#2816: Modernise TLS configuration

2025-05-28 07:11:30 +02:00 · 2020-02-04 09:33:31 +01:00 · 2020-02-04 09:33:31 +01:00 · d33a39a987
commit d33a39a987
parent fafa92d353
2 changed files with 122 additions and 26 deletions
--- a/NetSSL_OpenSSL/include/Poco/Net/Context.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/Context.h
@ -164,10 +164,28 @@ public:
 			/// Specifies a file containing Diffie-Hellman parameters.
 			/// If empty, the default parameters are used.

+		bool dhUse2048Bits;
+			/// If set to true, will use 2048-bit MODP Group with 256-bit
+			/// prime order subgroup (RFC5114) instead of 1024-bit for DH.
+
 		std::string ecdhCurve;
-			/// Specifies the name of the curve to use for ECDH, based
-			/// on the curve names specified in RFC 4492.
-			/// Defaults to "prime256v1".
+			/// OpenSSL 1.0.1 and earlier:
+			///   Specifies the name of the curve to use for ECDH, based
+			///   on the curve names specified in RFC 4492.
+			///   Defaults to "prime256v1".
+			/// OpenSSL 1.0.2 to 1.1.0:
+			///   Specifies the colon-separated list of curves
+			///   to be used for ECDH, based on the curve names
+			///   defined by OpenSSL, such as
+			///   "X448:X25519:P-521:P-384:P-256"
+			///   Defaults to the subset supported by the OpenSSL version
+			///   among the above.
+			/// OpenSSL 1.1.1 and above:
+			///   Specifies the colon-separated list of groups
+			///   (some of which can be curves) to be used for ECDH
+			///   and other TLSv1.3 ephemeral key negotiation, based
+			///   on the group names defined by OpenSSL. Defaults to
+			///   "X448:X25519:ffdhe4096:ffdhe3072:ffdhe2048:ffdhe6144:ffdhe8192:P-521:P-384:P-256"
 	};

 	Context(Usage usage, const Params& params);
@ -383,7 +401,7 @@ private:
 	void init(const Params& params);
 		/// Initializes the Context with the given parameters.

-	void initDH(const std::string& dhFile);
+	void initDH(bool use2048Bits, const std::string& dhFile);
 		/// Initializes the Context with Diffie-Hellman parameters.

 	void initECDH(const std::string& curve);
--- a/NetSSL_OpenSSL/src/Context.cpp
+++ b/NetSSL_OpenSSL/src/Context.cpp
@ -34,7 +34,8 @@ Context::Params::Params():
 	verificationMode(VERIFY_RELAXED),
 	verificationDepth(9),
 	loadDefaultCAs(false),
-	cipherList("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH")
+	cipherList("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"),
+	dhUse2048Bits(false)
 {
 }

@ -174,7 +175,7 @@ void Context::init(const Params& params)
 		SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY);
 		SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF);

-		initDH(params.dhParamsFile);
+		initDH(params.dhUse2048Bits, params.dhParamsFile);
 		initECDH(params.ecdhCurve);
 	}
 	catch (...)
@ -576,20 +577,9 @@ void Context::createSSLContext()
 }


-void Context::initDH(const std::string& dhParamsFile)
+void Context::initDH(bool use2048Bits, const std::string& dhParamsFile)
 {
 #ifndef OPENSSL_NO_DH
-    // 1024-bit MODP Group with 160-bit prime order subgroup (RFC5114)
-	// -----BEGIN DH PARAMETERS-----
-	// MIIBDAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y
-	// mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4
-	// +qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV
-	// w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0
-	// sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR
-	// jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5QICAKA=
-	// -----END DH PARAMETERS-----
-	//
-
 	static const unsigned char dh1024_p[] =
 	{
 		0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,
@ -620,6 +610,58 @@ void Context::initDH(const std::string& dhParamsFile)
 		0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5,
 	};

