diff options
| -rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 12 | ||||
| -rw-r--r-- | net/ssl/ssl_config.h | 13 |
2 files changed, 7 insertions, 18 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 8a860f3..a98b815 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -971,11 +971,13 @@ int SSLClientSocketOpenSSL::Init() { SSL_set_mode(ssl_, mode.set_mask); SSL_clear_mode(ssl_, mode.clear_mask); - // See SSLConfig::disabled_cipher_suites for description of the suites - // disabled by default. Note that SHA256 and SHA384 only select HMAC-SHA256 - // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384 - // as the handshake hash. - std::string command("DEFAULT:!SHA256:-SHA384:!AESGCM+AES256:!aPSK"); + // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers + // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable + // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not + // supported. As DHE is being deprecated, don't add a cipher only to remove it + // immediately. + std::string command( + "DEFAULT:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK"); if (ssl_config_.require_ecdhe) command.append(":!kRSA:!kDHE"); diff --git a/net/ssl/ssl_config.h b/net/ssl/ssl_config.h index 0a5a83d..21f4ccc 100644 --- a/net/ssl/ssl_config.h +++ b/net/ssl/ssl_config.h @@ -97,19 +97,6 @@ struct NET_EXPORT SSLConfig { // Presorted list of cipher suites which should be explicitly prevented from // being used in addition to those disabled by the net built-in policy. // - // By default, all cipher suites supported by the underlying SSL - // implementation will be enabled except for: - // - Null encryption cipher suites. - // - Weak cipher suites: < 80 bits of security strength. - // - FORTEZZA cipher suites (obsolete). - // - IDEA cipher suites (RFC 5469 explains why). - // - Anonymous cipher suites. - // - ECDSA cipher suites on platforms that do not support ECDSA signed - // certificates, as servers may use the presence of such ciphersuites as a - // hint to send an ECDSA certificate. - // The ciphers listed in |disabled_cipher_suites| will be removed in addition - // to the above list. - // // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in // big-endian form, they should be declared in host byte order, with the // first uint8_t occupying the most significant byte. |