crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org>
2025-04-03 20:17:36 +03:00 · 2021-04-28 01:37:09 -04:00 · 2021-04-28 01:37:09 -04:00 · 89df05a1c4
commit 89df05a1c4
parent 7d3285645e
68 changed files with 3753 additions and 3814 deletions
--- a/testdata/Client-TLSv10-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv10-ECDHE-RSA-AES
@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 16 f4 24 01 94  |....Y...U....$..|
-00000010  68 d2 0f 15 4d d6 65 54  84 73 ab 2c b2 11 c5 64  |h...M.eT.s.,...d|
-00000020  d8 93 66 50 cd b0 f0 ab  11 5c 72 20 b1 13 c1 f5  |..fP.....\r ....|
-00000030  63 ed 70 0b 21 52 85 36  84 99 1d b6 bb dc d3 1c  |c.p.!R.6........|
-00000040  b3 76 13 d9 ef 47 c4 c0  18 57 23 3b c0 13 00 00  |.v...G...W#;....|
+00000000  16 03 01 00 59 02 00 00  55 03 01 63 68 ea 52 0b  |....Y...U..ch.R.|
+00000010  dc 68 c7 d0 75 3e 7d 6f  0b 8c cb 25 48 b0 bb df  |.h..u>}o...%H...|
+00000020  7a 56 93 a9 d5 4f 0c 3a  e2 37 ab 20 1f 0f a4 d3  |zV...O.:.7. ....|
+00000030  b4 f6 66 6f 39 6f 62 fb  6a 1f 41 09 4b 02 5c 15  |..fo9ob.j.A.K.\.|
+00000040  a0 ba cb a6 f9 bd 3b ec  cb 76 6e ea c0 13 00 00  |......;..vn.....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -60,36 +60,36 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 7e aa 30 94 7b fb 09  |........ ~.0.{..|
-000002d0  b5 55 ce b3 e9 e0 5b 55  82 f4 e6 7c d0 e4 57 eb  |.U....[U...|..W.|
-000002e0  9b ec 82 48 d6 0e 2a bb  16 00 80 80 da c5 75 4f  |...H..*.......uO|
-000002f0  82 95 ee 47 28 af 09 08  d5 13 68 33 5d 91 dd 13  |...G(.....h3]...|
-00000300  43 84 e9 54 d9 e7 39 7c  38 74 d5 92 8f 46 37 86  |C..T..9|8t...F7.|
-00000310  44 68 ae c7 3a ad e1 33  5f cd d8 c6 a5 7c 5e 83  |Dh..:..3_....|^.|
-00000320  44 ba b1 09 44 ec 42 7f  41 80 d6 b6 4c 6d ae 24  |D...D.B.A...Lm.$|
-00000330  a9 3b 53 87 2f 3b 3a 1f  da 87 2b 7d cf 9e ed a5  |.;S./;:...+}....|
-00000340  04 54 ad c2 3c 7b 21 60  55 67 41 47 60 02 1e 62  |.T..<{!`UgAG`..b|
-00000350  bb 9f ee 2c 6e 79 20 6e  65 e2 d0 ae 73 70 3e a7  |...,ny ne...sp>.|
-00000360  3f 74 96 8e 2a 6e a6 7e  7a e0 e4 16 03 01 00 04  |?t..*n.~z.......|
+000002c0  aa 0c 00 00 a6 03 00 1d  20 04 9f 8b 4f 13 83 26  |........ ...O..&|
+000002d0  a3 cf 08 6e 59 bf b5 49  b8 ff 95 94 21 8d 2a 56  |...nY..I....!.*V|
+000002e0  2e 4b be ad ac 89 6e 52  4d 00 80 5f 63 93 43 a2  |.K....nRM.._c.C.|
+000002f0  a6 fb 53 b0 ac 93 3f 55  1d c1 0f 71 1e 96 ba 9f  |..S...?U...q....|
+00000300  86 19 f3 83 7d 90 ce 06  24 9a 60 69 f0 35 24 5d  |....}...$.`i.5$]|
+00000310  9d ce 49 0d 6f ba 31 59  3c f2 64 27 66 76 0e f1  |..I.o.1Y<.d'fv..|
+00000320  33 eb b8 70 61 d3 0c 93  a3 62 c7 5e c2 06 9d 48  |3..pa....b.^...H|
+00000330  16 2e a6 62 50 18 f6 c0  79 c2 09 f3 d5 74 bf db  |...bP...y....t..|
