crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org>
2025-04-04 04:27:36 +03:00 · 2021-04-28 01:37:09 -04:00 · 2021-04-28 01:37:09 -04:00 · 89df05a1c4
commit 89df05a1c4
parent 7d3285645e
68 changed files with 3753 additions and 3814 deletions
--- a/testdata/Client-TLSv11-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv11-ECDHE-RSA-AES
@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 59 02 00 00  55 03 02 6e ff 3b 26 66  |....Y...U..n.;&f|
-00000010  7c 32 3f 42 fd 92 7c 12  db 26 b2 45 6e 28 b9 49  ||2?B..|..&.En(.I|
-00000020  86 6b 00 54 92 3b 65 a6  02 6d 94 20 ea 44 db 5c  |.k.T.;e..m. .D.\|
-00000030  d1 39 35 b2 ea 1c 6d 3e  94 bb 47 60 25 1e 9c 74  |.95...m>..G`%..t|
-00000040  e7 bd 54 cc 2b 36 14 6a  12 54 5b 6c c0 13 00 00  |..T.+6.j.T[l....|
+00000000  16 03 02 00 59 02 00 00  55 03 02 95 6e 24 5a ab  |....Y...U...n$Z.|
+00000010  ae 3c 73 52 9d 31 63 50  cf f9 50 99 3c e4 94 22  |.<sR.1cP..P.<.."|
+00000020  5b 6f 0e f8 e3 a8 64 4c  d2 8c 00 20 8b 2d 25 47  |[o....dL... .-%G|
+00000030  f9 74 41 93 b1 82 b5 c5  fc 3e 42 c9 35 fc 68 27  |.tA......>B.5.h'|
+00000040  c4 2b 35 0f f8 1c e3 28  e6 8a 59 dc c0 13 00 00  |.+5....(..Y.....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  02 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -60,38 +60,38 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 02 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 82 3b d2 56 dd cd d8  |........ .;.V...|
-000002d0  e1 98 a7 90 d1 08 2d 37  dc e8 21 cd 29 af 29 a5  |......-7..!.).).|
-000002e0  78 8e 59 9e 4c ac c9 d2  4b 00 80 25 20 91 4e 0d  |x.Y.L...K..% .N.|
-000002f0  74 12 9e 1c 98 fb 5f 4b  ad fd c8 68 df 6b 82 98  |t....._K...h.k..|
-00000300  a8 7c ee 17 44 47 91 2a  42 c1 82 d0 ce aa cd f8  |.|..DG.*B.......|
-00000310  69 1e 85 79 27 fe ef 5a  a2 e1 35 30 9a 2d c6 b0  |i..y'..Z..50.-..|
-00000320  43 84 39 7f 8d 68 09 d6  6c 1a 84 0f c0 9a c0 9f  |C.9..h..l.......|
-00000330  64 56 cb fc 32 f2 4a a3  26 e8 c2 5f d7 16 3e 7c  |dV..2.J.&.._..>||
-00000340  4e 8b 89 f8 7f f4 c2 26  fe 01 cd 48 b6 61 9c 93  |N......&...H.a..|
-00000350  1a bc a1 d1 01 c5 bf ef  43 b4 ca 86 62 37 b4 99  |........C...b7..|
-00000360  54 69 db 74 51 92 92 dd  c1 b1 75 16 03 02 00 04  |Ti.tQ.....u.....|
+000002c0  aa 0c 00 00 a6 03 00 1d  20 b5 75 ee e5 26 6b c0  |........ .u..&k.|
+000002d0  af 34 8a 24 f7 c5 25 58  29 38 4c 08 d3 a2 0c 48  |.4.$..%X)8L....H|
+000002e0  18 eb a0 5b e8 64 62 62  78 00 80 d0 1c 9c 11 1a  |...[.dbbx.......|
+000002f0  58 4c 46 5f 18 03 d7 d7  76 47 d5 56 7a bb bd 95  |XLF_....vG.Vz...|
+00000300  16 46 e8 0b 28 6e df 15  65 1a f6 95 fb 4a 6c 42  |.F..(n..e....JlB|
+00000310  1b 4c 5c 30 c5 de d0 83  08 d3 2e 4d 59 7e 7b 1b  |.L\0.......MY~{.|
+00000320  20 9e b5 19 76 fe a3 dd  87 04 f4 9a 3e 3c c0 4a  | ...v.......><.J|
+00000330  16 7f e3 4e 9a 1f 0a 36  1d f5 09 b4 88 09 b1 1b  |...N...6........|
