Turn on TLSv1.3 downgrade protection by default
authorMatt Caswell <matt@openssl.org>
Wed, 18 Jul 2018 15:13:14 +0000 (16:13 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 15 Aug 2018 11:33:30 +0000 (12:33 +0100)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)

Configure
INSTALL
ssl/s3_lib.c
ssl/statem/statem_lib.c
test/recipes/70-test_tls13downgrade.t

index 0592712..c9f6ea7 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -405,7 +405,6 @@ my @disablables = (
     "tests",
     "threads",
     "tls",
-    "tls13downgrade",
     "ts",
     "ubsan",
     "ui-console",
@@ -449,7 +448,6 @@ our %disabled = ( # "what"         => "comment"
                  "ssl3"                => "default",
                  "ssl3-method"         => "default",
                   "ubsan"              => "default",
-                 "tls13downgrade"      => "default",
                  "unit-test"           => "default",
                  "weak-ssl-ciphers"    => "default",
                  "zlib"                => "default",
diff --git a/INSTALL b/INSTALL
index 34023dc..ff0aa6d 100644 (file)
--- a/INSTALL
+++ b/INSTALL
                    require additional system-dependent options! See "Note on
                    multi-threading" below.
 
-  enable-tls13downgrade
-                   TODO(TLS1.3): Make this enabled by default and remove the
-                   option when TLSv1.3 is out of draft
-                   TLSv1.3 offers a downgrade protection mechanism. This is
-                   implemented but disabled by default. It should not typically
-                   be enabled except for testing purposes. Otherwise this could
-                   cause problems if a pre-RFC version of OpenSSL talks to an
-                   RFC implementation (it will erroneously be detected as a
-                   downgrade).
-
   no-ts
                    Don't build Time Stamping Authority support.
 
index c170eed..5ecbc3c 100644 (file)
@@ -4568,7 +4568,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
     } else {
         ret = RAND_bytes(result, len);
     }
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
+
     if (ret > 0) {
         if (!ossl_assert(sizeof(tls11downgrade) < len)
                 || !ossl_assert(sizeof(tls12downgrade) < len))
@@ -4580,7 +4580,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
             memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
                    sizeof(tls11downgrade));
     }
-#endif
+
     return ret;
 }
 
index d04f877..38121b7 100644 (file)
@@ -1914,7 +1914,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
         if (s->version != vent->version)
             continue;
 
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
         /* Check for downgrades */
         if (s->version == TLS1_2_VERSION && highver > s->version) {
             if (memcmp(tls12downgrade,
@@ -1941,7 +1940,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
                 return 0;
             }
         }
-#endif
 
         s->method = method;
         return 1;
index cc5fb16..f7c8812 100644 (file)
@@ -26,10 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled"
 plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
     if disabled("tls1_3") || disabled("tls1_2");
 
-# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft
-plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation"
-    if disabled("tls13downgrade");
-
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 
 my $proxy = TLSProxy::Proxy->new(