openssl: use OpenSSL's default ciphers by default

[kdudka]

Up2date versions of OpenSSL maintain the default reasonably secure
without breaking compatibility, so it is better not to override the
default by curl. Suggested at https://bugzilla.redhat.com/1483972

[coveralls]

Coverage decreased (-0.1%) to 73.081% when pulling 0b613865d6d421b7d47defa9832cb3961f77be3f on kdudka:openssl-default-ciphers into 7ec797b on curl:master.

[bagder]

I think this is awesome and takes away a burden from us that we really are better without... 👍

[iboukris]

+1 for this approach.

[jay]

I wouldn't change it for at least for OpenSSL 1.0.2, which includes RC4 MD5 support and maybe other things depending on how it was built. By default our current cipher settings disable RC4, but this would change that so -1 for that specific thing.

The commit referred to in that thread you quoted probably concerns just 1.1, and it does say RC4 is not part of the default cipher list when built in. So my suggestion is do it for OpenSSL 1.1 and above. The only other thing is @STRENGTH, I really don't know how important that is for 1.1.

[bagder]

Oh right, the @STRENGTH. I added that back in commit 0d1060f as a sort of work-around for HTTP/2 since back then OpenSSL would otherwise happily negotiate using ciphers that are deemed "illegal" for HTTP/2 ...

[t8m]

Using OPENSSL_VERSION_NUMBER >= 0x10100000L should be of course OK. However I do not see how using @strength would help to eliminate "illegal" ciphers. This just sorts the ciphersuite list so all AES256 ciphers (including the CBC ones) would come before the AES128 ciphers. I do not think this is right for most use cases. Also the black list of the ciphers should apply mostly to the HTTP/2 servers - the clients are allowed to include them.

[bagder]

Still, @STRENGTH did help for HTTP/2 and that's why we have it there. Unfortunately I can't recall the picky servers I tried against back then so I can't really check right now what happens against them if/when we drop it.

[t8m]

Also you did not make the experiment with OpenSSL 1.1, did you?

[t8m]

This is the actual difference between curl(-) and upstream default(+) https://paste.fedoraproject.org/paste/XPMGLMTvd4d-BI9~CYU1tw

[t8m]

This is of course with OpenSSL 1.1.0 - to me the upstream default looks like more sane.

[jay]

The line below needs to be corrected infof(data, "Cipher selection: %s\n", ciphers); but now ciphers can be NULL . Github won't let me select the line because it's too far out of the common area. There may be a n easy way to get it in OpenSSL but I think it would be ok to just do ciphers ? ciphers : "<default>" or something like that

[bagder]

The if(ciphers ... condition surely should make sure that ciphers can't be NULL there... ?

[jay]

yeah it's confusing, github won't let me select the line, it's the line 2131

[kdudka]

@jay Thanks for review! The infof() should be fixed now, will ask OpenSSL experts about a suitable version of OpenSSL for the condition.

Btw. you can refer to any location in any revision by the Github URL: https://github.com/kdudka/curl/blob/0b613865/lib/vtls/openssl.c#L2131

[coveralls]

Coverage decreased (-0.009%) to 73.125% when pulling 5bcb700886007bebaa4839ca41702577f66f4f99 on kdudka:openssl-default-ciphers into aa2ea66 on curl:master.

[coveralls]

Coverage decreased (-0.01%) to 73.104% when pulling 85583a3 on kdudka:openssl-default-ciphers into 222e65f on curl:master.