sectransp: Remove large cipher table #13823
Conversation
Previously a large table of ciphers was used to determine the default ciphers and to lookup manually selected ciphers names. With the lookup of the manually selected cipher names moved to Curl_cipher_suite_walk_str() the large table is no longer needed for that purpose. The list of manually selected cipher can now be intersected with the ciphers supported by Secure Transport (SSLGetSupportedCiphers()), instead of using the fixed table for that. The other use of the table was to filter the list of all supported ciphers offered by Secure Transport to create a list of ciphers to use by default, excluding ciphers in the table marked as weak. Instead of using a complement based approach (exclude weak), switch to using an intersection with a smaller list of ciphers deemed appropriate.
| CIPHER_STRONG_ENOUGH), | ||
| #endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */ | ||
| static const uint16_t default_ciphers[] = { | ||
| TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ |
There was a problem hiding this comment.
So, I am not to sure about the inclusion of TLS_RSA_WITH_3DES_EDE_CBC_SHA here. This is a change from previous method.
It is included here (based on Mozilla's cipher list https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility) because it is the one cipher that provides way way back compatibility. It is at the bottom of the list of the ciphers offered by Secure Transport, so will be used as last choice (if the client's cipher order is used).
This cipher is known to be weak when using it for multi GB transfers (sweet32). Some other SSL implementations have dropped support for it. However, it is the only cipher left from the original TLSv1.0 specification (rfc2246).
There was a problem hiding this comment.
I'm not sure I follow what the change is. Was this not supported before this PR, but it is now?
There was a problem hiding this comment.
Before this PR the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA was marked as weak. The default ciphers used were based on the list of ciphers returned by SSLGetSupportedCiphers() excluding the ciphers marked in the code as weak. So TLS_RSA_WITH_3DES_EDE_CBC_SHA would not be on the default cipher list.
With this PR the list of default ciphers will be based on an intersection with a smaller list of ciphers (deafult_ciphers[]). This results in a simular, but more restricted set than previous. With TLS_RSA_WITH_3DES_EDE_CBC_SHA being the only exception, in that is was excluded before and is included now. So it may be on the default cipher list if offered by sectranp.
There was a problem hiding this comment.
Thanks. I'll proceed and merge this now and keep an eye out if any user reports something...
Previously a large table of ciphers was used to determine the default ciphers and to lookup manually selected ciphers names.
With the lookup of the manually selected cipher names moved to Curl_cipher_suite_walk_str() the large table is no longer needed for that purpose.
The list of manually selected cipher can now be intersected with the ciphers supported by Secure Transport (SSLGetSupportedCiphers()), instead of using the fixed table for that.
The other use of the table was to filter the list of all supported ciphers offered by Secure Transport to create a list of ciphers to use by default, excluding ciphers in the table marked as weak.
Instead of using a complement based approach (exclude weak), switch to using an intersection with a smaller list of ciphers deemed appropriate.