+00000340  b8 d4 25 06 a7 be 4a b0  62 82 86 d0 00 86 5e a2  |..%...J.b.....^.|
+00000350  34 49 9b 37 37 9a b6 eb  cc b9 8b 17 1f 29 4b a3  |4I.77........)K.|
+00000360  51 e3 c3 e8 3e 6e df c4  1d e5 48 16 03 01 00 04  |Q...>n....H.....|
 00000370  0e 00 00 00                                       |....|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 5a cb 36  c8 1c 43 a8 e1 88 db c9  |....0Z.6..C.....|
-00000040  ae 78 b0 af 97 e4 c3 f6  25 51 8e 4d 57 94 ee ca  |.x......%Q.MW...|
-00000050  a4 8b 3f 4d 17 75 34 58  c3 fa a6 6f d4 e5 ae 3a  |..?M.u4X...o...:|
-00000060  cb 5a cb 11 ef                                    |.Z...|
+00000030  16 03 01 00 30 a6 3a 66  02 e6 09 6a dd 68 56 bc  |....0.:f...j.hV.|
+00000040  aa ec 82 c4 69 9b b9 45  44 ec e2 c2 5b 49 5d 9b  |....i..ED...[I].|
+00000050  f8 0e 81 1e 23 9e 13 72  d1 d2 0c 24 01 4f 35 aa  |....#..r...$.O5.|
+00000060  27 fc b3 cc 08                                    |'....|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 96 92 50 6f f0  |..........0..Po.|
-00000010  d1 ff 7c 39 fb 75 0c 8b  c9 d7 29 7d 9d 32 4c 19  |..|9.u....)}.2L.|
-00000020  2e 93 ea 11 87 07 fc 5a  7d 3c 30 e1 bd 64 7f 90  |.......Z}<0..d..|
-00000030  fd 70 1d 50 eb ec f2 d6  de 09 61                 |.p.P......a|
+00000000  14 03 01 00 01 01 16 03  01 00 30 0e 25 d7 a9 c0  |..........0.%...|
+00000010  18 3b bf 55 c0 47 3a 95  2d cb 6f c2 2c de e3 94  |.;.U.G:.-.o.,...|
+00000020  32 d3 eb e2 b6 6b 5f 42  9c 1e 47 d6 76 0c eb 95  |2....k_B..G.v...|
+00000030  fd 2d c3 9a ee ee 83 87  e8 8d 83                 |.-.........|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 fd a4 ba  f1 78 a9 a2 45 d3 d2 5a  |.... ....x..E..Z|
-00000010  1e 41 6b 89 8d bd a4 21  69 03 a1 7c b8 56 ff df  |.Ak....!i..|.V..|
-00000020  67 bc 85 5e 21 17 03 01  00 20 a7 6d 4c 11 d0 f3  |g..^!.... .mL...|
-00000030  7d e2 f0 69 18 7c 42 71  78 e4 3b 71 7d 13 27 bb  |}..i.|Bqx.;q}.'.|
-00000040  79 fd d7 b2 d7 28 ca 92  83 f1 15 03 01 00 20 10  |y....(........ .|
-00000050  b3 79 d4 1d 70 db b7 6c  f2 15 05 3c 4d 65 ba ec  |.y..p..l...<Me..|
-00000060  e8 0e 6a ba 88 90 53 2e  6e 29 9c 56 9f 52 5e     |..j...S.n).V.R^|
+00000000  17 03 01 00 20 ba b0 c4  22 ee 52 81 ca 55 97 4d  |.... ...".R..U.M|
+00000010  39 16 b9 37 bf df 7b d1  ae 4b 47 ac 10 12 a9 77  |9..7..{..KG....w|
+00000020  69 50 f3 60 13 17 03 01  00 20 90 d5 17 e4 96 38  |iP.`..... .....8|
+00000030  cd f7 30 6e 19 45 4e 32  ad 5f 1b 00 bf 22 9d c2  |..0n.EN2._..."..|
+00000040  16 30 fe 92 c7 fc 91 38  29 30 15 03 01 00 20 c0  |.0.....8)0.... .|
+00000050  02 ff 81 82 c9 25 c6 b0  06 ee 18 61 19 c8 d2 20  |.....%.....a... |
+00000060  d8 4e 7b a4 a5 57 17 64  4d ad 1e 1e 16 1e 52     |.N{..W.dM.....R|