From 21ade06ef82184c2cfb5912c3e8f702f38610018 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 30 Oct 2018 18:21:41 +0000 Subject: [PATCH 1/8] Reduce priority of 3DES ciphersuites --- ChangeLog | 5 ++++ include/mbedtls/config.h | 13 +++++++++ library/ssl_ciphersuites.c | 57 +++++++++++++++++++++++--------------- library/version_features.c | 3 ++ scripts/config.pl | 2 ++ 5 files changed, 58 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 07cc87692..f0f0adcc2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,11 @@ Changes produced by some optimizing compilers, showing up as failures in e.g. RSA or ECC signature operations. Reported in #1722, fix suggested by Aurelien Jarno and submitted by Jeffrey Martin. + * Ciphersuites based on 3DES now have the lowest priority by default. + +Features + * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites + from the default list (inactive by default). = mbed TLS 2.7.9 branch released 2018-12-21 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 50239e1ff..113e1d18d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -556,6 +556,19 @@ */ #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +/** + * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES + * + * Remove 3DES ciphersuites by default in SSL / TLS. + * This flag removes the ciphersuites based on 3DES from the default list as + * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible + * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including + * them explicitly. + * + * Comment this macro to keep 3DES in the default ciphersuite list. + */ +#define MBEDTLS_REMOVE_3DES_CIPHERSUITES + /** * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED * diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 800b5f84d..01d1c458a 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -43,11 +43,11 @@ /* * Ordered from most preferred to least preferred in terms of security. * - * Current rule (except rc4, weak and null which come last): + * Current rule (except RC4 and 3DES, weak and null which come last): * 1. By key exchange: * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * 2. By key length and cipher: - * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES + * AES-256 > Camellia-256 > AES-128 > Camellia-128 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 * 4. By hash function used when relevant * 5. By key exchange/auth again: EC > non-EC @@ -105,11 +105,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - /* All remaining >= 128-bit ephemeral suites */ - MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - /* The PSK ephemeral suites */ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, @@ -133,9 +128,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, - MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - /* The ECJPAKE suite */ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, @@ -183,11 +175,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - /* All remaining >= 128-bit suites */ - MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - /* The RSA PSK suites */ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, @@ -201,8 +188,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, - /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_PSK_WITH_AES_256_CCM, @@ -220,6 +205,16 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, + /* 3DES suites */ + MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, /* RC4 suites */ @@ -1704,6 +1699,26 @@ const int *mbedtls_ssl_list_ciphersuites( void ) static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_init = 0; +static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) +{ + (void)cs_info; + +#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) + if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) + return( 1 ); +#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ + +#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) + if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || + cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC ) + { + return( 1 ); + } +#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ + + return( 0 ); +} + const int *mbedtls_ssl_list_ciphersuites( void ) { /* @@ -1719,14 +1734,12 @@ const int *mbedtls_ssl_list_ciphersuites( void ) *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; p++ ) { -#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) const mbedtls_ssl_ciphersuite_t *cs_info; if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && - cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 ) -#else - if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL ) -#endif + !ciphersuite_is_removed( cs_info ) ) + { *(q++) = *p; + } } *q = 0; diff --git a/library/version_features.c b/library/version_features.c index da47e3d75..d6deb0149 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -270,6 +270,9 @@ static const char *features[] = { #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) "MBEDTLS_REMOVE_ARC4_CIPHERSUITES", #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ +#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) + "MBEDTLS_REMOVE_3DES_CIPHERSUITES", +#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) "MBEDTLS_ECP_DP_SECP192R1_ENABLED", #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ diff --git a/scripts/config.pl b/scripts/config.pl index 468aeb93e..ab4322bab 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -29,6 +29,7 @@ # MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_REMOVE_ARC4_CIPHERSUITES +# MBEDTLS_REMOVE_3DES_CIPHERSUITES # MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_RSA_NO_CRT # MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 @@ -89,6 +90,7 @@ MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES +MBEDTLS_REMOVE_3DES_CIPHERSUITES MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION From f9b2ed062f97de31c8c980fcf6c1bb4bdb84739d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Nov 2018 20:57:49 +0000 Subject: [PATCH 2/8] Fix wording of ChangeLog and 3DES_REMOVE docs --- ChangeLog | 9 +++++---- include/mbedtls/config.h | 7 +++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f0f0adcc2..2b51621d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,11 @@ Bugfix * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion. Fixes #2190. +Features + * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites + from the default list (enabled by default). See + https://sweet32.info/SWEET32_CCS16.pdf. + Changes * Include configuration file in all header files that use configuration, instead of relying on other header files that they include. @@ -23,10 +28,6 @@ Changes by Aurelien Jarno and submitted by Jeffrey Martin. * Ciphersuites based on 3DES now have the lowest priority by default. -Features - * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites - from the default list (inactive by default). - = mbed TLS 2.7.9 branch released 2018-12-21 Bugfix diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 113e1d18d..5b176caa6 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -565,6 +565,13 @@ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * them explicitly. * + * A man-in-the browser attacker can recover authentication tokens sent through + * a TLS connection using a 3DES based cipher suite (see "On the