From ba77c332de3d2b8e6a0fa11b5d725a8db5514e55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Thu, 14 Nov 2019 09:14:48 +0100 Subject: [PATCH 1/5] Remove some FFDHE groups from BSI TLS policy BSI TR-02102-2 version 2019-01 explicitly lists the FFDHE groups recommended now. ffdhe6144 and ffdhe8192 are not listed, so we remove them from the BSI TLS policy. --- src/lib/tls/tls_policy.h | 2 -- src/tests/data/tls-policy/bsi.txt | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index b076d5f9d67..de315349622 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -451,8 +451,6 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy Group_Params::BRAINPOOL256R1, Group_Params::SECP384R1, Group_Params::SECP256R1, - Group_Params::FFDHE_8192, - Group_Params::FFDHE_6144, Group_Params::FFDHE_4096, Group_Params::FFDHE_3072, Group_Params::FFDHE_2048 diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index c627774723c..f69e0337643 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -9,7 +9,7 @@ signature_hashes = SHA-384 SHA-256 macs = AEAD SHA-384 SHA-256 key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK signature_methods = ECDSA RSA DSA -key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 +key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 minimum_dh_group_size = 2000 minimum_dsa_group_size = 2000 minimum_ecdh_group_size = 250 From 9b01decb7f30a474cd6329811edcad54c2983a09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Thu, 14 Nov 2019 09:45:57 +0100 Subject: [PATCH 2/5] Add AES-128/CCM and AES-256/CCM ciphersuites to BSI TLS policy BSI TR-02102-1 version 2019-01 added CCM ciphersuites as recommended, so we add them to the BSI TLS policy. --- src/lib/tls/tls_policy.h | 2 +- src/tests/data/tls-policy/bsi.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index de315349622..3d9d02913f1 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -420,7 +420,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy public: std::vector allowed_ciphers() const override { - return std::vector({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128" }); + return std::vector({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128", "AES-256/CCM", "AES-128/CCM"}); } std::vector allowed_signature_hashes() const override diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index f69e0337643..af7b37d9407 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -4,7 +4,7 @@ allow_tls12 = true allow_dtls10 = false allow_dtls12 = false -ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 +ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM signature_hashes = SHA-384 SHA-256 macs = AEAD SHA-384 SHA-256 key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK From 070d1cf60fab1e0eac46298c87c7093d733d81f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Thu, 14 Nov 2019 10:24:23 +0100 Subject: [PATCH 3/5] Add SHA-512 to BSI TLS policy's allowed sigatures hashes --- src/lib/tls/tls_policy.h | 2 +- src/tests/data/tls-policy/bsi.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 3d9d02913f1..ca2c08606db 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -425,7 +425,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy std::vector allowed_signature_hashes() const override { - return std::vector({"SHA-384", "SHA-256"}); + return std::vector({"SHA-512", "SHA-384", "SHA-256"}); } std::vector allowed_macs() const override diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index af7b37d9407..802c5c9b845 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -5,7 +5,7 @@ allow_dtls10 = false allow_dtls12 = false ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM -signature_hashes = SHA-384 SHA-256 +signature_hashes = SHA-512 SHA-384 SHA-256 macs = AEAD SHA-384 SHA-256 key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK signature_methods = ECDSA RSA DSA From 22eacdd63eda0b3749409edb3e5e3c3bcf8ec7f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Thu, 14 Nov 2019 11:56:21 +0100 Subject: [PATCH 4/5] Remove non-ephemeral PSK ciphersuites from BSI TLS policy --- src/lib/tls/tls_policy.h | 2 +- src/tests/data/tls-policy/bsi.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index ca2c08606db..c4ddcd65cf4 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -435,7 +435,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy std::vector allowed_key_exchange_methods() const override { - return std::vector({"ECDH", "DH", "PSK", "ECDHE_PSK", "DHE_PSK"}); + return std::vector({"ECDH", "DH", "ECDHE_PSK", "DHE_PSK"}); } std::vector allowed_signature_methods() const override diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index 802c5c9b845..fec2849edd8 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -7,7 +7,7 @@ allow_dtls12 = false ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM signature_hashes = SHA-512 SHA-384 SHA-256 macs = AEAD SHA-384 SHA-256 -key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK +key_exchange_methods = ECDH DH ECDHE_PSK DHE_PSK signature_methods = ECDSA RSA DSA key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 minimum_dh_group_size = 2000 From 4fca820cc70826451881dbe5410b17efd9ceee96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Korthaus?= Date: Fri, 15 Nov 2019 10:22:54 +0100 Subject: [PATCH 5/5] Prefer CCM over CBC ciphersuites --- src/lib/tls/tls_policy.h | 2 +- src/tests/data/tls-policy/bsi.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index c4ddcd65cf4..4fbbd754536 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -420,7 +420,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy public: std::vector allowed_ciphers() const override { - return std::vector({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128", "AES-256/CCM", "AES-128/CCM"}); + return std::vector({"AES-256/GCM", "AES-128/GCM", "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128"}); } std::vector allowed_signature_hashes() const override diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index fec2849edd8..93514181235 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -4,7 +4,7 @@ allow_tls12 = true allow_dtls10 = false allow_dtls12 = false -ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM +ciphers = AES-256/GCM AES-128/GCM AES-256/CCM AES-128/CCM AES-256 AES-128 signature_hashes = SHA-512 SHA-384 SHA-256 macs = AEAD SHA-384 SHA-256 key_exchange_methods = ECDH DH ECDHE_PSK DHE_PSK