From: Matt Caswell Date: Wed, 18 Jul 2018 15:13:14 +0000 (+0100) Subject: Turn on TLSv1.3 downgrade protection by default X-Git-Tag: OpenSSL_1_1_1-pre9~18 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9f22c527232d8babfa4827dff34a6707e8880dd9;ds=sidebyside Turn on TLSv1.3 downgrade protection by default Reviewed-by: Ben Kaduk Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6741) --- diff --git a/Configure b/Configure index 059271275d..c9f6ea760b 100755 --- a/Configure +++ b/Configure @@ -405,7 +405,6 @@ my @disablables = ( "tests", "threads", "tls", - "tls13downgrade", "ts", "ubsan", "ui-console", @@ -449,7 +448,6 @@ our %disabled = ( # "what" => "comment" "ssl3" => "default", "ssl3-method" => "default", "ubsan" => "default", - "tls13downgrade" => "default", "unit-test" => "default", "weak-ssl-ciphers" => "default", "zlib" => "default", diff --git a/INSTALL b/INSTALL index 34023dcd75..ff0aa6d127 100644 --- a/INSTALL +++ b/INSTALL @@ -476,16 +476,6 @@ require additional system-dependent options! See "Note on multi-threading" below. - enable-tls13downgrade - TODO(TLS1.3): Make this enabled by default and remove the - option when TLSv1.3 is out of draft - TLSv1.3 offers a downgrade protection mechanism. This is - implemented but disabled by default. It should not typically - be enabled except for testing purposes. Otherwise this could - cause problems if a pre-RFC version of OpenSSL talks to an - RFC implementation (it will erroneously be detected as a - downgrade). - no-ts Don't build Time Stamping Authority support. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c170eed5e1..5ecbc3c554 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4568,7 +4568,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, } else { ret = RAND_bytes(result, len); } -#ifndef OPENSSL_NO_TLS13DOWNGRADE + if (ret > 0) { if (!ossl_assert(sizeof(tls11downgrade) < len) || !ossl_assert(sizeof(tls12downgrade) < len)) @@ -4580,7 +4580,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, sizeof(tls11downgrade)); } -#endif + return ret; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d04f8773de..38121b7fd2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1914,7 +1914,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) if (s->version != vent->version) continue; -#ifndef OPENSSL_NO_TLS13DOWNGRADE /* Check for downgrades */ if (s->version == TLS1_2_VERSION && highver > s->version) { if (memcmp(tls12downgrade, @@ -1941,7 +1940,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) return 0; } } -#endif s->method = method; return 1; diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t index cc5fb16d2b..f7c8812345 100644 --- a/test/recipes/70-test_tls13downgrade.t +++ b/test/recipes/70-test_tls13downgrade.t @@ -26,10 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled" if disabled("tls1_3") || disabled("tls1_2"); -# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft -plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation" - if disabled("tls13downgrade"); - $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new(