commit cedc6f1824ddc116872f762f28df3146889209be
author Matthew Braithwaite <mab@google.com> Wed Mar 15 19:20:23 2017 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Mar 21 23:55:10 2017 +0000
tree e1d7dc1c3f3f1584bcf222beca33e5e1fb575a35
parent d851842228575a41098b379e98ef73cbdf912309

Remove DHE ciphersuites from TLS.

They can be restored by compiling with -DBORINGSSL_ENABLE_DHE_TLS.

This is similar to 9c8c4188 for RC4 ciphers.

Change-Id: I7cd3421b108a024f1ee11f13a6df881c2d0de3c3
Reviewed-on: https://boringssl-review.googlesource.com/14284
Commit-Queue: Matt Braithwaite <mab@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 6b150e8..411ddb7 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -122,14 +122,20 @@
         false,
     },
     // - removes selected ciphers, but preserves their order for future
-    // selections. Select AES_128_GCM, but order the key exchanges RSA, DHE_RSA,
+    // selections. Select AES_128_GCM, but order the key exchanges RSA,
     // ECDHE_RSA.
     {
-        "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
+        "ALL:-kECDHE:"
+#ifdef BORINGSSL_ENABLE_DHE_TLS
+        "-kDHE:"
+#endif
+        "-kRSA:-ALL:"
         "AESGCM+AES128+aRSA",
         {
             {TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0},
+#ifdef BORINGSSL_ENABLE_DHE_TLS
             {TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0},
+#endif
             {TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
         },
         false,
@@ -182,7 +188,10 @@
     {
         // To simplify things, banish all but {ECDHE_RSA,RSA} x
         // {CHACHA20,AES_256_CBC,AES_128_CBC} x SHA1.
-        "!kEDH:!AESGCM:!3DES:!SHA256:!SHA384:"
+#ifdef BORINGSSL_ENABLE_DHE_TLS
+        "!kEDH:"
+#endif
+        "!AESGCM:!3DES:!SHA256:!SHA384:"
         // Order some ciphers backwards by strength.
         "ALL:-CHACHA20:-AES256:-AES128:-ALL:"
         // Select ECDHE ones and sort them by strength. Ties should resolve
@@ -791,9 +800,11 @@
 static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
     {SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
     {TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+#ifdef BORINGSSL_ENABLE_DHE_TLS
     {TLS1_CK_DHE_RSA_WITH_AES_256_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
     {TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
      "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+#endif
     {TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
     {TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
@@ -1837,11 +1848,17 @@
 static bool ClientHelloMatches(uint16_t version, const uint8_t *expected,
                                size_t expected_len) {
   bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+  // Our default cipher list varies by CPU capabilities, so manually place the
+  // ChaCha20 ciphers in front.
+  const char* cipher_list =
+#ifdef BORINGSSL_ENABLE_DHE_TLS
+      "!DHE:CHACHA20:ALL";
+#else
+      "CHACHA20:ALL";
+#endif
   if (!ctx ||
       !SSL_CTX_set_max_proto_version(ctx.get(), version) ||
-      // Our default cipher list varies by CPU capabilities, so manually place
-      // the ChaCha20 ciphers in front.
-      !SSL_CTX_set_strict_cipher_list(ctx.get(), "CHACHA20:ALL")) {
+      !SSL_CTX_set_strict_cipher_list(ctx.get(), cipher_list)) {
     return false;
   }
 
@@ -1887,22 +1904,20 @@
   static const uint8_t kSSL3ClientHello[] = {
     0x16,
     0x03, 0x00,
-    0x00, 0x3f,
+    0x00, 0x3b,
     0x01,
-    0x00, 0x00, 0x3b,
+    0x00, 0x00, 0x37,
     0x03, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00,
-    0x00, 0x14,
+    0x00, 0x10,
     0xc0, 0x09,
     0xc0, 0x13,
-    0x00, 0x33,
     0xc0, 0x0a,
     0xc0, 0x14,
-    0x00, 0x39,
     0x00, 0x2f,
     0x00, 0x35,
     0x00, 0x0a,
@@ -1916,22 +1931,20 @@
   static const uint8_t kTLS1ClientHello[] = {
       0x16,
       0x03, 0x01,
-      0x00, 0x5e,
+      0x00, 0x5a,
       0x01,
-      0x00, 0x00, 0x5a,
+      0x00, 0x00, 0x56,
       0x03, 0x01,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00,
-      0x00, 0x12,
+      0x00, 0x0e,
       0xc0, 0x09,
       0xc0, 0x13,
-      0x00, 0x33,
       0xc0, 0x0a,
       0xc0, 0x14,
-      0x00, 0x39,
       0x00, 0x2f,
       0x00, 0x35,
       0x00, 0x0a,
@@ -1947,22 +1960,20 @@
   static const uint8_t kTLS11ClientHello[] = {
       0x16,
       0x03, 0x01,
-      0x00, 0x5e,
+      0x00, 0x5a,
       0x01,
-      0x00, 0x00, 0x5a,
+      0x00, 0x00, 0x56,
       0x03, 0x02,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00,
-      0x00, 0x12,
+      0x00, 0x0e,
       0xc0, 0x09,
       0xc0, 0x13,
-      0x00, 0x33,
       0xc0, 0x0a,
       0xc0, 0x14,
-      0x00, 0x39,
       0x00, 0x2f,
       0x00, 0x35,
       0x00, 0x0a,
@@ -1982,20 +1993,42 @@
 #endif
 
   static const uint8_t kTLS12ClientHello[] = {
-      0x16, 0x03, 0x01, 0x00, 0x9a, 0x01, 0x00, 0x00, 0x96, 0x03, 0x03, 0x00,
+      0x16,
+      0x03, 0x01,
+      0x00, 0x8e,
+      0x01,
+      0x00, 0x00, 0x8a,
+      0x03, 0x03,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0xcc, 0xa9,
-      0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x2c, 0xc0, 0x30,
-      0x00, 0x9f, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x27, 0x00, 0x33,
-      0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x28, 0x00, 0x39,
-      0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35,
-      0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01,
-      0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00,
-      0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
-      0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00,
-      0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
-      0x17, 0x00, 0x18,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x2a,
+      0xcc, 0xa9,
+      0xcc, 0xa8,
+      0xc0, 0x2b,
+      0xc0, 0x2f,
+      0xc0, 0x2c,
+      0xc0, 0x30,
+      0xc0, 0x09,
+      0xc0, 0x23,
+      0xc0, 0x13,
+      0xc0, 0x27,
+      0xc0, 0x0a,
+      0xc0, 0x24,
+      0xc0, 0x14,
+      0xc0, 0x28,
+      0x00, 0x9c,
+      0x00, 0x9d,
+      0x00, 0x2f,
+      0x00, 0x3c,
+      0x00, 0x35,
+      0x00, 0x3d,
+      0x00, 0x0a,
+      0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00,
+      0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04,
+      0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08,
+      0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+      0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
   };
   if (!ClientHelloMatches(TLS1_2_VERSION, kTLS12ClientHello,
                           sizeof(kTLS12ClientHello))) {