From dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Tue, 2 Feb 2016 16:26:38 +0100 Subject: [PATCH] RT3234: disable compression CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: Rich Salz --- CHANGES | 6 ++++++ apps/apps.h | 6 +++--- doc/ssl/SSL_CONF_cmd.pod | 8 ++++++-- ssl/ssl_conf.c | 4 ++-- ssl/ssl_lib.c | 7 +++++++ util/TLSProxy/Proxy.pm | 2 +- 6 files changed, 25 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index dd72036dd4..d0d3a2629a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 1.0.2f and 1.1.0 [xx XXX xxxx] + *) CRIME protection: disable compression by default, even if OpenSSL is + compiled with zlib enabled. Applications can still enable compression + by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by + using the SSL_CONF library to configure compression. + [Emilia Käsper] + *) The signature of the session callback configured with SSL_CTX_sess_set_get_cb was changed. The read-only input buffer was explicitly marked as 'const unsigned char*' instead of diff --git a/apps/apps.h b/apps/apps.h index 93172b5eb0..52e57f8321 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -285,7 +285,7 @@ void wait_for_async(SSL *s); # define OPT_S_ENUM \ OPT_S__FIRST=3000, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ + OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ @@ -298,7 +298,7 @@ void wait_for_async(SSL *s); {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \ {"bugs", OPT_S_BUGS, '-' }, \ - {"no_comp", OPT_S_NOCOMP, '-', "Don't use SSL/TLS-level compression" }, \ + {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \ {"no_ticket", OPT_S_NOTICKET, '-' }, \ {"serverpref", OPT_S_SERVERPREF, '-' }, \ @@ -327,7 +327,7 @@ void wait_for_async(SSL *s); case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ case OPT_S_BUGS: \ - case OPT_S_NOCOMP: \ + case OPT_S_COMP: \ case OPT_S_ECDHSINGLE: \ case OPT_S_NOTICKET: \ case OPT_S_SERVERPREF: \ diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index a74117df0d..6947865318 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -131,9 +131,9 @@ These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>. Various bug workarounds are set, same as setting B. -=item B<-no_comp> +=item B<-comp> -Disables support for SSL/TLS compression, same as setting B. +Enables support for SSL/TLS compression, same as clearing B. =item B<-no_ticket> @@ -495,6 +495,10 @@ Disable TLS session tickets: SSL_CONF_cmd(ctx, "Options", "-SessionTicket"); +Enable compression: + + SSL_CONF_cmd(ctx, "Options", "Compression"); + Set supported curves to P-256, P-384: SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 2c40df1593..d0935cf0e5 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -581,7 +581,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_tls1_1", 0), SSL_CONF_CMD_SWITCH("no_tls1_2", 0), SSL_CONF_CMD_SWITCH("bugs", 0), - SSL_CONF_CMD_SWITCH("no_comp", 0), + SSL_CONF_CMD_SWITCH("comp", 0), SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("no_ticket", 0), SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER), @@ -640,7 +640,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ {SSL_OP_ALL, 0}, /* bugs */ - {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ + {SSL_OP_NO_COMPRESSION, 1}, /* comp */ {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ {SSL_OP_NO_TICKET, 0}, /* no_ticket */ {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a43ec52736..878ff4c1fe 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2362,6 +2362,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) * deployed might change this. */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + /* + * Disable compression by default to prevent CRIME. Applications can + * re-enable compression by configuring + * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); + * or by using the SSL_CONF library. + */ + ret->options |= SSL_OP_NO_COMPRESSION; return (ret); err: diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index 0abd312462..8d18dcc7c1 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -142,7 +142,7 @@ sub start or die "Failed to redirect stdout"; open(STDERR, ">&STDOUT"); my $execcmd = $self->execute - ." s_server -no_comp -rev -engine ossltest -accept " + ." s_server -rev -engine ossltest -accept " .($self->server_port) ." -cert ".$self->cert." -naccept ".$self->serverconnects; if ($self->ciphers ne "") { -- 2.34.1