -759,7 +759,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -775,7 +775,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -791,7 +791,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1028,7 +1028,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_SEED,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1044,7 +1044,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_SEED,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1060,7 +1060,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_SEED,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1160,7 +1160,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -1176,7 +1176,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		@@ -1518,7 +1518,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -1534,7 +1534,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -1550,7 +1550,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -1582,7 +1582,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -1598,7 +1598,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -1614,7 +1614,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -1929,7 +1929,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_3DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1977,7 +1977,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2025,7 +2025,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -2323,7 +2323,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128},
		@@ -2337,7 +2337,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		@@ -2351,7 +2351,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128},
		@@ -2365,7 +2365,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		@@ -2383,7 +2383,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},
		@@ -2397,7 +2397,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		@@ -2411,7 +2411,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},
		@@ -2425,7 +2425,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		@@ -2439,7 +2439,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},
		@@ -2453,7 +2453,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		@@ -2467,7 +2467,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},
		@@ -2481,7 +2481,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		@@ -2497,7 +2497,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2513,7 +2513,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2529,7 +2529,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2545,7 +2545,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2561,7 +2561,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2577,7 +2577,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2593,7 +2593,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2609,7 +2609,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2625,7 +2625,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2641,7 +2641,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2657,7 +2657,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2673,7 +2673,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2689,7 +2689,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2705,7 +2705,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2721,7 +2721,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2737,7 +2737,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2753,7 +2753,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2769,7 +2769,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,
		@@ -2785,7 +2785,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2801,7 +2801,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256CCM8,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		256,
		256,

ssl/ssl_ciph.c

+57 −6

Original line number	Diff line number	Diff line
		@@ -278,6 +278,11 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
		#define CIPHER_DEL 3
		#define CIPHER_ORD 4
		#define CIPHER_SPECIAL 5
		/*
		* Bump the ciphers to the top of the list.
		* This rule isn't currently supported by the public cipherstring API.
		*/
		#define CIPHER_BUMP 6

		typedef struct cipher_order_st {
		const SSL_CIPHER *cipher;
		@@ -896,7 +901,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
		algo_strength, strength_bits);
		#endif

		if (rule == CIPHER_DEL)
		if (rule == CIPHER_DEL \|\| rule == CIPHER_BUMP)
		reverse = 1; /* needed to maintain sorting between
		* currently deleted ciphers */

		@@ -986,6 +991,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
		ll_append_head(&head, curr, &tail);
		curr->active = 0;
		}
		} else if (rule == CIPHER_BUMP) {
		if (curr->active)
		ll_append_head(&head, curr, &tail);
		} else if (rule == CIPHER_KILL) {
		/* reverse == 0 */
		if (head == curr)
		@@ -1420,20 +1428,36 @@ STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD ssl_method, STACK
		disabled_mac, disabled_ssl, co_list, &head,
		&tail);

		/* Now arrange all ciphers by preference: */
		/* Now arrange all ciphers by preference. */

		/*
		* Everything else being equal, prefer ephemeral ECDH over other key
		* exchange mechanisms
		* exchange mechanisms.
		* For consistency, prefer ECDSA over RSA (though this only matters if the
		* server has both certificates, and is using the DEFAULT, or a client
		* preference).
		*/
		ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
		-1, &head, &tail);
		ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
		&tail);
		ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
		&tail);

		/* AES is our preferred symmetric cipher */
		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head,
		&tail);

		/* Within each strength group, we prefer GCM over CHACHA... */
		ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
		&head, &tail);
		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
		&head, &tail);

		/*
		* ...and generally, our preferred cipher is AES.
		* Note that AEADs will be bumped to take preference after sorting by
		* strength.
		*/
		ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
		-1, &head, &tail);

		/* Temporarily enable everything else for sorting */
		ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
		@@ -1472,6 +1496,33 @@ STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD ssl_method, STACK
		return NULL;
		}

		/*
		* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
		* TODO(openssl-team): is there an easier way to accomplish all this?
		*/
		ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_2, 0, CIPHER_BUMP, -1,
		&head, &tail);

		/*
		* Irrespective of strength, enforce the following order:
		* (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest.
		* Within each group, ciphers remain sorted by strength and previous
		* preference, i.e.,
		* 1) ECDHE > DHE
		* 2) GCM > CHACHA
		* 3) AES > rest
		* 4) TLS 1.2 > legacy
		*
		* Because we now bump ciphers to the top of the list, we proceed in
		* reverse order of preference.
		*/
		ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
		&head, &tail);
		ssl_cipher_apply_rule(0, SSL_kDHE \| SSL_kECDHE, 0, 0, 0, 0, 0,
		CIPHER_BUMP, -1, &head, &tail);
		ssl_cipher_apply_rule(0, SSL_kDHE \| SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
		CIPHER_BUMP, -1, &head, &tail);

		/* Now disable everything (maintaining the ordering!) */
		ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);

ssl/ssl_locl.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -358,7 +358,9 @@
		# define SSL_eGOST2814789CNT12 0x00040000U
		# define SSL_CHACHA20POLY1305 0x00080000U

		# define SSL_AES (SSL_AES128\|SSL_AES256\|SSL_AES128GCM\|SSL_AES256GCM\|SSL_AES128CCM\|SSL_AES256CCM\|SSL_AES128CCM8\|SSL_AES256CCM8)
		# define SSL_AESGCM (SSL_AES128GCM \| SSL_AES256GCM)
		# define SSL_AESCCM (SSL_AES128CCM \| SSL_AES256CCM \| SSL_AES128CCM8 \| SSL_AES256CCM8)
		# define SSL_AES (SSL_AES128\|SSL_AES256\|SSL_AESGCM\|SSL_AESCCM)
		# define SSL_CAMELLIA (SSL_CAMELLIA128\|SSL_CAMELLIA256)
		# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)