From 448ea506bf075c22680fc2d45477f78ceb11d8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jan 2015 11:40:14 +0100 Subject: [PATCH 1/3] Set min version to TLS 1.0 in programs --- ChangeLog | 4 ++++ include/polarssl/ssl.h | 6 ++++-- programs/ssl/ssl_client1.c | 3 +++ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_fork_server.c | 4 ++++ programs/ssl/ssl_mail_client.c | 3 +++ programs/ssl/ssl_pthread_server.c | 3 +++ programs/ssl/ssl_server.c | 3 +++ programs/ssl/ssl_server2.c | 2 +- tests/ssl-opt.sh | 12 ++++++------ 10 files changed, 32 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd83b9e60..255d35905 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ PolarSSL ChangeLog (Sorted per branch, date) += PolarSSL 1.3.10 released ??? +Changes + * Example programs for SSL client and server now disable SSLv3 by default. + = PolarSSL 1.3.9 released 2014-10-20 Security * Lowest common hash was selected from signature_algorithms extension in diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 194e94471..4cabf7c9e 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1372,8 +1372,10 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor ); * \brief Set the minimum accepted SSL/TLS protocol version * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION) * - * Note: Input outside of the SSL_MAX_XXXXX_VERSION and - * SSL_MIN_XXXXX_VERSION range is ignored. + * \note Input outside of the SSL_MAX_XXXXX_VERSION and + * SSL_MIN_XXXXX_VERSION range is ignored. + * + * \note SSL_MINOR_VERSION_0 (SSL v3) should be avoided. * * \param ssl SSL context * \param major Major version number (only SSL_MAJOR_VERSION_3 supported) diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 1b369a658..8f85b1016 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -168,6 +168,9 @@ int main( int argc, char *argv[] ) ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" ); + /* SSLv3 is deprecated, set minimum to TLS 1.0 */ + ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5b7a488c9..505ce10c2 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -86,7 +86,7 @@ int main( int argc, char *argv[] ) #define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION #define DFL_RENEGOTIATE 0 #define DFL_EXCHANGES 1 -#define DFL_MIN_VERSION -1 +#define DFL_MIN_VERSION SSL_MINOR_VERSION_1 #define DFL_MAX_VERSION -1 #define DFL_AUTH_MODE SSL_VERIFY_REQUIRED #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 706cdd492..ae1e155b9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -264,6 +264,10 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); + /* SSLv3 is deprecated, set minimum to TLS 1.0 */ + ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, + SSL_MINOR_VERSION_1 ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &client_fd, diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 4cf59d03a..74f9d7bd2 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -601,6 +601,9 @@ int main( int argc, char *argv[] ) * but makes interop easier in this simplified example */ ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); + /* SSLv3 is deprecated, set minimum to TLS 1.0 */ + ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 9a4c554e9..aed2513b6 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -165,6 +165,9 @@ static void *handle_ssl_connection( void *data ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); + /* SSLv3 is deprecated, set minimum to TLS 1.0 */ + ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 9e097998f..eb44e07df 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -198,6 +198,9 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); + /* SSLv3 is deprecated, set minimum to TLS 1.0 */ + ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 721dab42e..3fecb4741 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -105,7 +105,7 @@ int main( int argc, char *argv[] ) #define DFL_RENEGOTIATE 0 #define DFL_RENEGO_DELAY -2 #define DFL_EXCHANGES 1 -#define DFL_MIN_VERSION -1 +#define DFL_MIN_VERSION SSL_MINOR_VERSION_1 #define DFL_MAX_VERSION -1 #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f94808d2c..361d393fa 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -941,7 +941,7 @@ run_test "Authentication: client no cert, openssl server optional" \ run_test "Authentication: client no cert, ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ - "$P_CLI debug_level=3 crt_file=none key_file=none" \ + "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ 0 \ -S "skip write certificate request" \ -C "skip parse certificate request" \ @@ -1569,7 +1569,7 @@ run_test "PSK callback: wrong key" \ # Tests for ciphersuites per version run_test "Per-version suites: