Skip to content

SSL_CTX_set_cipher_list always adds TLS 1.3 ciphers #7196

New issue
New issue
Closed
Closed
SSL_CTX_set_cipher_list always adds TLS 1.3 ciphers#7196
@reaperhulk

Description

@reaperhulk
reaperhulk
opened on Sep 12, 2018

In OpenSSL 1.1.0 and below if you passed a pattern to SSL_CTX_set_cipher_list that didn't match any ciphers the function would return 0 and not set any cipher suites. As of 1.1.1 the TLS 1.3 ciphers are added unconditionally

openssl/ssl/ssl_ciph.c

Lines 1597 to 1604 in 88ea368

/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
if (!sk_SSL_CIPHER_push(cipherstack,
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
}
so this function can't return an empty cipher suite list. You can see this behavior with this example which will fail the assert under 1.1.1 but pass in 1.1.0.

#include <openssl/ssl.h>
#include <assert.h>


int main(void) {
    int res;
    SSL_CTX *ctx = SSL_CTX_new(TLS_method());
    res = SSL_CTX_set_cipher_list(ctx, "nonsense");
    STACK_OF(SSL_CIPHER) *sk_ciphers = SSL_CTX_get_ciphers(ctx);
    assert(sk_SSL_CIPHER_num(sk_ciphers) == 0);
    return 0;
}

Additionally, even passing the deprecated TLSv1_2_method to constrain the connection to 1.2 will add the ciphers.

The TLS 1.3 suites being added while ignoring the filter was presumably done to prevent situations where custom cipher suite specification would prevent the use of TLS 1.3, but the intermingling of TLS 1.3 and previous cipher suites here where the documented filter is not always applied is more than a little confusing.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions