crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org>
2025-04-05 21:17:35 +03:00 · 2021-04-28 01:37:09 -04:00 · 2021-04-28 01:37:09 -04:00 · 89df05a1c4
commit 89df05a1c4
parent 7d3285645e
68 changed files with 3753 additions and 3814 deletions
--- a/testdata/Client-TLSv10-ClientCert-RSA-RSA
+++ b/testdata/Client-TLSv10-ClientCert-RSA-RSA
@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 97 fe 7f 92 37  |....Y...U......7|
-00000010  67 99 e0 d8 62 a9 31 80  bd 1f 31 8e 7d 0b 08 0a  |g...b.1...1.}...|
-00000020  de a5 82 a2 f2 d0 c1 35  66 34 6e 20 39 46 b1 b0  |.......5f4n 9F..|
-00000030  6e 2d 0e fe 8c 48 ea ab  1c c4 49 ee f4 21 cf cb  |n-...H....I..!..|
-00000040  2a 20 57 78 18 99 a1 b9  7f 88 4f 64 c0 13 00 00  |* Wx......Od....|
+00000000  16 03 01 00 59 02 00 00  55 03 01 4d 6d 71 59 6b  |....Y...U..MmqYk|
+00000010  cd 8c 6e b0 11 bf 4a 9e  25 90 12 cc ac b4 3f be  |..n...J.%.....?.|
+00000020  86 1b 13 47 a6 be 3d a0  8f 0b 77 20 6b b5 57 6d  |...G..=...w k.Wm|
+00000030  39 74 b0 9d b4 ae 2e 72  7e 90 d2 ab ed 32 fa 65  |9t.....r~....2.e|
+00000040  ed 85 63 d2 16 ef 47 af  a6 37 17 88 c0 13 00 00  |..c...G..7......|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -60,17 +60,17 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 07 80 79 40 4b b1 0e  |........ ..y@K..|
-000002d0  05 ce e4 ca 9d f5 d7 ad  a6 98 f2 40 f9 b9 66 a8  |...........@..f.|
-000002e0  04 6e ae b5 da 99 67 09  69 00 80 01 4a f2 c1 c9  |.n....g.i...J...|
-000002f0  2f 46 4f b8 9e 8b 2c c4  a1 32 44 3c dc 2c 5e b9  |/FO...,..2D<.,^.|
-00000300  76 5f 41 20 23 1b 82 dd  ec 37 b4 24 68 6d a7 39  |v_A #....7.$hm.9|
-00000310  4f f2 e5 97 09 75 64 2a  64 16 b8 99 04 8a 74 77  |O....ud*d.....tw|
-00000320  19 bb 12 5f 27 f6 41 09  f7 2e 1c 33 80 3b 01 57  |..._'.A....3.;.W|
-00000330  5c f9 20 6e 0c 48 76 59  e1 8b 1f bb 2a 33 1a 28  |\. n.HvY....*3.(|
-00000340  a0 5a 05 44 94 eb 35 62  5e ae 7f e4 01 76 b6 b4  |.Z.D..5b^....v..|
-00000350  64 91 bf 25 09 ff 88 8a  af 73 00 d0 7e ea 0f ca  |d..%.....s..~...|
-00000360  4a 2b d4 6f 02 26 98 28  5a ed 11 16 03 01 00 0a  |J+.o.&.(Z.......|
+000002c0  aa 0c 00 00 a6 03 00 1d  20 96 0b 2f 57 e1 1e 07  |........ ../W...|
+000002d0  e0 7f a4 91 67 97 d0 a0  19 d3 9a b2 49 79 f9 5f  |....g.......Iy._|
+000002e0  7f b5 65 d4 3a 89 92 8f  11 00 80 08 29 72 0b f7  |..e.:.......)r..|
+000002f0  7b 68 38 5e 47 15 89 f1  ee be f3 a9 26 a4 9c 6d  |{h8^G.......&..m|
+00000300  2c 2a ff f0 d6 2d 25 a5  b0 93 66 7d 8c fb fe a5  |,*...-%...f}....|
+00000310  3b cc b6 71 f4 1b 55 c4  ef 08 73 b1 49 47 2c e6  |;..q..U...s.IG,.|
+00000320  a1 ef 53 ca bb 15 e3 25  ea e7 48 44 18 88 e1 d2  |..S....%..HD....|
+00000330  3b e9 f6 92 61 5e 5c 06  44 83 37 6c e6 b6 26 32  |;...a^\.D.7l..&2|
+00000340  fd d6 00 fc 87 a2 37 e3  84 d2 ad 2d 99 0d e1 ba  |......7....-....|
+00000350  bb 2f 3b 0b dd 56 5c c2  14 af 86 58 2c 8b f8 64  |./;..V\....X,..d|
+00000360  75 ab d3 35 41 59 fa fe  a5 48 26 16 03 01 00 0a  |u..5AY...H&.....|
 00000370  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
 00000380  00 00 00                                          |...|
 >>> Flow 3 (client to server)
@ -109,29 +109,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 81  aa 68 1f a9 a4 de f1 4d  |.........h.....M|
-00000240  30 9a fe e6 a5 f6 f6 18  b6 3e d2 c7 f1 e6 77 e3  |0........>....w.|
-00000250  6a cd 61 01 81 3a 02 31  a5 aa d6 db b6 02 9d 4b  |j.a..:.1.......K|
-00000260  f5 78 50 c3 95 fe 43 88  33 3a 95 32 bc e8 02 1a  |.xP...C.3:.2....|