SSL3" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" @@ -1609,14 +1609,14 @@ run_test "ssl_get_bytes_avail: extra data" \ # Tests for small packets run_test "Small packet SSLv3 BlockCipher" \ - "$P_SRV" \ + "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small packet SSLv3 StreamCipher" \ - "$P_SRV" \ + "$P_SRV min_version=ssl3" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -1728,14 +1728,14 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \ # Test for large packets run_test "Large packet SSLv3 BlockCipher" \ - "$P_SRV" \ + "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 16384 bytes read" run_test "Large packet SSLv3 StreamCipher" \ - "$P_SRV" \ + "$P_SRV min_version=ssl3" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ From bd47a58221f80c088275904040c95e68ab81cec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jan 2015 13:43:29 +0100 Subject: [PATCH 2/3] Add ssl_set_arc4_support() Rationale: if people want to disable RC4 but otherwise keep the default suite list, it was cumbersome. Also, since it uses a global array, ssl_list_ciphersuite() is not a convenient place. So the SSL modules look like the best place, even if it means temporarily adding one SSL setting. --- ChangeLog | 4 ++++ include/polarssl/ssl.h | 20 ++++++++++++++++ library/ssl_cli.c | 15 ++++++++++++ library/ssl_srv.c | 4 ++++ library/ssl_tls.c | 5 ++++ programs/ssl/ssl_client2.c | 16 +++++++++++++ programs/ssl/ssl_server2.c | 15 ++++++++++++ tests/compat.sh | 2 +- tests/ssl-opt.sh | 48 +++++++++++++++++++++++++++----------- 9 files changed, 114 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 255d35905..a965f8d4c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ PolarSSL ChangeLog (Sorted per branch, date) Changes * Example programs for SSL client and server now disable SSLv3 by default. +Features + * Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime + while using the default ciphersuite list. + = PolarSSL 1.3.9 released 2014-10-20 Security * Lowest common hash was selected from signature_algorithms extension in diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 4cabf7c9e..7943d1416 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -238,6 +238,9 @@ #define SSL_SESSION_TICKETS_DISABLED 0 #define SSL_SESSION_TICKETS_ENABLED 1 +#define SSL_ARC4_ENABLED 0 +#define SSL_ARC4_DISABLED 1 + /** * \name SECTION: Module settings * @@ -697,6 +700,8 @@ struct _ssl_context int min_major_ver; /*!< min. major version used */ int min_minor_ver; /*!< min. minor version used */ + char arc4_disabled; /*!< flag for disabling RC4 */ + /* * Callbacks (RNG, debug, I/O, verification) */ @@ -1385,6 +1390,21 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor ); */ void ssl_set_min_version( ssl_context *ssl, int major, int minor ); +/** + * \brief Disable or enable support for RC4 + * (Default: SSL_ARC4_ENABLED) + * + * \note Though the default is RC4 for compatibility reasons in the + * 1.3 branch, the recommended value is SSL_ARC4_DISABLED. + * + * \note This function will likely be removed in future versions as + * RC4 will then be disabled by default at compile time. + * + * \param ssl SSL context + * \param arc4 SSL_ARC4_ENABLED or SSL_ARC4_DISABLED + */ +void ssl_set_arc4_support( ssl_context *ssl, char arc4 ); + #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) /** * \brief Set the maximum fragment length to emit and/or negotiate diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 27abb3efe..cf460803d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -588,6 +588,10 @@ static int ssl_write_client_hello( ssl_context *ssl ) ciphersuite_info->max_minor_ver < ssl->min_minor_ver ) continue; + if( ssl->arc4_disabled == SSL_ARC4_DISABLED && + ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) + continue; + SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d", ciphersuites[i] ) ); @@ -879,6 +883,7 @@ static int ssl_parse_server_hello( ssl_context *ssl ) unsigned char *buf, *ext; int renegotiation_info_seen = 0; int handshake_failure = 0; + const ssl_ciphersuite_t *suite_info; #if defined(POLARSSL_DEBUG_C) uint32_t t; #endif @@ -1059,6 +1064,16 @@ static int ssl_parse_server_hello( ssl_context *ssl ) SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", i ) ); SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) ); + suite_info = ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); + if( suite_info == NULL || + ( ssl->arc4_disabled && + suite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + i = 0; while( 1 ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 01b0aca20..d611920db 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -847,6 +847,10 @@ static int ssl_ciphersuite_match( ssl_context *ssl, int suite_id, suite_info->max_minor_ver < ssl->minor_ver ) return( 0 ); + if( ssl->arc4_disabled == SSL_ARC4_DISABLED && + suite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) + return( 0 ); + #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) if( ssl_ciphersuite_uses_ec( suite_info ) && ( ssl->handshake->curves == NULL || diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f080defe..a091d8aa8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3977,6 +3977,11 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor ) } } +void ssl_set_arc4_support( ssl_context *ssl, char arc4 ) +{ + ssl->arc4_disabled = arc4; +} + #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 505ce10c2..35771f568 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -88,6 +88,7 @@ int main( int argc, char *argv[] ) #define DFL_EXCHANGES 1 #define DFL_MIN_VERSION SSL_MINOR_VERSION_1 #define DFL_MAX_VERSION -1 +#define DFL_ARC4 SSL_ARC4_DISABLED #define DFL_AUTH_MODE SSL_VERIFY_REQUIRED #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC 0 @@ -125,6 +126,7 @@ struct options int exchanges; /* number of data exchanges */ int min_version; /* minimum protocol version accepted */ int max_version; /* maximum protocol version accepted */ + int arc4; /* flag for arc4 suites support */ int auth_mode; /* verify mode for connection */ unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ @@ -316,6 +318,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags ) "\n" \ " min_version=%%s default: \"\" (ssl3)\n" \ " max_version=%%s default: \"\" (tls1_2)\n" \ + " arc4=%%d default: 0 (disabled)\n" \ " force_version=%%s default: \"\" (none)\n" \ " options: ssl3, tls1, tls1_1, tls1_2\n" \ " auth_mode=%%s default: \"required\"\n" \ @@ -406,6 +409,7 @@ int main( int argc, char *argv[] ) opt.exchanges = DFL_EXCHANGES; opt.min_version = DFL_MIN_VERSION; opt.max_version = DFL_MAX_VERSION; + opt.arc4 = DFL_ARC4; opt.auth_mode = DFL_AUTH_MODE; opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; @@ -545,6 +549,15 @@ int main( int argc, char *argv[] ) else goto usage; } + else if( strcmp( p, "arc4" ) == 0 ) + { + switch( atoi( q ) ) + { + case 0: opt.arc4 = SSL_ARC4_DISABLED; break; + case 1: opt.arc4 = SSL_ARC4_ENABLED; break; + default: goto usage; + } + } else if( strcmp( p, "force_version" ) == 0 ) { if( strcmp( q, "ssl3" ) == 0 ) @@ -907,8 +920,11 @@ int main( int argc, char *argv[] ) } #endif + /* RC4 setting is redundant if we use only one ciphersuite */ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); + else + ssl_set_arc4_support( &ssl, opt.arc4 ); ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3fecb4741..9310ed570 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -107,6 +107,7 @@ int main( int argc, char *argv[] ) #define DFL_EXCHANGES 1 #define DFL_MIN_VERSION SSL_MINOR_VERSION_1 #define DFL_MAX_VERSION -1 +#define DFL_ARC4 SSL_ARC4_DISABLED #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE #define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED @@ -167,6 +168,7 @@ struct options int exchanges; /* number of data exchanges */ int min_version; /* minimum protocol version accepted */ int max_version; /* maximum protocol version accepted */ + int arc4; /* flag for arc4 suites support */ int auth_mode; /* verify mode for connection */ unsigned char mfl_code; /* code for maximum fragment length */ int tickets; /* enable / disable session tickets */ @@ -327,6 +329,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len ) "\n" \ " min_version=%%s default: \"ssl3\"\n" \ " max_version=%%s default: \"tls1_2\"\n" \ + " arc4=%%d default: 0 (disabled)\n" \ " force_version=%%s default: \"\" (none)\n" \ " options: ssl3, tls1, tls1_1, tls1_2\n" \ "\n" \ @@ -704,6 +707,7 @@ int main( int argc, char *argv[] ) opt.exchanges = DFL_EXCHANGES; opt.min_version = DFL_MIN_VERSION; opt.max_version = DFL_MAX_VERSION; + opt.arc4 = DFL_ARC4; opt.auth_mode = DFL_AUTH_MODE; opt.mfl_code = DFL_MFL_CODE; opt.tickets = DFL_TICKETS; @@ -827,6 +831,15 @@ int main( int argc, char *argv[] ) else goto usage; } + else if( strcmp( p, "arc4" ) == 0 ) + { + switch( atoi( q ) ) + { + case 0: opt.arc4 = SSL_ARC4_DISABLED; break; + case 1: opt.arc4 = SSL_ARC4_ENABLED; break; + default: goto usage; + } + } else if( strcmp( p, "force_version" ) == 0 ) { if( strcmp( q, "ssl3" ) == 0 ) @@ -1293,6 +1306,8 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); + else + ssl_set_arc4_support( &ssl, opt.arc4 ); if( opt.version_suites != NULL ) { diff --git a/tests/compat.sh b/tests/compat.sh index 260b26f07..b06c232e0 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -667,7 +667,7 @@ setup_arguments() exit 1; esac - P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" + P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -www -cipher NULL,ALL -$MODE" G_SERVER_ARGS="-p $PORT --http" G_SERVER_PRIO="EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 361d393fa..bb8bd6297 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -393,6 +393,26 @@ run_test "Default" \ -S "error" \ -C "error" +# Tests for rc4 option + +run_test "RC4: server disabled, client enabled" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 1 \ + -s "SSL - The server has no ciphersuites in common" + +run_test "RC4: server enabled, client disabled" \ + "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + "$P_CLI" \ + 1 \ + -s "SSL - The server has no ciphersuites in common" + +run_test "RC4: both enabled" \ + "$P_SRV arc4=1" \ + "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ + 0 \ + -S "SSL - The server has no ciphersuites in common" + # Test for SSLv2 ClientHello requires_openssl_with_sslv2 @@ -1575,8 +1595,8 @@ run_test "Per-version suites: SSL3" \ -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" run_test "Per-version suites: TLS 1.0" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ - "$P_CLI force_version=tls1" \ + "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_CLI force_version=tls1 arc4=1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA" @@ -1616,7 +1636,7 @@ run_test "Small packet SSLv3 BlockCipher" \ -s "Read from client: 1 bytes read" run_test "Small packet SSLv3 StreamCipher" \ - "$P_SRV min_version=ssl3" \ + "$P_SRV min_version=ssl3 arc4=1" \ "$P_CLI request_size=1 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -1638,7 +1658,7 @@ run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=1 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -1653,7 +1673,7 @@ run_test "Small packet TLS 1.1 BlockCipher" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.1 StreamCipher" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -1668,7 +1688,7 @@ run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=1 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -1697,14 +1717,14 @@ run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.2 StreamCipher" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=1 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -1735,7 +1755,7 @@ run_test "Large packet SSLv3 BlockCipher" \ -s "Read from client: 16384 bytes read" run_test "Large packet SSLv3 StreamCipher" \ - "$P_SRV min_version=ssl3" \ + "$P_SRV min_version=ssl3 arc4=1" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -1757,7 +1777,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=16384 force_version=tls1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -1772,7 +1792,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ @@ -1787,7 +1807,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ @@ -1816,14 +1836,14 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ - "$P_SRV" \ + "$P_SRV arc4=1" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ From fa06581c73f560df57738d6ea72452cdbbb451f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 12 Jan 2015 14:05:33 +0100 Subject: [PATCH 3/3] Disable RC4 by default in example programs. --- ChangeLog | 1 + programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ 6 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index a965f8d4c..6c7a44606 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date) = PolarSSL 1.3.10 released ??? Changes * Example programs for SSL client and server now disable SSLv3 by default. + * Example programs for SSL client and server now disable RC4 by default. Features * Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 8f85b1016..5a0571c63 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -170,6 +170,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index ae1e155b9..07c1cd67a 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -267,6 +267,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 74f9d7bd2..8d6441deb 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -603,6 +603,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index aed2513b6..191292984 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -167,6 +167,8 @@ static void *handle_ssl_connection( void *data ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index eb44e07df..a8411591f 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -200,6 +200,8 @@ int main( int argc, char *argv[] ) /* SSLv3 is deprecated, set minimum to TLS 1.0 */ ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); + /* RC4 is deprecated, disable it */ + ssl_set_arc4_support( &ssl, SSL_ARC4_DISABLED ); ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout );