Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites #2092

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites #2092

wants to merge 17 commits into from
+220 −21

Conversation

smittals2
Copy link
Contributor

@smittals2 smittals2 commented Jan 2, 2025
edited
Loading

Issues:

CryptoAlg-2559

Description of changes:

  1. SSL_CTX_new now configures ctx->tls13_cipher_suites with default TLS 1.3 ciphers (did not previously). The default preference order for TLS 1.3 ciphersuites differs based on whether AES Hardware acceleration is enabled in AWS-LC, we match this behavior in SSL_CTX_new.
  2. Each time any cipher list is created or modified (either for TLS 1.3 or otherwise), ctx->cipher_list is updated with values from ctx->tls13_cipher_suites via a new function update_cipher_list. This function also updates in_group_flags accordingly.
  3. Outdated comments were updated
  4. Updates to existing tests to account for TLS 1.3 ciphersuites being configured by default

Call-outs:

In general, our TLS implementations pick ciphersuites against the given connection constraints/parameters. Adding TLS 1.3 ciphersuites to ctx->cipher_list does not modify this behavior or introduce new problems.

Testing:

Added tests to ensure TLS 1.3 ciphersuites are returned as configured when calling SSL_get_ciphers.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@smittals2 smittals2 changed the title [DRAFT] Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites Fix SSL_get_ciphers behavior to return TLS 1.3 ciphersuites Jan 2, 2025
@smittals2 smittals2 marked this pull request as ready for review January 2, 2025 23:55
@smittals2 smittals2 requested a review from a team as a code owner January 2, 2025 23:55
justsmth
justsmth previously approved these changes Jan 6, 2025
View reviewed changes
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 92.30769% with 6 lines in your changes missing coverage. Please review.

Project coverage is 78.75%. Comparing base (6aa30a9) to head (5fcdd4a).
Report is 6 commits behind head on main.

Files with missing lines Patch % Lines
ssl/ssl_cipher.cc 88.63% 5 Missing ⚠️
ssl/ssl_lib.cc 91.66% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2092   +/-   ##
=======================================
  Coverage   78.75%   78.75%           
=======================================
  Files         598      598           
  Lines      103653   103726   +73     
  Branches    14720    14735   +15     
=======================================
+ Hits        81634    81694   +60     
- Misses      21365    21379   +14     
+ Partials      654      653    -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@smittals2 smittals2 requested a review from justsmth January 6, 2025 20:48
andrewhop
andrewhop reviewed Jan 7, 2025
View reviewed changes
include/openssl/ssl.h
// 1.3, and functions to query the cipher list do not include TLS 1.3
// ciphers.
// Note: TLS 1.3 ciphersuites are only configurable via
// |SSL_[CTX]_set_ciphersuites|. Other setter functions have no impact on
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the event we publish the docs in the future please spell out the two methods so they link correctly.

include/openssl/ssl.h
Comment on lines +1701 to +1711
// TLS13_DEFAULT_CIPHER_LIST_AES_HW is the default TLS 1.3 cipher suite
// configuration when AES hardware acceleration is enabled.
#define TLS13_DEFAULT_CIPHER_LIST_AES_HW "TLS_AES_128_GCM_SHA256:" \
"TLS_AES_256_GCM_SHA384:" \
"TLS_CHACHA20_POLY1305_SHA256"

// TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW is the default TLS 1.3 cipher suite
// configuration when no AES hardware acceleration is enabled.
#define TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW "TLS_CHACHA20_POLY1305_SHA256:" \
"TLS_AES_128_GCM_SHA256:" \
"TLS_AES_256_GCM_SHA384"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these need to be in the public header? Do we expect customer to pass these back to us? Also how did you come up with these options?

ssl/ssl_lib.cc
Comment on lines +589 to +598
const bool has_aes_hw = EVP_has_aes_hardware();
const char *cipher_rule;
if (has_aes_hw) {
cipher_rule = TLS13_DEFAULT_CIPHER_LIST_AES_HW;
} else {
cipher_rule = TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW;
}

if (!SSL_CTX_set_ciphersuites(ret.get(), cipher_rule) ||
!SSL_CTX_set_strict_cipher_list(ret.get(), SSL_DEFAULT_CIPHER_LIST) ||
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this changing our behavior? From the PR description:

SSL_CTX_new now configures ctx->tls13_cipher_suites with default TLS 1.3 ciphers (did not previously).

What did we do before if you attempted to connect to a TLS 1.3 enabled endpoint?

ssl/ssl_cipher.cc
Comment on lines +1241 to +1242
// This function maintains the ordering of ciphersuites and places TLS 1.3
// ciphersuites at the front of the list.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the order of TLS 1.3 and the < 1.3 ciphersuites affect what gets negotiated?

ssl/ssl_cipher.cc
return 0;
}

// Delete any existing TLSv1.3 ciphersuites. These will be first in the list
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this enforced by AWS-LC or could a customer pass in a list with the wrong order?

ssl/ssl_cipher.cc
@@ -1234,7 +1234,88 @@ static bool is_known_default_alias_keyword_filter_rule(const char *rule,
return false;
}

bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
// update_cipher_list updates |ctx->cipher_list| by:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment explains what this function does, but why do we need to remove everything and then create a new list?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewhop andrewhop andrewhop left review comments

@justsmth justsmth Awaiting requested review from justsmth

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@smittals2 @codecov-commenter @andrewhop @justsmth