-00000270  e6 f4 d5 54 b9 fc e0 4a  4e f0 92 21 35 4b de c8  |...T...JN..!5K..|
-00000280  a4 b0 01 c3 ca 3a 87 ed  cb 21 1c ce c2 14 7b 8d  |.....:...!....{.|
-00000290  90 68 b9 21 49 13 dd cd  e7 68 83 41 7c 84 6a 75  |.h.!I....h.A|.ju|
-000002a0  76 ee 19 8b fa d5 a6 57  3d a7 f1 f1 6f 11 ca 77  |v......W=...o..w|
-000002b0  95 0e b5 c7 3d 99 d4 14  03 01 00 01 01 16 03 01  |....=...........|
-000002c0  00 30 5e be 40 82 f8 db  05 20 23 45 a4 42 48 e8  |.0^.@.... #E.BH.|
-000002d0  06 69 eb 4c ef 79 53 52  4a 5a 3a ba cc d6 99 59  |.i.L.ySRJZ:....Y|
-000002e0  4d c2 b0 34 0f 14 68 03  93 8b a4 95 7e cf 26 f8  |M..4..h.....~.&.|
-000002f0  5c 8a                                             |\.|
+00000230  86 0f 00 00 82 00 80 8f  5d a5 27 13 09 5e 49 5f  |........].'..^I_|
+00000240  ff fd d6 88 75 83 cc 74  f3 e1 af 44 76 6a 35 16  |....u..t...Dvj5.|
+00000250  e8 36 5f b7 dc 21 69 77  61 12 c5 69 f7 0d 98 1f  |.6_..!iwa..i....|
+00000260  d5 15 f1 e8 88 c5 30 e8  b5 c3 2a e5 26 93 cc a4  |......0...*.&...|
+00000270  eb 31 c6 d7 f5 f4 7c d5  f7 a2 3f 1f 75 cd b2 b2  |.1....|...?.u...|
+00000280  82 3a 03 8c 5e 15 0a d2  98 b8 65 cb 5f d5 db d0  |.:..^.....e._...|
+00000290  b6 36 8c 89 7e 48 fa 3a  9f 9a bd c1 48 e7 d6 20  |.6..~H.:....H.. |
+000002a0  ef 45 5b 24 32 04 58 82  b3 7b 42 fd fe ba 78 32  |.E[$2.X..{B...x2|
+000002b0  2a f5 b7 81 33 da db 14  03 01 00 01 01 16 03 01  |*...3...........|
+000002c0  00 30 5f 96 98 94 17 6d  ff 84 72 d3 63 fd 14 59  |.0_....m..r.c..Y|
+000002d0  eb bf 5f 3e 8f dc f1 c1  dc 77 8a 33 f6 2e a2 4a  |.._>.....w.3...J|
+000002e0  15 d1 2e a4 ec 0d 3c 0b  18 07 09 6c 0d 09 34 2e  |......<....l..4.|
+000002f0  a4 6f                                             |.o|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 ef 9b 5c da 0a  |..........0..\..|
-00000010  2e c4 79 fa ea 8a 9c 78  4a 1f 08 77 56 73 6e fa  |..y....xJ..wVsn.|
-00000020  3a 5b 3c cd cd e9 0c a8  bb 59 9e 22 ab 67 2c 03  |:[<......Y.".g,.|
-00000030  de ad 7c e4 cb 85 d7 8f  c1 1c e3                 |..|........|
+00000000  14 03 01 00 01 01 16 03  01 00 30 b7 4a 5c 0c e6  |..........0.J\..|
+00000010  7c d9 43 7c e7 b4 2f d7  b5 c6 5e 36 c7 87 dd 82  ||.C|../...^6....|
+00000020  da d3 b2 4e 05 ae f5 8c  b0 4d db c2 53 62 55 73  |...N.....M..SbUs|
+00000030  8c 2a 1b d5 df e4 7c a4  cf db 8b                 |.*....|....|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 48 1a 1a  1c 6c 7d 6c 2a e0 b2 e3  |.... H...l}l*...|
-00000010  b3 9f ec 39 a8 cd 9a f9  a2 3e 2d 46 3b cf 17 ed  |...9.....>-F;...|
-00000020  70 99 ce d7 3c 17 03 01  00 20 69 27 e9 89 78 e6  |p...<.... i'..x.|
-00000030  64 c0 a9 40 4f 0d 97 53  b2 2e 15 f3 2b 54 3b 77  |d..@O..S....+T;w|
-00000040  f2 24 2c 94 dc b3 8b f0  c4 ce 15 03 01 00 20 1b  |.$,........... .|
-00000050  50 55 83 d8 6b b4 04 b2  f0 2d 1c 9c 0d fa de 58  |PU..k....-.....X|
-00000060  cd 0a 1d 55 d6 36 f4 a4  fb cc 55 c5 b1 f3 d3     |...U.6....U....|
+00000000  17 03 01 00 20 b9 26 60  87 38 9c d9 c4 65 17 8e  |.... .&`.8...e..|
+00000010  3c 7f 1a b4 23 cd 27 fd  4e 92 ee 0e f2 11 dc e2  |<...#.'.N.......|
+00000020  23 e4 26 f3 55 17 03 01  00 20 5e 89 33 21 f0 dc  |#.&.U.... ^.3!..|
+00000030  e8 4f 33 1c 66 56 99 38  a5 4c 0e 0e 93 41 b7 48  |.O3.fV.8.L...A.H|
+00000040  5d ce 49 d0 d2 8a 56 a6  2d 68 15 03 01 00 20 05  |].I...V.-h.... .|
+00000050  e0 ed f9 c2 56 ec 64 e5  e7 0b f4 8a e2 41 96 9e  |....V.d......A..|
+00000060  ed 94 c8 95 69 d7 ce 2d  0e bb 5b 18 5f 30 52     |....i..-..[._0R|