crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org>
2025-04-03 20:17:36 +03:00 · 2021-04-28 01:37:09 -04:00 · 2021-04-28 01:37:09 -04:00 · 89df05a1c4
commit 89df05a1c4
parent 7d3285645e
68 changed files with 3753 additions and 3814 deletions
--- a/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
+++ b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 94 1f ba 79 da  |....Y...U.....y.|
-00000010  4b 58 3e 08 2c c5 31 36  a4 7e 32 bf e1 a0 f7 71  |KX>.,.16.~2....q|
-00000020  01 48 63 3c 5f cb 08 7a  25 80 c7 20 35 0c c0 8b  |.Hc<_..z%.. 5...|
-00000030  df 30 fc dc 3d f1 48 96  0d b6 ff a8 cd 35 29 57  |.0..=.H......5)W|
-00000040  7d 3f c2 9d e2 32 b1 c2  4c 05 5e 3b c0 09 00 00  |}?...2..L.^;....|
+00000000  16 03 01 00 59 02 00 00  55 03 01 92 4c b7 e6 07  |....Y...U...L...|
+00000010  09 b4 4a 47 6a 29 c7 79  18 0d 43 37 86 26 21 5a  |..JGj).y..C7.&!Z|
+00000020  25 35 db 5f ae d0 20 0d  85 67 f7 20 75 e5 cb 25  |%5._.. ..g. u..%|
+00000030  4b 5d 95 87 78 00 fc 3f  78 26 e8 77 b5 0d d4 0e  |K]..x..?x&.w....|
+00000040  54 06 66 b4 14 dc 6b db  f2 af f3 2a c0 09 00 00  |T.f...k....*....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  01 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
 00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
@ -55,18 +55,18 @@
 00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
 00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
 00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 01 00 b5 0c 00  00 b1 03 00 1d 20 1a 74  |*............ .t|
-00000280  c4 96 9e 65 45 9a 0a 01  7c ed 7b 51 01 d8 ba 5b  |...eE...|.{Q...[|
-00000290  3e 2f b1 4b 36 69 e8 47  75 7e 27 be b3 2f 00 8b  |>/.K6i.Gu~'../..|
-000002a0  30 81 88 02 42 01 cb 20  d9 1e ae 05 6f 1f 37 ce  |0...B.. ....o.7.|
-000002b0  dc 38 20 2f 8f 52 9a 92  f6 80 d6 f9 97 99 a5 8b  |.8 /.R..........|
-000002c0  6e 73 0b 95 a4 4e 82 67  bd 1a 34 d9 5c 4e b4 d7  |ns...N.g..4.\N..|
-000002d0  35 e6 45 81 14 23 9c 4e  5a 4c 1b 93 fd 7f 43 18  |5.E..#.NZL....C.|
-000002e0  db 54 4b e0 d1 d3 fa 02  42 00 ab 8e 34 d5 c2 04  |.TK.....B...4...|
-000002f0  d0 a4 44 b1 b3 25 a0 af  c8 80 b3 88 ae da b3 c6  |..D..%..........|
-00000300  4f 57 ae 31 54 c6 d9 ee  4e 21 56 01 cc b9 6a e9  |OW.1T...N!V...j.|
-00000310  e9 7e 62 2a 64 0e a4 a0  79 1e a3 64 52 70 b1 a5  |.~b*d...y..dRp..|
-00000320  19 2c a4 6d 4b 3b a3 63  ed 56 2f 16 03 01 00 0a  |.,.mK;.c.V/.....|
+00000270  2a 16 03 01 00 b5 0c 00  00 b1 03 00 1d 20 d7 b5  |*............ ..|