+00000340  9b 60 97 dc d7 ea 97 f4  d6 06 16 45 98 ee 5c 39  |.`.........E..\9|
+00000350  62 3f 7c 82 7b c3 52 59  01 d4 89 8c a6 e2 d5 eb  |b?|.{.RY........|
+00000360  e8 30 a6 78 49 1e ec a5  92 ad 24 16 03 02 00 04  |.0.xI.....$.....|
 00000370  0e 00 00 00                                       |....|
 >>> Flow 3 (client to server)
 00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
 00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 c5 bf e6  b3 86 12 92 df 68 fa 75  |.............h.u|
-00000050  79 5f ee fe 60 91 d1 fd  8a 48 3b 97 b4 da 7f 58  |y_..`....H;....X|
-00000060  3e 7e 40 d7 93 1d 6b e2  0e 2a a4 45 20 e0 9d f9  |>~@...k..*.E ...|
-00000070  b6 5e b1 f1 4f                                    |.^..O|
+00000040  00 00 00 00 00 28 ab ed  77 d3 56 29 a8 4a 38 c8  |.....(..w.V).J8.|
+00000050  64 1c a5 d9 4e f9 6b 0e  fa 82 42 ad 0d be 15 69  |d...N.k...B....i|
+00000060  9a ff 79 64 db 8f 3e 16  b3 86 93 82 6f 78 c4 2e  |..yd..>.....ox..|
+00000070  7c 54 6c 4f 90                                    ||TlO.|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 bf 58 92 80 02  |..........@.X...|
-00000010  75 91 40 30 35 e0 16 76  f4 97 bd 77 46 a3 a3 4e  |u.@05..v...wF..N|
-00000020  f1 be 53 eb b8 56 45 b1  71 c9 f8 a9 bf c6 9a 00  |..S..VE.q.......|
-00000030  83 46 91 88 d5 7b 72 95  27 33 80 43 3f 3e f6 60  |.F...{r.'3.C?>.`|
-00000040  c6 55 90 6a 87 8e 7d 48  27 e2 40                 |.U.j..}H'.@|
+00000000  14 03 02 00 01 01 16 03  02 00 40 15 e9 c5 15 59  |..........@....Y|
+00000010  b3 0d 46 22 0c ae a6 41  02 b4 f3 da 11 dc 85 79  |..F"...A.......y|
+00000020  bb d9 3f 23 38 51 24 1a  08 b5 a0 63 dc 4b 86 50  |..?#8Q$....c.K.P|
+00000030  ef b2 32 07 fd b5 e1 01  06 19 42 ce ba 69 ab 1a  |..2.......B..i..|
+00000040  c9 bb db 7d d0 9f f9 7c  f2 6c 18                 |...}...|.l.|
 >>> Flow 5 (client to server)
 00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 f5 6b bc  6d 2c 70 b1 c0 f0 ab 78  |......k.m,p....x|
-00000020  44 c9 97 f6 59 ef 15 e4  05 cf e0 55 ee a4 68 8c  |D...Y......U..h.|
-00000030  86 57 82 bd 84 15 03 02  00 30 00 00 00 00 00 00  |.W.......0......|
-00000040  00 00 00 00 00 00 00 00  00 00 ef b2 a9 a5 bb a3  |................|
-00000050  6e e5 d1 2b ef 83 1d 11  de 29 d2 30 2c fc 78 73  |n..+.....).0,.xs|
-00000060  6b 6e 0a d2 55 67 5c d4  58 b3                    |kn..Ug\.X.|
+00000010  00 00 00 00 00 67 ef de  df a4 91 69 58 b8 3f 06  |.....g.....iX.?.|
+00000020  c4 05 4e ad 88 9b c5 12  35 cf 63 39 3a 61 e9 4c  |..N.....5.c9:a.L|
+00000030  49 22 93 f4 10 15 03 02  00 30 00 00 00 00 00 00  |I".......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 00 2a 5a ba 39 7e  |...........*Z.9~|
+00000050  a8 be 2e 72 f3 ba 7e 0a  32 b5 8c d8 f5 1b 93 6c  |...r..~.2......l|
+00000060  3e 35 d8 ba cc f3 9f f4  19 74                    |>5.......t|