Practical + * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan + * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls + * in your threat model or you are unsure, then you should keep this option + * enabled to remove 3DES based cipher suites. + * * Comment this macro to keep 3DES in the default ciphersuite list. */ #define MBEDTLS_REMOVE_3DES_CIPHERSUITES From 0a0e5b12a9dc2fd3b6547f5a3f8d379044e626f1 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 8 Jan 2019 21:42:27 +0000 Subject: [PATCH 3/8] Exclude 3DES tests in test scripts --- tests/compat.sh | 6 +++++- tests/scripts/all.sh | 4 ++-- tests/scripts/basic-build-test.sh | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index a2b2d5ba1..eefebd078 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -53,7 +53,11 @@ MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" FILTER="" -EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +# exclude: +# - NULL: excluded from our default config +# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions +# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 070e623e6..d9b6074e5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -681,8 +681,8 @@ component_test_full_cmake_clang () { msg "test: ssl-opt.sh default (full config)" # ~ 1s if_build_succeeded tests/ssl-opt.sh -f Default - msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' } component_build_deprecated () { diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index fbe757d9e..d3c54719a 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -91,7 +91,7 @@ OPENSSL_CMD="$OPENSSL_LEGACY" \ OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + sh compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ tee -a compat-test-$TEST_OUTPUT echo From b7c22ecc746c4871a57e6b7ed17f97df0eca8140 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 11 Feb 2019 21:47:30 +0000 Subject: [PATCH 4/8] Fix documentation for 3DES removal --- include/mbedtls/config.h | 2 +- tests/compat.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5b176caa6..f3039f937 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -565,7 +565,7 @@ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * them explicitly. * - * A man-in-the browser attacker can recover authentication tokens sent through + * A man-in-the-browser attacker can recover authentication tokens sent through * a TLS connection using a 3DES based cipher suite (see "On the Practical * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls diff --git a/tests/compat.sh b/tests/compat.sh index eefebd078..4db414de1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -57,6 +57,7 @@ FILTER="" # - NULL: excluded from our default config # - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +# - 3DES: not in default config EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR' VERBOSE="" MEMCHECK=0 From 493a0dc3337a53b42f83b47724163778aae42e13 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 19 Feb 2019 20:14:00 +0000 Subject: [PATCH 5/8] Clarify 3DES changes in ChangeLog --- ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2b51621d6..ed7e8a628 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ Changes produced by some optimizing compilers, showing up as failures in e.g. RSA or ECC signature operations. Reported in #1722, fix suggested by Aurelien Jarno and submitted by Jeffrey Martin. - * Ciphersuites based on 3DES now have the lowest priority by default. + * Ciphersuites based on 3DES now have the lowest priority by default when + they are enabled. = mbed TLS 2.7.9 branch released 2018-12-21 From fea3d0a3d04f9c40cbfb81fc951b56e27482809a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 19 Feb 2019 20:20:57 +0000 Subject: [PATCH 6/8] Adjust DES exclude lists in test scripts --- tests/compat.sh | 2 +- tests/scripts/all.sh | 2 +- tests/scripts/basic-build-test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 4db414de1..df499dcf0 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -58,7 +58,7 @@ FILTER="" # - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) # - 3DES: not in default config -EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR' +EXCLUDE='NULL\|DES\|RC4\|ARCFOUR' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9b6074e5..a37e11367 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -682,7 +682,7 @@ component_test_full_cmake_clang () { if_build_succeeded tests/ssl-opt.sh -f Default msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' } component_build_deprecated () { diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index d3c54719a..97120ea84 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -91,7 +91,7 @@ OPENSSL_CMD="$OPENSSL_LEGACY" \ OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e 'DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ tee -a compat-test-$TEST_OUTPUT echo From a82d38dc7c81b48d615cfdcbcfbdb14d51cf8dab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 1 Mar 2019 10:14:58 +0100 Subject: [PATCH 7/8] Fix failure in SSLv3 per-version suites test The test used 3DES as the suite for SSLv3, which now makes the handshake fails with "no ciphersuite in common", failing the test as well. Use Camellia instead (as there are not enough AES ciphersuites before TLS 1.2 to distinguish between the 3 versions). Document some dependencies, but not all. Just trying to avoid introducing new issues by using a new cipher here, not trying to make it perfect, which is a much larger task out of scope of this commit. --- tests/ssl-opt.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ae98ae986..eaac52de3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3708,26 +3708,37 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Tests for ciphersuites per version requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: SSL3" \ - "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ 0 \ - -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" + -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.0" \ - "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1 arc4=1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.1" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.2" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_2" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" From 47237346d4f35d158ed817b5a6d71e1a807e1627 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 1 Mar 2019 10:34:21 +0100 Subject: [PATCH 8/8] Fix order of sections in the ChangeLog --- ChangeLog | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed7e8a628..017cb47fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.7.x branch released xxxx-xx-xx +Features + * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites + from the default list (enabled by default). See + https://sweet32.info/SWEET32_CCS16.pdf. + Bugfix * Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. Raised as a comment in #1996. @@ -10,11 +15,6 @@ Bugfix * Reduce stack usage of `mpi_write_hlp()` by eliminating recursion. Fixes #2190. -Features - * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites - from the default list (enabled by default). See - https://sweet32.info/SWEET32_CCS16.pdf. - Changes * Include configuration file in all header files that use configuration, instead of relying on other header files that they include.