generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't alow TLS v1.0 ciphersuites for SSLv3

Browse Source 
This disables some ciphersuites which aren't supported in SSL v3:
specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC.

Thanks to the Open Crypto Audit Project for identifying this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-11-13 14:37:24 +00:00
parent 5e3d21fef1
commit 2b573382f8
5 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/s3_lib.c
View File

@ -4841,6 +4841,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
/* Skip TLS v1.2 only ciphersuites if not supported */ /* Skip TLS v1.2 only ciphersuites if not supported */
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
continue; continue;
/* Skip TLS v1.0 ciphersuites if SSLv3 */
if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
continue;
ssl_set_masks(s, c); ssl_set_masks(s, c);
mask_k = s->s3->tmp.mask_k; mask_k = s->s3->tmp.mask_k;

2
ssl/ssl_ciph.c
View File

@ -1621,6 +1621,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
if (alg_ssl & SSL_SSLV3) if (alg_ssl & SSL_SSLV3)
ver = "SSLv3"; ver = "SSLv3";
else if (alg_ssl & SSL_TLSV1)
ver = "TLSv1.0";
else if (alg_ssl & SSL_TLSV1_2) else if (alg_ssl & SSL_TLSV1_2)
ver = "TLSv1.2"; ver = "TLSv1.2";
else else

4
ssl/ssl_locl.h
View File

@ -381,8 +381,8 @@
/* Bits for algorithm_ssl (protocol version) */ /* Bits for algorithm_ssl (protocol version) */
# define SSL_SSLV3 0x00000002U # define SSL_SSLV3 0x00000002U
# define SSL_TLSV1 SSL_SSLV3/* for now */ # define SSL_TLSV1 0x00000004U
# define SSL_TLSV1_2 0x00000004U # define SSL_TLSV1_2 0x00000008U
/* Bits for algorithm2 (handshake digests and other extra flags) */ /* Bits for algorithm2 (handshake digests and other extra flags) */

3
ssl/statem/statem_clnt.c
View File

@ -1325,6 +1325,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
s->s3->tmp.mask_ssl = SSL_TLSV1_2; s->s3->tmp.mask_ssl = SSL_TLSV1_2;
else else
s->s3->tmp.mask_ssl = 0; s->s3->tmp.mask_ssl = 0;
/* Skip TLS v1.0 ciphersuites if SSLv3 */
if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
s->s3->tmp.mask_ssl |= SSL_TLSV1;
/* /*
* If it is a disabled cipher we didn't send it in client hello, so * If it is a disabled cipher we didn't send it in client hello, so
* return an error. * return an error.

3
ssl/t1_lib.c
View File

@ -1094,6 +1094,9 @@ void ssl_set_client_disabled(SSL *s)
s->s3->tmp.mask_ssl = SSL_TLSV1_2; s->s3->tmp.mask_ssl = SSL_TLSV1_2;
else else
s->s3->tmp.mask_ssl = 0; s->s3->tmp.mask_ssl = 0;
/* Disable TLS 1.0 ciphers if using SSL v3 */
if (s->client_version == SSL3_VERSION)
s->s3->tmp.mask_ssl |= SSL_TLSV1;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
/* /*
* Disable static DH if we don't include any appropriate signature * Disable static DH if we don't include any appropriate signature