Closed
Bug 1267894
Opened 9 years ago
Closed 5 years ago
libSSL should allow selecting the order of cipher suites in ClientHello
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.47
People
(Reporter: julien.pierre, Assigned: marcus.apb)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
libSSL includes a hard-coded ordered list of SSL/TLS cipher suites, which controls the order in which cipher suites appear in the client's ClientHello message.
There are cases for which the application might want to use a different order than the hard-coded one.
For example, one may want to prioritize :
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
over
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
At the current time, this cannot be accomplished with the NSS API.
The only way to force
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA to be negotiated
is to disable
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
But this has the side affect of falling to possibly even less desirable cipher suites when operating with some servers.
IMO, NSS should include an API to allow the application to order the cipher suites.
A possibly prototype would be :
SECStatus SSL_CipherPrefOrderSet(PRFileDesc *fd, const PRInt32 cipherList[], const PRUint32 cipherNum);
and corresponding get function :
SECStatus SSL_CipherPrefOrderGet(PRFileDesc *fd, PRInt32 retCipherList[], PRUint32* cipherNum);
where cipherNum would be an in/out parameter, specifying the maximum size of the return array on input, and set to the actual number upon return.
|
||
Comment 1•9 years ago
|
||
If a cipher suite is not included in cipherList, where will it be ordered? Or will this function disable unlisted cipher suites implicitly?
|
Reporter | |
Comment 2•9 years ago
|
||
Masatoshi,
My proposal is that this single call to CipherPrefOrderSet would disable all cipher suites not listed in cipherList .
Ie, an application would use this call instead of calling SSL_CipherPrefSet multiple times.
|
|
||
Comment 3•9 years ago
|
||
Thanks for the clarification.
Another suggestion: I would not like to call this function every time I create an fd. (i.e. I want SSL_CipherPrefOrderSetDefault/SSL_CipherPrefOrderGetDefault.)
|
|
Reporter | |
Comment 4•9 years ago
|
||
Yes, we can add the global variants for this call as well. Note that you can use a model socket so you don't have to call this for every fd - just once, for the model socket. This is how Oracle apps work - one model socket per listener .
|
||
Updated•7 years ago
|
Priority: -- → P3
|
Assignee | |
Comment 5•6 years ago
|
||
Interesting. Just for a short contrib for now, this ordered ciphers can be also be accomplished by the server side. I know that this is not the point of this bug, but should work as a workaround.
Follow some references:
Apache: https://github.com/marcusburghardt/tool-apache/blob/master/SSL_TLS_config.md
NGINX: https://github.com/marcusburghardt/tool-nginx/blob/master/SSL_TLS_config.md
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → marcus.apb
Status: NEW → ASSIGNED
QA Contact: jjones
|
|
Assignee | |
Comment 6•5 years ago
|
||
Hi All,
Two new experimental functions were developed to permit changes in CipherSuites Ordering.
I will push the patch soon, which include, besides the new functions:
- A new cmd called ciphertst, used to manual testing of this functions and also as example code.
- Some small improvements in selfserv.c and tstclnt.c.
- Gtests for this new functions.
Thanks,
|
|
Assignee | |
Comment 7•5 years ago
|
||
|
||
Updated•5 years ago
|
Attachment #9075357 -
Attachment description: Bug 1267894 - New functions for CipherSuites Ordering, ciphertst, tstclnt, selfserv, gtests. r=jcj → Bug 1267894 - New functions for CipherSuites Ordering and gtests.
|
|
Assignee | |
Updated•5 years ago
|
Keywords: checkin-needed
|
||
Comment 8•5 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.47
You need to log in
before you can comment on or make changes to this bug.
Description
•