+00000280  51 8e b5 01 4f 02 2f 43  11 2b de 94 7d 82 e6 49  |Q...O./C.+..}..I|
+00000290  1b a6 ee a0 7f 12 35 a2  3a 62 46 ce 07 25 00 8b  |......5.:bF..%..|
+000002a0  30 81 88 02 42 00 83 45  db 03 db b9 74 ce 77 35  |0...B..E....t.w5|
+000002b0  1b e5 76 18 dc 3a d3 ee  32 18 f3 16 a6 c3 62 be  |..v..:..2.....b.|
+000002c0  46 47 40 80 2d a0 08 c5  1e 5a 4a 42 69 8c ee e5  |FG@.-....ZJBi...|
+000002d0  70 b5 71 30 2f 54 32 54  5f 5b 26 62 e1 81 52 9e  |p.q0/T2T_[&b..R.|
+000002e0  49 70 d4 81 e4 76 f1 02  42 01 70 f6 87 84 bb 58  |Ip...v..B.p....X|
+000002f0  5d e4 a1 72 87 d5 35 53  99 9c 3f 30 2b 80 7e c9  |]..r..5S..?0+.~.|
+00000300  79 eb d8 97 3c 82 ff 37  a5 8d 36 bc 27 c1 51 58  |y...<..7..6.'.QX|
+00000310  e6 2a 48 05 bf 9b a4 a5  b1 7f 77 b8 d9 3e 37 c6  |.*H.......w..>7.|
+00000320  67 ad ef 8c 72 ea f6 ba  bb af 00 16 03 01 00 0a  |g...r...........|
 00000330  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
 00000340  00 00 00                                          |...|
 >>> Flow 3 (client to server)
@ -105,30 +105,30 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 90 0f 00  |...._X.;t.......|
-00000240  00 8c 00 8a 30 81 87 02  42 01 89 0f 43 df a8 34  |....0...B...C..4|
-00000250  dd d7 c9 d4 2b 8d ec 29  77 7b 64 d0 0e 8c e8 2b  |....+..)w{d....+|
-00000260  e3 25 1c ed 0a 1b 05 e0  66 42 37 c0 e6 fa 3e 81  |.%......fB7...>.|
-00000270  ec e1 06 99 f4 62 3f ea  55 79 ae 68 56 9e e3 3c  |.....b?.Uy.hV..<|
-00000280  83 ba 9b 1c 65 b9 eb a6  e7 f7 4e 02 41 61 2c 52  |....e.....N.Aa,R|
-00000290  4c 48 92 b0 93 d8 31 58  c3 90 b0 e3 7d 55 94 fc  |LH....1X....}U..|
-000002a0  70 bf 18 42 51 73 d0 45  17 2e 0e 00 b0 12 76 0d  |p..BQs.E......v.|
-000002b0  35 78 cb fd 34 60 36 ff  ed 19 ef 0a 1e 21 cc 4c  |5x..4`6......!.L|
-000002c0  9a ff a0 f7 cf 72 03 cd  00 bb 73 0d 1d e5 14 03  |.....r....s.....|
-000002d0  01 00 01 01 16 03 01 00  30 69 76 1f 5b 81 5f 62  |........0iv.[._b|
-000002e0  cf d5 d9 2c 19 71 80 d0  2a 97 8a 89 21 7f 6d 02  |...,.q..*...!.m.|
-000002f0  b6 01 a4 ed fe 18 9f 34  ae 95 f6 a1 29 0b 9a 1c  |.......4....)...|
-00000300  04 b6 ce c7 d1 0c 5a b5  3f                       |......Z.?|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 91 0f 00  |...._X.;t.......|
+00000240  00 8d 00 8b 30 81 88 02  42 01 f0 c3 b2 6e e2 a3  |....0...B....n..|
+00000250  cd 76 02 7a d5 b5 66 fa  b6 66 4e 4b a0 17 d6 bd  |.v.z..f..fNK....|
+00000260  ec f6 8c 1f f9 b4 32 18  a9 ba 66 a8 67 a4 fa c8  |......2...f.g...|
+00000270  f7 73 5f 22 fb f2 22 e2  4d a1 f6 30 a2 55 76 51  |.s_"..".M..0.UvQ|
