To avoid SWEET32 attack, move 3DES to weak

Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
d33726b9 · Rich Salz · Matt Caswell · cfd20f64 · d33726b9 · d33726b9
隐藏空白更改
内联并排

Showing with 22 addition and 13 deletion

CHANGES CHANGES +4 -0

ssl/s3_lib.c ssl/s3_lib.c +18 -0

test/cipherlist_test.c test/cipherlist_test.c +0 -13

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@

 Changes between 1.0.2h and 1.1.0  [xx XXX xxxx]

+  *) Because of the SWEET32 attack, 3DES cipher suites have been disabled by
+     default like RC4.  See the RC4 item below to re-enable both.
+     [Rich Salz]
+
  *) The method for finding the storage location for the Windows RAND seed file
     has changed. First we check %RANDFILE%. If that is not set then we check
     the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If

--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -97,6 +97,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     0,
     0,
     },
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_DES_192_CBC3_SHA,
@@ -157,6 +158,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+#endif
    {
     1,
     TLS1_TXT_RSA_WITH_AES_128_SHA,
@@ -849,6 +851,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     0,
     0,
     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
@@ -864,6 +867,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
@@ -909,6 +913,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     0,
     0,
     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
@@ -924,6 +929,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@@ -969,6 +975,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     0,
     0,
     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
@@ -984,6 +991,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
@@ -1182,6 +1190,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     0,
     0,
     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1197,6 +1206,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
@@ -1227,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     256,
     256,
     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1242,6 +1253,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
@@ -1272,6 +1284,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     256,
     256,
     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1287,6 +1300,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
@@ -1588,6 +1602,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     0,
     },
 # ifndef OPENSSL_NO_EC
+#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -1603,6 +1618,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+#  endif
    {
     1,
     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
@@ -1712,6 +1728,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
 #endif                          /* OPENSSL_NO_PSK */

 #ifndef OPENSSL_NO_SRP
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
@@ -1757,6 +1774,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+# endif
    {
     1,
     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,

--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -104,16 +104,6 @@ static const uint32_t default_ciphers_in_order[] = {
    TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
 #endif

-#ifndef OPENSSL_NO_DES
-# ifndef OPENSSL_NO_EC
-    TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-    TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-# endif
-# ifndef OPENSSL_NO_DH
-    SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
-# endif
-#endif  /* !OPENSSL_NO_DES */
-
 #ifndef OPENSSL_NO_TLS1_2
    TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
    TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
@@ -123,9 +113,6 @@ static const uint32_t default_ciphers_in_order[] = {

    TLS1_CK_RSA_WITH_AES_256_SHA,
    TLS1_CK_RSA_WITH_AES_128_SHA,
-#ifndef OPENSSL_NO_DES
-    SSL3_CK_RSA_DES_192_CBC3_SHA,
-#endif
 };

 static int test_default_cipherlist(SSL_CTX *ctx)