summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2018-06-20 20:28:54 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2018-06-20 20:57:02 +0100
commit0c3807a8165cbc982f330831a429571f2ff7beec (patch)
tree9e94cf56b9238336d99385b196090df791dee100
parent7a8b95190c22a8176c583985a41beb3e9ae831cd (diff)
OpenSSL: TLSv1.3 notes
-rw-r--r--doc/doc-docbook/spec.xfpt17
-rw-r--r--src/src/tls-openssl.c4
-rwxr-xr-xtest/runtest7
3 files changed, 26 insertions, 2 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7ae09cfbe..daaf0032c 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27417,7 +27417,10 @@ the size of the generated prime, so it might still be too large.
.oindex "&%tls_require_ciphers%&" "OpenSSL"
There is a function in the OpenSSL library that can be passed a list of cipher
suites before the cipher negotiation takes place. This specifies which ciphers
-are acceptable. The list is colon separated and may contain names like
+.new
+are acceptable for TLS versions prior to 1.3.
+.wen
+The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
directly to this function call.
Many systems will install the OpenSSL manual-pages, so you may have
@@ -27482,6 +27485,18 @@ This example will prefer ECDSA-authenticated ciphers over RSA ones:
tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
.endd
+.new
+For TLS version 1.3 the control available is less fine-grained
+and Exim does not provide access to it at present.
+The value of the &%tls_require_ciphers%& option is ignored when
+TLS version 1.3 is negociated.
+
+As of writing the library default cipher suite list for TLSv1.3 is
+.code
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+.endd
+.wen
+
.section "Requiring specific ciphers or other parameters in GnuTLS" &&&
"SECTreqciphgnu"
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7e6524dbd..e7bba0221 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1999,6 +1999,10 @@ if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr)
/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
were historically separated by underscores. So that I can use either form in my
tests, and also for general convenience, we turn underscores into hyphens here.
+
+XXX SSL_CTX_set_cipher_list() is replaced by SSL_CTX_set_ciphersuites()
+for TLS 1.3 . Since we do not call it at present we get the default list:
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
*/
if (expciphers)
diff --git a/test/runtest b/test/runtest
index 0dc3cca73..a35796c2c 100755
--- a/test/runtest
+++ b/test/runtest
@@ -544,6 +544,7 @@ RESET_AFTER_EXTRA_LINE_READ:
# TLSv1.1:AES256-SHA:256
# TLSv1.2:AES256-GCM-SHA384:256
# TLSv1.2:DHE-RSA-AES256-SHA:256
+ # TLSv1.3:TLS_AES_256_GCM_SHA384:256
# TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
# We also need to handle the ciphersuite without the TLS part present, for
# client-ssl's output. We also see some older forced ciphersuites, but
@@ -553,10 +554,14 @@ RESET_AFTER_EXTRA_LINE_READ:
#
# Retain the authentication algorith field as we want to test that.
- s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg;
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
+ # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
+ # as it seems the protocol no longer supports a user choice.
+ s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256
# TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256