crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org>
2025-04-04 04:27:36 +03:00 · 2021-04-28 01:37:09 -04:00 · 2021-04-28 01:37:09 -04:00 · 89df05a1c4
commit 89df05a1c4
parent 7d3285645e
68 changed files with 3753 additions and 3814 deletions
--- a/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
+++ b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
@ -4,7 +4,7 @@
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 08 cc a8  |................|
-00000050  13 01 13 03 13 02 01 00  00 7b 00 05 00 05 01 00  |.........{......|
+00000050  13 03 13 01 13 02 01 00  00 7b 00 05 00 05 01 00  |.........{......|
 00000060  00 00 00 00 0a 00 0a 00  08 00 1d 00 17 00 18 00  |................|
 00000070  19 00 0b 00 02 01 00 00  0d 00 1a 00 18 08 04 04  |................|
 00000080  03 08 07 08 05 08 06 04  01 05 01 06 01 05 03 06  |................|
@ -14,11 +14,11 @@
 000000c0  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
 000000d0  5f 58 cb 3b 74                                    |_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 4e fb dc 04 6f  |....Y...U..N...o|
-00000010  5a 52 37 a3 55 58 26 e5  cd a0 67 4c 0f 87 1a 3a  |ZR7.UX&...gL...:|
-00000020  f6 84 33 2f 2e 52 d0 48  7c 5b 64 20 6e d0 bc ca  |..3/.R.H|[d n...|
-00000030  c9 a5 87 8d 99 c5 ec 85  84 89 f0 22 ab 63 55 f4  |...........".cU.|
-00000040  70 d7 02 93 b5 fe d7 38  fb c1 b2 da cc a8 00 00  |p......8........|
+00000000  16 03 03 00 59 02 00 00  55 03 03 2a 76 db 4b d5  |....Y...U..*v.K.|
+00000010  10 f3 21 f2 4b 29 a2 2e  7a 7d 0b 86 c4 af 60 95  |..!.K)..z}....`.|
+00000020  5b 11 84 27 8a 59 7f af  a0 27 de 20 02 f7 dc 9b  |[..'.Y...'. ....|
+00000030  63 8e 2e da 48 b5 73 81  8e 76 13 da dd 2e 17 2b  |c...H.s..v.....+|
+00000040  ff 18 ad d7 9d f3 44 ed  b6 60 0e 42 cc a8 00 00  |......D..`.B....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -58,31 +58,31 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 fc 4b 92 ab d2 cb 4f  |........ .K....O|
-000002d0  61 aa 86 12 1a 1d 75 be  31 dd b8 ee 6c a6 db bd  |a.....u.1...l...|
-000002e0  0b ea b2 d5 27 49 42 eb  5a 08 04 00 80 02 ad 71  |....'IB.Z......q|
-000002f0  e2 e8 f6 44 3c a6 18 6f  76 ee 9a eb 0e d9 ff cb  |...D<..ov.......|
-00000300  6d 1e 64 dd 29 1d 8c c8  f6 14 40 c0 12 46 74 4c  |m.d.).....@..FtL|
-00000310  41 2d 71 5f 9c b7 86 0b  fc 66 1e 14 cb 26 d0 d7  |A-q_.....f...&..|
-00000320  21 b4 bd c2 04 38 77 90  6a f0 01 18 bd 1c 17 45  |!....8w.j......E|
-00000330  7e 38 46 4c 2e 97 ba 11  01 1f 20 cc df f2 6b 5b  |~8FL...... ...k[|
-00000340  a7 29 c0 52 52 9c 2f 23  bd 1c 72 c2 f2 99 d1 dc  |.).RR./#..r.....|
-00000350  6a 6c ac 8e 87 8a 00 74  47 2e 99 8d 3f 79 04 60  |jl.....tG...?y.`|
-00000360  5e dc ba 86 1c f4 f9 03  22 38 96 a7 b3 16 03 03  |^......."8......|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 0d c3 c2 b5 73 da 39  |........ ....s.9|
+000002d0  82 e5 8c 18 0d 8d 16 c2  a5 e7 3e 39 fd 25 00 18  |..........>9.%..|
+000002e0  25 16 c0 a7 6e c6 dd bb  01 08 04 00 80 b3 bd 01  |%...n...........|
+000002f0  ae dd b1 c8 2a 5d 0e 66  6d 1e b3 92 f4 01 63 59  |....*].fm.....cY|
+00000300  0c c1 62 df 75 8f 4f 19  5a cf 2f 63 79 d0 06 31  |..b.u.O.Z./cy..1|
+00000310  c0 60 6a 4f db 70 18 bd  80 8b 30 94 40 dd 13 39  |.`jO.p....0.@..9|
+00000320  4f db 2b 54 a4 97 f7 ef  a5 a3 ff f5 14 3d e2 2d  |O.+T.........=.-|
+00000330  0c 0e 71 4a bd a8 59 48  ab 06 55 53 45 2a ee 3e  |..qJ..YH..USE*.>|
+00000340  65 1f 47 ee 8d e3 f6 4e  2e b1 4c d0 af 50 15 02  |e.G....N..L..P..|
+00000350  5e 84 fe 76 d5 f3 c5 fb  2a 91 44 f0 92 32 ee ea  |^..v....*.D..2..|
+00000360  a0 26 77 5c 94 88 24 e3  2f 75 e3 fd b7 16 03 03  |.&w\..$./u......|
 00000370  00 04 0e 00 00 00                                 |......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 0a 17 ee  70 8c 50 24 7c 00 b9 6f  |.... ...p.P$|..o|
-00000040  82 71 ed 2b 8c 0b 4b ff  bb 38 bc 12 7e 0c a5 3e  |.q.+..K..8..~..>|
-00000050  71 a2 ad f8 52                                    |q...R|
+00000030  16 03 03 00 20 0b 58 fe  b5 63 ac 28 f8 34 d6 72  |.... .X..c.(.4.r|
+00000040  1a a3 ec 26 91 70 07 8d  6a 3a 3b 3a 94 5e a3 fa  |...&.p..j:;:.^..|
+00000050  6e 92 3a 15 65                                    |n.:.e|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 e9 87 55 12 a8  |.......... ..U..|
-00000010  ad 68 42 0c 60 12 be 2f  2c e5 00 2d 01 cf 86 a2  |.hB.`../,..-....|
-00000020  1b 06 b3 86 bf 88 48 73  7a d3 cc                 |......Hsz..|
+00000000  14 03 03 00 01 01 16 03  03 00 20 01 fa e1 2f 29  |.......... .../)|
+00000010  ee f6 d4 e8 22 b6 e0 8f  82 37 81 83 1b 03 4d 5f  |...."....7....M_|
+00000020  00 80 cb eb 9a 3a 01 c7  aa e9 9a                 |.....:.....|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 96 75 4c  c6 ba b1 ad ae 2f 44 9d  |......uL...../D.|
-00000010  10 c3 ef e5 dc fb 0a 3e  af 6b 6a 15 03 03 00 12  |.......>.kj.....|
-00000020  30 13 8f e5 a1 0f 38 67  b9 53 4e 6a 66 ec ee 45  |0.....8g.SNjf..E|
-00000030  c2 b2                                             |..|
+00000000  17 03 03 00 16 43 6a e8  f2 ca f9 4f 3c 6d ff 5e  |.....Cj....O<m.^|
+00000010  f3 19 eb ee 96 1c d8 68  c5 53 86 15 03 03 00 12  |.......h.S......|
+00000020  c2 72 4e 3c 33 93 fa f3  21 32 bb fd e3 c4 ef 1a  |.rN<3...!2......|
+00000030  46 df                                             |F.|