Disable SHA-2 ciphersuites in < TLS 1.2 connections.

(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley

diff --git a/CHANGES b/CHANGES
index 6bd5420d2ca75b18b3954706fbb92fd6c1218e0f..1611dbeb3d4f8abfe46b8f09d6c1040849f881d9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -291,6 +291,9 @@
   
  Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
 
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
   *) Workarounds for some broken servers that "hang" if a client hello
      record length exceeds 255 bytes:
  

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bd373e326b9ce44c98bed510461e1e3b416052ec..8ba557a919a27530769388b7508d64c44c520eec 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1076,7 +1076,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_eNULL,
        SSL_SHA256,
-       SSL_SSLV3,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
@@ -1092,7 +1092,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1108,7 +1108,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1124,7 +1124,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1140,7 +1140,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1156,7 +1156,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1390,7 +1390,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1406,7 +1406,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1422,7 +1422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1438,7 +1438,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1454,7 +1454,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1470,7 +1470,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1486,7 +1486,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,