Add new security policy #3895
Add new security policy #3895
Conversation
|
Are you working from a FIPS RFC/compliance document when choosing these options? |
s2n-tls/tls/s2n_ecc_preferences.c Lines 37 to 40 in f2faa0e I believe the document is https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf Should the name of the policy then be some derivation of |
This policy is not explicitly following that standard document. It conforms to FIPS requirements, but only provides a subset of the available options. For example, it doesn't support DHE. We also won't update it, even in a way compliant with NIST.SP.800-52r2. It's intended as a default rather than a fips-only option; customers looking for any sane policy should choose it, rather than customer looking for FIPS. Therefore, I think it needs to be a traditionally named versioned policy. |
| /* TLS1.2 with ECDSA */ | ||
| &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256, | ||
| &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384, | ||
| &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha256, |
There was a problem hiding this comment.
aes-cbc-hmac256 is typically a lot slower than aes-cbc-hmac-sha1 but pretty much all modern clients that care about performance support GCM anyway
Description of changes:
Adds a new versioned security policy intended to be FIPS compliant and support >=TLS1.2. Basically, I intend this policy as a sane default for customers that don't need to worry about supporting older peers. In particular, this should be useful for customers that own both the clients and servers in their system.
Call-outs:
I don't think these "sane defaults" should be too controversial, but I did:
Testing:
I added some simple handshake tests to verify that handshake are possible between the new policy and existing defaults.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.