openssl, wolfssl: match mbedTLS ciphersuite list
authorEneas U de Queiroz via openwrt-devel <openwrt-devel@lists.openwrt.org>
Fri, 27 Jul 2018 19:11:36 +0000 (19:11 +0000)
committerJohn Crispin <john@phrozen.org>
Mon, 30 Jul 2018 06:16:10 +0000 (08:16 +0200)
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Use the same ciphersuite list as mbedTLS.
wolfssl was not honoring setting the minimum protocol with
SSL_CTX_set_options, so we must use TLSv1_2_server_method.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
ustream-openssl.c

index c6839ea773a687477d5cefde601b212dfd94dcc0..7c72ce1851f7257881584e616a7d95e3c69ff4eb 100644 (file)
 #include "ustream-ssl.h"
 #include "ustream-internal.h"
 
+
+/* Ciphersuite preference:
+ * - key exchange: prefer ECDHE, then DHE(client only), then RSA
+ * - prefer AEAD ciphers:
+ *     chacha20-poly1305, the fastest in software, 256-bits
+ *     aes128-gcm, 128-bits
+ *     aes256-gcm, 256-bits
+ * - CBC ciphers
+ *     aes128, aes256, 3DES(client only)
+ */
+
+#define ecdhe_ciphers                                                  \
+                               "ECDHE-ECDSA-CHACHA20-POLY1305:"        \
+                               "ECDHE-ECDSA-AES128-GCM-SHA256:"        \
+                               "ECDHE-ECDSA-AES256-GCM-SHA384:"        \
+                               "ECDHE-ECDSA-AES128-SHA:"               \
+                               "ECDHE-ECDSA-AES256-SHA:"               \
+                               "ECDHE-RSA-CHACHA20-POLY1305:"          \
+                               "ECDHE-RSA-AES128-GCM-SHA256:"          \
+                               "ECDHE-RSA-AES256-GCM-SHA384:"          \
+                               "ECDHE-RSA-AES128-SHA:"                 \
+                               "ECDHE-RSA-AES256-SHA"
+
+#define dhe_ciphers                                                    \
+                               "DHE-RSA-CHACHA20-POLY1305:"            \
+                               "DHE-RSA-AES128-GCM-SHA256:"            \
+                               "DHE-RSA-AES256-GCM-SHA384:"            \
+                               "DHE-RSA-AES128-SHA:"                   \
+                               "DHE-RSA-AES256-SHA:"                   \
+                               "DHE-DES-CBC3-SHA"
+
+#define non_pfs_aes                                                    \
+                               "AES128-GCM-SHA256:"                    \
+                               "AES256-GCM-SHA384:"                    \
+                               "AES128-SHA:"                           \
+                               "AES256-SHA"
+
+#define server_cipher_list                                             \
+                               ecdhe_ciphers ":"                       \
+                               non_pfs_aes
+
+#define client_cipher_list                                             \
+                               ecdhe_ciphers ":"                       \
+                               dhe_ciphers ":"                         \
+                               non_pfs_aes ":"                         \
+                               "DES-CBC3-SHA"
+
 __hidden struct ustream_ssl_ctx *
 __ustream_ssl_context_new(bool server)
 {
@@ -36,7 +83,7 @@ __ustream_ssl_context_new(bool server)
                SSL_library_init();
                _init = true;
        }
-# define TLS_server_method SSLv23_server_method
+# define TLS_server_method TLSv1_2_server_method
 # define TLS_client_method SSLv23_client_method
 #endif
 
@@ -50,17 +97,18 @@ __ustream_ssl_context_new(bool server)
                return NULL;
 
        SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
-       SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */
-#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L
+       SSL_CTX_set_options(c, SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_ECDH_USE |
+                              SSL_OP_CIPHER_SERVER_PREFERENCE);
+#if defined(SSL_CTX_set_ecdh_auto) && OPENSSL_VERSION_NUMBER < 0x10100000L
        SSL_CTX_set_ecdh_auto(c, 1);
 #endif
        if (server) {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
                SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION);
-#else
-               SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
 #endif
-               SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
+               SSL_CTX_set_cipher_list(c, server_cipher_list);
+       } else {
+               SSL_CTX_set_cipher_list(c, client_cipher_list);
        }
        SSL_CTX_set_quiet_shutdown(c, 1);