support ECDHE ciphers in TLS 1.2 and below #414

hannesm · 2020-06-12T11:03:28Z

fixes #413 and #362

implementation according to RFC 8422 https://tools.ietf.org/html/rfc8422

also removes (unused) code for arbitrary ECC (only named curves are supported)
also removes (unused) code for non-uncompressed EC values
removes ECPointFormat extension support (not needed as stated in 8422) -- in case there are TLS implementations requiring this we can re-add it later (I was not able to find any)

- only named curve type is supported - only uncompressed ec point format this follows RFC 8422

there is no plan to ever implement them, no need to keep them around

0x0b 0x00 0x00 0x03 0x00 0x00 0x00 instead of 0x0b 0x00 0x00 0x00

instead, do it in the applications

@hannesm

CHANGES: in mirleft/ocaml-tls#414 by @hannesm * Drop support for RC4 ciphersuite * Raise lower TLS version in default configuration to 1.2 * tls_lwt no longer calls Mirage_crypto_rng_unix.initialize -- this needs to be done in the application, inside Lwt_main.run: `Mirage_crypto_rng_lwt.initialize () >>= fun () ->` * Support ECDHE ciphersuites in TLS 1.2 and below as specified in RFC 8422 (requested in mirleft/ocaml-tls#413 by @ryanakca, also in mirleft/ocaml-tls#362 by @orbitz @annubiz) * drop "TLS_" prefix from ciphersuite constructors * BUGFIX: TLS client (<= 1.2) assembling an empty Certificate message (noticed in mirleft/ocaml-tls#413, present since 0.12.0 release) * Cleanup Packet.any_ciphersuite list (remove ARIA, CAMELLIA, KRB5, EXPORT) * Adapt interoperability test scripts with TLS 1.3 support

deprecate some unused pre-1.3 EC code:

a896b9d

- only named curve type is supported - only uncompressed ec point format this follows RFC 8422

This was referenced Jun 12, 2020

Fails with UNEXPECTED_MESSAGE or HANDSHAKE_FAILURE where openssl succeeds #413

Closed

Gettin TLS Alert "Handshake Failure" for many HTTPS sites #362

Closed

hannesm force-pushed the ecdhe-1-2 branch 2 times, most recently from e0814c2 to a967412 Compare June 12, 2020 12:17

hannesm added 7 commits June 12, 2020 16:14

support ECDHE in tls <= 1.2

81d961d

interop: test ECDHE and tls 1.3

c4daf48

remove ECPointFormat support, this is not needed (see RFC 8422)

b5ecf82

drop TLS_ prefix from ciphersuite and ciphersuite13 constructors

7b61f93

remove ARIA, CAMELLIA, KRB5, and EXPORT ciphersuites

5c54b64

there is no plan to ever implement them, no need to keep them around

remove RC4 support

666f4bf

config: raise default lower protocol version to 1.2

39613df

hannesm force-pushed the ecdhe-1-2 branch from 8cfbcfc to 39613df Compare June 12, 2020 14:15

hannesm added 3 commits June 12, 2020 16:23

fix examples (and interop tests)

e3b13de

client: output empty certificate chain as Certificate with empty data

4544516

0x0b 0x00 0x00 0x03 0x00 0x00 0x00 instead of 0x0b 0x00 0x00 0x00

[ci skip] changes for 0.12.1 release

b74e45a

hannesm force-pushed the ecdhe-1-2 branch from d4e0e89 to b74e45a Compare June 12, 2020 15:18

Tls_lwt: do not initialize the Mirage_crypto_rng

6e949d7

instead, do it in the applications

hannesm merged commit fafa0f4 into mirleft:master Jun 12, 2020

hannesm mentioned this pull request Jun 12, 2020

[new release] tls-mirage and tls (0.12.1) ocaml/opam-repository#16625

Merged

support ECDHE ciphers in TLS 1.2 and below #414

support ECDHE ciphers in TLS 1.2 and below #414

Conversation

hannesm commented Jun 12, 2020 • edited

hannesm commented Jun 12, 2020 •

edited