+00000280  b7 61 7d 13 68 0a 89 9d  34 31 46 02 42 01 fa 8b  |.a}.h...41F.B...|
+00000290  61 f6 91 8e 88 ca 84 e6  33 e0 da 92 7e ee 21 1c  |a.......3...~.!.|
+000002a0  df 47 c2 5d 07 d8 ae 1b  04 58 f9 50 16 13 74 ea  |.G.].....X.P..t.|
+000002b0  04 cc 18 2d 2b 9a 08 89  24 e8 b8 01 bb c6 84 6c  |...-+...$......l|
+000002c0  e6 9a c6 8a 44 74 1c 3a  79 0c e9 3c 11 ba 1b 14  |....Dt.:y..<....|
+000002d0  03 01 00 01 01 16 03 01  00 30 1d 4b df 00 de 1c  |.........0.K....|
+000002e0  b5 30 7b ea 64 a0 09 89  8c c5 be fc 9b 07 7e 45  |.0{.d.........~E|
+000002f0  27 00 e7 78 da 3e a3 04  97 87 b0 c2 17 32 01 91  |'..x.>.......2..|
+00000300  6e 66 7b dd 9e 28 bc cc  66 65                    |nf{..(..fe|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 7d 4b fc 73 20  |..........0}K.s |
-00000010  e4 ac c4 39 15 79 e3 89  e1 24 ce 28 30 e5 f1 87  |...9.y...$.(0...|
-00000020  cd c0 cc 39 a8 77 3b 06  a5 f9 b0 a1 3d 54 53 3b  |...9.w;.....=TS;|
-00000030  53 ec ac b2 ea 24 1b 2d  6a ef c3                 |S....$.-j..|
+00000000  14 03 01 00 01 01 16 03  01 00 30 51 68 ca 97 63  |..........0Qh..c|
+00000010  c6 c0 24 1c 87 20 70 ac  f7 47 16 45 44 17 cc 92  |..$.. p..G.ED...|
+00000020  b3 6d 8b fa d1 3c b8 10  d7 da e4 a7 35 3c a2 d0  |.m...<......5<..|
+00000030  da 4b 50 e4 89 94 4b bc  20 6b e3                 |.KP...K. k.|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 9d 57 d2  4b 5b 7e 7d 7c 28 f7 8e  |.... .W.K[~}|(..|
-00000010  00 0a b6 1c 3c 6b df 4d  06 c0 f8 db 86 2e 8f 8e  |....<k.M........|
-00000020  28 a9 ab 6c c2 17 03 01  00 20 b4 4e cc 55 14 1c  |(..l..... .N.U..|
-00000030  64 a4 3d 69 1a dc 3b 12  8e d8 15 f2 31 3a 71 1f  |d.=i..;.....1:q.|
-00000040  eb fe c3 b3 22 f7 2c 6e  01 e9 15 03 01 00 20 2a  |....".,n...... *|
-00000050  2e 34 ca 96 e5 a3 a0 53  c4 0c e2 0a b1 14 a3 c8  |.4.....S........|
-00000060  a5 db 72 09 31 25 11 11  2f ce 61 3a 55 48 0c     |..r.1%../.a:UH.|
+00000000  17 03 01 00 20 fc fa 90  90 d0 51 0d 35 0f 6a 6d  |.... .....Q.5.jm|
+00000010  c2 32 ec 92 46 9f d7 e9  66 37 02 2a f6 c6 2e e2  |.2..F...f7.*....|
+00000020  13 aa fa fa d3 17 03 01  00 20 45 a9 36 19 7d a8  |......... E.6.}.|
+00000030  44 4c 8b aa 4e 47 c8 79  0c 97 a5 20 fa 6f 1f f7  |DL..NG.y... .o..|
+00000040  d3 bc d7 6d c2 67 23 c8  d6 05 15 03 01 00 20 f1  |...m.g#....... .|
+00000050  f1 ed f9 fc c2 f6 61 c8  42 9d c9 8a b0 d0 de d3  |......a.B.......|
+00000060  42 c7 04 64 eb 9e eb 58  3b c3 7d 0d 4d 16 d4     |B..d...X;.}.M..|