Disable EXPORT and LOW SSLv3+ ciphers by default

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-19 13:05:11 -05:00 · 2016-02-19 13:05:11 -05:00 · abd5d8fbef
commit abd5d8fbef
parent a82cfd612b
5 changed files with 86 additions and 9 deletions
--- a/5
+++ b/5
@ -4,6 +4,11 @@
 Changes between 1.0.1r and 1.0.1s [xx XXX xxxx]
  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
    Builds that are not configured with "enable-weak-ssl-ciphers" will not
    provide any "EXPORT" or "LOW" strength ciphers.
    [Viktor Dukhovni]
  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
    is by default disabled at build-time.  Builds that are not configured with
    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
--- a/5
+++ b/5
@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
 # enable-weak-ssl-ciphers
 #		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
 #		default.  Note, weak SSLv2 ciphers are unconditionally
 #		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@ -729,6 +733,7 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "ssl2"           => "default",
 		 "store"	  => "experimental",
 		 "unit-test"	  => "default",
 		 "weak-ssl-ciphers" => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );
--- a/1
+++ b/1
@ -7,6 +7,7 @@
  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [under development]
      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
      o Disable SSLv2 default build, default negotiation and weak ciphers.
  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@ -136,34 +136,46 @@ than 128 bits, and some cipher suites with 128-bit keys.
 =item B<LOW>
-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+Low strength encryption cipher suites, currently those using 64 or 56 bit
-but excluding export cipher suites.
+encryption algorithms but excluding export cipher suites.
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<EXP>, B<EXPORT>
-export encryption algorithms. Including 40 and 56 bits algorithms.
+Export strength encryption algorithms. Including 40 and 56 bits algorithms.
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<EXPORT40>
-40 bit export encryption algorithms
+40-bit export encryption algorithms
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<EXPORT56>
-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
 56 bit export ciphers is empty unless OpenSSL has been explicitly configured
 with support for experimental ciphers.
 As of OpenSSL 1.0.1s, these are disabled in default builds.
 =item B<eNULL>, B<NULL>
-the "NULL" ciphers that is those offering no encryption. Because these offer no
+The "NULL" ciphers that is those offering no encryption. Because these offer no
-encryption at all and are a security risk they are disabled unless explicitly
+encryption at all and are a security risk they are not enabled via either the
-included.
+B<DEFAULT> or B<ALL> cipher strings.
 Be careful when building cipherlists out of lower-level primitives such as
 B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers.
 When in doubt, include B<!eNULL> in your cipherlist.
 =item B<aNULL>
-the cipher suites offering no authentication. This is currently the anonymous
+The cipher suites offering no authentication. This is currently the anonymous
 DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
 to a "man in the middle" attack and so their use is normally discouraged.
 These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
 ciphers.
 Be careful when building cipherlists out of lower-level primitives such as
 B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
 When in doubt, include B<!aNULL> in your cipherlist.
 =item B<kRSA>, B<RSA>
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -203,6 +203,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 03 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC4_40_MD5,
@ -217,6 +218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 #endif
 /* Cipher 04 */
    {
@ -251,6 +253,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 06 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_RC2_40_MD5,
@ -265,6 +268,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 #endif
 /* Cipher 07 */
 #ifndef OPENSSL_NO_IDEA
@ -285,6 +289,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 #endif
 /* Cipher 08 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_DES_40_CBC_SHA,
@ -299,8 +304,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 #endif
 /* Cipher 09 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_RSA_DES_64_CBC_SHA,
@ -315,6 +322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 #endif
 /* Cipher 0A */
    {
@ -334,6 +342,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 /* The DH ciphers */
 /* Cipher 0B */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,
     SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
@ -348,8 +357,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 #endif
 /* Cipher 0C */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,                         /* not implemented (non-ephemeral DH) */
     SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
@ -364,6 +375,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 #endif
 /* Cipher 0D */
    {
@ -382,6 +394,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 0E */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,                         /* not implemented (non-ephemeral DH) */
     SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
@ -396,8 +409,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 #endif
 /* Cipher 0F */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     0,                         /* not implemented (non-ephemeral DH) */
     SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
@ -412,6 +427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 #endif
 /* Cipher 10 */
    {
@ -431,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 /* The Ephemeral DH ciphers */
 /* Cipher 11 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
@ -445,8 +462,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 #endif
 /* Cipher 12 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
@ -461,6 +480,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 #endif
 /* Cipher 13 */
    {
@ -479,6 +499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 14 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
@ -493,8 +514,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 #endif
 /* Cipher 15 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
@ -509,6 +532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 #endif
 /* Cipher 16 */
    {
@ -527,6 +551,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 17 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_ADH_RC4_40_MD5,
@ -541,6 +566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 #endif
 /* Cipher 18 */
    {
@ -559,6 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 19 */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_ADH_DES_40_CBC_SHA,
@ -573,8 +600,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 #endif
 /* Cipher 1A */
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_ADH_DES_64_CBC_SHA,
@ -589,6 +618,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 #endif
 /* Cipher 1B */
    {
@ -660,6 +690,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers*/
 /* Cipher 1E */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_64_CBC_SHA,
@ -674,6 +705,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 # endif
 /* Cipher 1F */
    {
@ -724,6 +756,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 22 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_64_CBC_MD5,
@ -738,6 +771,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 # endif
 /* Cipher 23 */
    {
@ -788,6 +822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     },
 /* Cipher 26 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_40_CBC_SHA,
@ -802,8 +837,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 # endif
 /* Cipher 27 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@ -818,8 +855,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 # endif
 /* Cipher 28 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC4_40_SHA,
@ -834,8 +873,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 # endif
 /* Cipher 29 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_DES_40_CBC_MD5,
@ -850,8 +891,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     56,
     },
 # endif
 /* Cipher 2A */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@ -866,8 +909,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 # endif
 /* Cipher 2B */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     SSL3_TXT_KRB5_RC4_40_MD5,
@ -882,6 +927,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     40,
     128,
     },
 # endif
 #endif                          /* OPENSSL_NO_KRB5 */
 /* New AES ciphersuites */
@ -1305,6 +1351,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
 # endif
    /* Cipher 62 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
@ -1319,8 +1366,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 # endif
    /* Cipher 63 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
@ -1335,8 +1384,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     56,
     },
 # endif
    /* Cipher 64 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
@ -1351,8 +1402,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     128,
     },
 # endif
    /* Cipher 65 */
 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
     1,
     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
@ -1367,6 +1420,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
     56,
     128,
     },
 # endif
    /* Cipher 66 */
    {