crypto/tls: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig? #23204

rsm10 · 2017-12-21T00:55:25Z

I am using go1.9, and just have a question around how the correct way to disable certain ciphers from TLS.

I want to disable TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA and TLS_RSA_WITH_3DES_EDE_CBC_SHA. I can do this by just specifying the "CipherSuites: cipherSuites" in tls.Config.

Example:

cipherSuites := []uint16{
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
	// tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
	tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_RSA_WITH_AES_128_CBC_SHA,
	tls.TLS_RSA_WITH_AES_256_CBC_SHA,

}

t = &tls.Config{ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: capool, CipherSuites: cipherSuites}

However, when new algorithms are added in the future I will need to keep updating this. Is there a way to just remove certain algorithms from the default? Ie. in crypto/tls/cipher_suites.go line 78; if I could just switch the 3DES to have suiteDefaultOff at runtime; this would be a nicer way to solve my problem. Does anything like this exist?

78 var cipherSuites = []*cipherSuite{
79 // Ciphersuite order is chosen so that ECDHE comes before plain RSA and
80 // AEADs are the top preference.
81 {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
82 {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
83 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM},
84 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM},
85 {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
86 {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
87 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
88 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
89 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
90 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
91 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
92 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
93 {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM},
94 {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
95 {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
96 {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
97 {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
98 {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil},
99 {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil},
100
101 // RC4-based cipher suites are disabled by default.
102 {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil},
103 {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil},
104 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil},
105 }

bradfitz · 2017-12-21T05:45:30Z

Not without a bit of work.

In some other bug (can't find it now) I had shared a snippet of code to get out that list at runtime by using the TLS client against a dummy in-memory server with its GetCertificate func(*ClientHelloInfo) (*Certificate, error) hook set.

But with that, you can write the little ciphersuite-filtering func you desire.

Hope that answers your question.

But in general we tend to use other forums for questions (https://golang.org/wiki/Questions).

bradfitz closed this Dec 21, 2017

mikioh changed the title ~~Question: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig?~~ crypto/tls: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig? Jan 5, 2018

golang locked and limited conversation to collaborators Jan 5, 2019

gopherbot added the FrozenDueToAge label Jan 5, 2019

golang / go

crypto/tls: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig? #23204

crypto/tls: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig? #23204

rsm10 commented Dec 21, 2017

This comment has been minimized.

bradfitz commented Dec 21, 2017

golang / go

Join GitHub today

crypto/tls: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig? #23204

crypto/tls: can we disable specific ciphers for TLS without just supplying a fully populated CipherSuites to tlsConfig? #23204

Comments

rsm10 commented Dec 21, 2017

This comment has been minimized.

bradfitz commented Dec 21, 2017