+	static const unsigned char dh2048_p[] =
+	{
+		0x87,0xA8,0xE6,0x1D,0xB4,0xB6,0x66,0x3C,0xFF,0xBB,0xD1,0x9C,
+		0x65,0x19,0x59,0x99,0x8C,0xEE,0xF6,0x08,0x66,0x0D,0xD0,0xF2,
+		0x5D,0x2C,0xEE,0xD4,0x43,0x5E,0x3B,0x00,0xE0,0x0D,0xF8,0xF1,
+		0xD6,0x19,0x57,0xD4,0xFA,0xF7,0xDF,0x45,0x61,0xB2,0xAA,0x30,
+		0x16,0xC3,0xD9,0x11,0x34,0x09,0x6F,0xAA,0x3B,0xF4,0x29,0x6D,
+		0x83,0x0E,0x9A,0x7C,0x20,0x9E,0x0C,0x64,0x97,0x51,0x7A,0xBD,
+		0x5A,0x8A,0x9D,0x30,0x6B,0xCF,0x67,0xED,0x91,0xF9,0xE6,0x72,
+		0x5B,0x47,0x58,0xC0,0x22,0xE0,0xB1,0xEF,0x42,0x75,0xBF,0x7B,
+		0x6C,0x5B,0xFC,0x11,0xD4,0x5F,0x90,0x88,0xB9,0x41,0xF5,0x4E,
+		0xB1,0xE5,0x9B,0xB8,0xBC,0x39,0xA0,0xBF,0x12,0x30,0x7F,0x5C,
+		0x4F,0xDB,0x70,0xC5,0x81,0xB2,0x3F,0x76,0xB6,0x3A,0xCA,0xE1,
+		0xCA,0xA6,0xB7,0x90,0x2D,0x52,0x52,0x67,0x35,0x48,0x8A,0x0E,
+		0xF1,0x3C,0x6D,0x9A,0x51,0xBF,0xA4,0xAB,0x3A,0xD8,0x34,0x77,
+		0x96,0x52,0x4D,0x8E,0xF6,0xA1,0x67,0xB5,0xA4,0x18,0x25,0xD9,
+		0x67,0xE1,0x44,0xE5,0x14,0x05,0x64,0x25,0x1C,0xCA,0xCB,0x83,
+		0xE6,0xB4,0x86,0xF6,0xB3,0xCA,0x3F,0x79,0x71,0x50,0x60,0x26,
+		0xC0,0xB8,0x57,0xF6,0x89,0x96,0x28,0x56,0xDE,0xD4,0x01,0x0A,
+		0xBD,0x0B,0xE6,0x21,0xC3,0xA3,0x96,0x0A,0x54,0xE7,0x10,0xC3,
+		0x75,0xF2,0x63,0x75,0xD7,0x01,0x41,0x03,0xA4,0xB5,0x43,0x30,
+		0xC1,0x98,0xAF,0x12,0x61,0x16,0xD2,0x27,0x6E,0x11,0x71,0x5F,
+		0x69,0x38,0x77,0xFA,0xD7,0xEF,0x09,0xCA,0xDB,0x09,0x4A,0xE9,
+		0x1E,0x1A,0x15,0x97,
+	};
+
+	static const unsigned char dh2048_g[] =
+	{
+		0x3F,0xB3,0x2C,0x9B,0x73,0x13,0x4D,0x0B,0x2E,0x77,0x50,0x66,
+		0x60,0xED,0xBD,0x48,0x4C,0xA7,0xB1,0x8F,0x21,0xEF,0x20,0x54,
+		0x07,0xF4,0x79,0x3A,0x1A,0x0B,0xA1,0x25,0x10,0xDB,0xC1,0x50,
+		0x77,0xBE,0x46,0x3F,0xFF,0x4F,0xED,0x4A,0xAC,0x0B,0xB5,0x55,
+		0xBE,0x3A,0x6C,0x1B,0x0C,0x6B,0x47,0xB1,0xBC,0x37,0x73,0xBF,
+		0x7E,0x8C,0x6F,0x62,0x90,0x12,0x28,0xF8,0xC2,0x8C,0xBB,0x18,
+		0xA5,0x5A,0xE3,0x13,0x41,0x00,0x0A,0x65,0x01,0x96,0xF9,0x31,
+		0xC7,0x7A,0x57,0xF2,0xDD,0xF4,0x63,0xE5,0xE9,0xEC,0x14,0x4B,
+		0x77,0x7D,0xE6,0x2A,0xAA,0xB8,0xA8,0x62,0x8A,0xC3,0x76,0xD2,
+		0x82,0xD6,0xED,0x38,0x64,0xE6,0x79,0x82,0x42,0x8E,0xBC,0x83,
+		0x1D,0x14,0x34,0x8F,0x6F,0x2F,0x91,0x93,0xB5,0x04,0x5A,0xF2,
+		0x76,0x71,0x64,0xE1,0xDF,0xC9,0x67,0xC1,0xFB,0x3F,0x2E,0x55,
+		0xA4,0xBD,0x1B,0xFF,0xE8,0x3B,0x9C,0x80,0xD0,0x52,0xB9,0x85,
+		0xD1,0x82,0xEA,0x0A,0xDB,0x2A,0x3B,0x73,0x13,0xD3,0xFE,0x14,
+		0xC8,0x48,0x4B,0x1E,0x05,0x25,0x88,0xB9,0xB7,0xD2,0xBB,0xD2,
+		0xDF,0x01,0x61,0x99,0xEC,0xD0,0x6E,0x15,0x57,0xCD,0x09,0x15,
+		0xB3,0x35,0x3B,0xBB,0x64,0xE0,0xEC,0x37,0x7F,0xD0,0x28,0x37,
+		0x0D,0xF9,0x2B,0x52,0xC7,0x89,0x14,0x28,0xCD,0xC6,0x7E,0xB6,
+		0x18,0x4B,0x52,0x3D,0x1D,0xB2,0x46,0xC3,0x2F,0x63,0x07,0x84,
+		0x90,0xF0,0x0E,0xF8,0xD6,0x47,0xD1,0x48,0xD4,0x79,0x54,0x51,
+		0x5E,0x23,0x27,0xCF,0xEF,0x98,0xC5,0x82,0x66,0x4B,0x4C,0x0F,
+		0x6C,0xC4,0x16,0x59,
+	};
+
 	DH* dh = 0;
 	if (!dhParamsFile.empty())
 	{
@ -646,19 +688,38 @@ void Context::initDH(const std::string& dhParamsFile)
 			throw SSLContextException("Error creating Diffie-Hellman parameters", msg);
 		}
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-		BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
-		BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
-		DH_set0_pqg(dh, p, 0, g);
-		DH_set_length(dh, 160);
+		if (use2048Bits)
+		{
+			BIGNUM* p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), 0);
+			BIGNUM* g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), 0);
+			DH_set0_pqg(dh, p, 0, g);
+			DH_set_length(dh, 256);
+		}
+		else
+		{
+			BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
+			BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
+			DH_set0_pqg(dh, p, 0, g);
+			DH_set_length(dh, 160);
+		}
 		if (!p || !g)
 		{
 			DH_free(dh);
 			throw SSLContextException("Error creating Diffie-Hellman parameters");
 		}
 #else
-		dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
-		dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
-		dh->length = 160;
+		if (use2048Bits)
+		{
+			dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), 0);
+			dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), 0);
+			dh->length = 256;
+		}
+		else
+		{
+			dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
+			dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
+			dh->length = 160;
+		}
 		if ((!dh->p) || (!dh->g))
 		{
 			DH_free(dh);
@ -678,8 +739,25 @@ void Context::initDH(const std::string& dhParamsFile)

 void Context::initECDH(const std::string& curve)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ 	const std::string groups(curve.empty() ?
+ #if   OPENSSL_VERSION_NUMBER >= 0x1010100fL
+ 				   "X448:X25519:ffdhe4096:ffdhe3072:ffdhe2048:ffdhe6144:ffdhe8192:P-521:P-384:P-256"
+ #elif OPENSSL_VERSION_NUMBER >= 0x1010000fL
+ 	// while OpenSSL 1.1.0 didn't support Ed25519 (EdDSA using Curve25519),
+ 	// it did support X25519 (ECDH using Curve25516).
+ 				   "X25519:P-521:P-384:P-256"
+ #else
+ 				   "P-521:P-384:P-256"
+ #endif
+ 				   : curve);
+ 	if (SSL_CTX_set1_curves_list(_pSSLContext, groups.c_str()) == 0)
+ 	{
+ 		throw SSLContextException("Cannot set ECDH groups", groups);
+ 	}
+ 	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
+ #elif OPENSSL_VERSION_NUMBER >= 0x0090800fL
 	int nid = 0;
 	if (!curve.empty())
 	{