Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FYI: New TLS code points #1207

Open
dcooper16 opened this issue Feb 27, 2019 · 5 comments

Comments

@dcooper16
Copy link
Contributor

commented Feb 27, 2019

It appears that two authentication-only cipher suites have been defined for TLSv1.3 (see https://mailarchive.ietf.org/arch/msg/tls/0oy4wY4xiB1tASCBDWczh2xTVMM).

In looking at the TLS Cipher Suites registry, I noticed a number of recently-added cipher suites that are not yet in etc/cipher-mapping.txt:

I haven't had a chance to review these documents, so I don't know what would be involved in adding support for them to testssl.sh. For some of them it may be enough to just add the values for etc/cipher-mapping.txt, but for others at least some additional work would be required.

Value Description Reference
0xC0,0xB0 TLS_ECCPWD_WITH_AES_128_GCM_SHA256 [RFC8492]
0xC0,0xB1 TLS_ECCPWD_WITH_AES_256_GCM_SHA384 [RFC8492]
0xC0,0xB2 TLS_ECCPWD_WITH_AES_128_CCM_SHA256 [RFC8492]
0xC0,0xB3 TLS_ECCPWD_WITH_AES_256_CCM_SHA384 [RFC8492]
0xC0,0xB4 TLS_SHA256_SHA256 [draft-camwinget-tls-ts13-macciphersuites]
0xC0,0xB5 TLS_SHA384_SHA384 [draft-camwinget-tls-ts13-macciphersuites]
0xC1,0x00 TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC [draft-smyshlyaev-tls12-gost-suites]
0xC1,0x01 TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC [draft-smyshlyaev-tls12-gost-suites]
0xC1,0x02 TLS_GOSTR341112_256_WITH_28147_CNT_IMIT [draft-smyshlyaev-tls12-gost-suites]
0xD0,0x01 TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 [RFC8442]
0xD0,0x02 TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 [RFC8442]
0xD0,0x03 TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 [RFC8442]
0xD0,0x05 TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 [RFC8442]
@drwetter drwetter added this to the 3.0 milestone Feb 28, 2019
@drwetter

This comment has been minimized.

Copy link
Owner

commented Feb 28, 2019

Thanks, David for keeping an eye on it!

Will look into it next week. At least some ciphers need to be added to $ossl_strong_ciphers in run_cipherlists(), and in the preference check. Also it might be worth a try to find out whether there's an OpenSSL name yet,

Cheers, Dirk

@dcooper16

This comment has been minimized.

Copy link
Contributor Author

commented Feb 28, 2019

Hi Dirk,

I hadn't thought about adding the ciphers to run_cipherlists() and other changes like that.

The changes I was thinking about were, for example, that in order to test for RFC 8492 ciphers it seems that the ClientHello needs to include a pwd_name extension and possibly a key_share extension. It may be okay that we don't know a valid user name, as the document recommends returning a ServerHello in response to an unknown name rather than terminating the connection (which would provide a way for an attacker to learn whether a user name is valid or not).

The draft-camwinget-tls-ts13-macciphersuites will require modifications to the code to "decrypt" the Server's response, but that should be very easy, since the data is not actually encrypted.

@drwetter

This comment has been minimized.

Copy link
Owner

commented Feb 28, 2019

Hi David, I haven't even clicked any link yet ;-)

@dcooper16 dcooper16 changed the title FYI: New TLS cipher suites FYI: New TLS code points Mar 5, 2019
@dcooper16

This comment has been minimized.

Copy link
Contributor Author

commented Mar 5, 2019

In addition to the new cipher suites mentioned above, below are some more code points that have recently been registered:

TLS Supported Groups

Value Description Reference
31 brainpoolP256r1 [draft-bruckert-brainpool-for-tls13]
32 brainpoolP384r1 [draft-bruckert-brainpool-for-tls13]
33 brainpoolP512r1 [draft-bruckert-brainpool-for-tls13]
34 GC256A [draft-smyshlyaev-tls12-gost-suites]
35 GC256B [draft-smyshlyaev-tls12-gost-suites]
36 GC256C [draft-smyshlyaev-tls12-gost-suites]
37 GC256D [draft-smyshlyaev-tls12-gost-suites]
38 GC512A [draft-smyshlyaev-tls12-gost-suites]
39 GC512B [draft-smyshlyaev-tls12-gost-suites]
40 GC512C [draft-smyshlyaev-tls12-gost-suites]

TLS SignatureAlgorithm (for TLSv1.2 and earlier)

Value Description Reference
64 gostr34102012_256 [draft-smyshlyaev-tls12-gost-suites]
65 gostr34102012_512 [draft-smyshlyaev-tls12-gost-suites]

TLS SignatureScheme (for TLSv1.3)

Value Description Reference
0x081A ecdsa_brainpoolP256r1_sha256 [draft-bruckert-brainpool-for-tls13]
0x081B ecdsa_brainpoolP384r1_sha384 [draft-bruckert-brainpool-for-tls13]
0x081C ecdsa_brainpoolP512r1_sha512 [draft-bruckert-brainpool-for-tls13]
@drwetter

This comment has been minimized.

Copy link
Owner

commented Mar 6, 2019

Thanks!

maybe we should watch the page (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml) with a cronjob or the CSV files...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.