diff options
| author | David Benjamin <davidben@chromium.org> | 2015-02-19 13:27:05 -0500 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-02-19 18:32:39 +0000 |
| commit | 195dc78c6e691fdbdc0d7a615deb84dbb0a19879 (patch) | |
| tree | d762704e8098134bd0b554d2018d0b76b31d2fe6 | |
| parent | 5f237bc843f4a4791667493d8748c903b8e540e4 (diff) | |
| download | boringssl-195dc78c6e691fdbdc0d7a615deb84dbb0a19879.zip boringssl-195dc78c6e691fdbdc0d7a615deb84dbb0a19879.tar.gz boringssl-195dc78c6e691fdbdc0d7a615deb84dbb0a19879.tar.bz2 | |
Allow False Start only for >= TLS 1.2 && AEAD && forward-secure && ALPN/NPN.
Tighten up the requirements for False Start. At this point, neither
AES-CBC or RC4 are something that we want to use unless we're sure that
the server wants to speak them.
Rebase of original CL at: https://boringssl-review.googlesource.com/#/c/1980/
BUG=427721
Change-Id: I9ef7a596edeb8df1ed070aac67c315b94f3cc77f
Reviewed-on: https://boringssl-review.googlesource.com/3501
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | ssl/ssl_lib.c | 33 | ||||
| -rw-r--r-- | ssl/test/runner/runner.go | 2 |
2 files changed, 15 insertions, 20 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index de57330..d070e82 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2893,26 +2893,19 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, } int ssl3_can_false_start(const SSL *s) { - const SSL_CIPHER *c; - - /* require a strong enough cipher */ - if (SSL_get_cipher_bits(s, NULL) < 128) { - return 0; - } - - /* require ALPN or NPN extension */ - if (!s->s3->alpn_selected && !s->s3->next_proto_neg_seen) { - return 0; - } - - /* require a forward-secret cipher */ - c = SSL_get_current_cipher(s); - if (!c || - (c->algorithm_mkey != SSL_kEDH && c->algorithm_mkey != SSL_kEECDH)) { - return 0; - } - - return 1; + const SSL_CIPHER *const cipher = SSL_get_current_cipher(s); + + /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or + * NPN. */ + return !SSL_IS_DTLS(s) && + SSL_version(s) >= TLS1_2_VERSION && + (s->s3->alpn_selected || s->s3->next_proto_neg_seen) && + cipher != NULL && + (cipher->algorithm_mkey == SSL_kEDH || + cipher->algorithm_mkey == SSL_kEECDH) && + (cipher->algorithm_enc == SSL_AES128GCM || + cipher->algorithm_enc == SSL_AES256GCM || + cipher->algorithm_enc == SSL_CHACHA20POLY1305); } const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ae7e0e2..8e9a948 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1742,6 +1742,8 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) expectedNextProtoType: npn, }) + // TODO(davidben): Add tests for when False Start doesn't trigger. + // Client does False Start and negotiates NPN. testCases = append(testCases, testCase{ protocol: protocol, |