Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 #1363

Merged
merged 3 commits into from
Sep 8, 2017
Merged

bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 #1363

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
baebeb5
bpo-29136: Add TLS 1.3 support
tiran Apr 30, 2017
141abfc
Fix typos, thx Antoine
tiran Sep 5, 2017
bca26e8
Change wording of OP_NO_TLSv1_3 doc, thx Gregs
tiran Sep 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 26 additions & 2 deletions Doc/library/ssl.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,11 +193,11 @@ instead.
.. table::

======================== ============ ============ ============= ========= =========== ===========
*client* / **server** **SSLv2** **SSLv3** **TLS** **TLSv1** **TLSv1.1** **TLSv1.2**
*client* / **server** **SSLv2** **SSLv3** **TLS** [3]_ **TLSv1** **TLSv1.1** **TLSv1.2**
------------------------ ------------ ------------ ------------- --------- ----------- -----------
*SSLv2* yes no no [1]_ no no no
*SSLv3* no yes no [2]_ no no no
*TLS* (*SSLv23*) no [1]_ no [2]_ yes yes yes yes
*TLS* (*SSLv23*) [3]_ no [1]_ no [2]_ yes yes yes yes
*TLSv1* no no yes yes no no
*TLSv1.1* no no yes no yes no
*TLSv1.2* no no yes no no yes
Expand All @@ -206,6 +206,9 @@ instead.
.. rubric:: Footnotes
.. [1] :class:`SSLContext` disables SSLv2 with :data:`OP_NO_SSLv2` by default.
.. [2] :class:`SSLContext` disables SSLv3 with :data:`OP_NO_SSLv3` by default.
.. [3] TLS 1.3 protocol will be available with :data:`PROTOCOL_TLS` in
OpenSSL >= 1.1.1. There is no dedicated PROTOCOL constant for just
TLS 1.3.

.. note::

Expand Down Expand Up @@ -294,6 +297,11 @@ purposes.

3DES was dropped from the default cipher string.

.. versionchanged:: 3.7

TLS 1.3 cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
and TLS_CHACHA20_POLY1305_SHA256 were added to the default cipher string.


Random generation
^^^^^^^^^^^^^^^^^
Expand Down Expand Up @@ -764,6 +772,16 @@ Constants

.. versionadded:: 3.4

.. data:: OP_NO_TLSv1_3

Prevents a TLSv1.3 connection. This option is only applicable in conjunction
with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.3 as
the protocol version. TLS 1.3 is available with OpenSSL 1.1.1 or later.
When Python has been compiled against an older version of OpenSSL, the
flag defaults to *0*.

.. versionadded:: 3.7

.. data:: OP_CIPHER_SERVER_PREFERENCE

Use the server's cipher ordering preference, rather than the client's.
Expand Down Expand Up @@ -838,6 +856,12 @@ Constants

.. versionadded:: 3.3

.. data:: HAS_TLSv1_3

Whether the OpenSSL library has built-in support for the TLS 1.3 protocol.

.. versionadded:: 3.7

.. data:: CHANNEL_BINDING_TYPES

List of supported TLS channel binding types. Strings in this list
Expand Down
8 changes: 7 additions & 1 deletion Lib/ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@
pass


from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3
from _ssl import _OPENSSL_API_VERSION


Expand Down Expand Up @@ -178,6 +178,7 @@
# (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
# Enable a better set of ciphers by default
# This list has been explicitly chosen to:
# * TLS 1.3 ChaCha20 and AES-GCM cipher suites
# * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
# * Prefer ECDHE over DHE for better performance
# * Prefer AEAD over CBC for better performance and security
Expand All @@ -189,13 +190,16 @@
# * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs
# for security reasons
_DEFAULT_CIPHERS = (
'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:'
'TLS13-AES-128-GCM-SHA256:'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this just be expressed as TLS13? Should it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can't :( I tried it with latest master:

Error in cipher list
0:error:2506906C:DSO support routines:DSO_pathbyaddr:functionality not supported:crypto/dso/dso_lib.c:315:
0:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2303:

'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
'!aNULL:!eNULL:!MD5:!3DES'
)

# Restricted and more secure ciphers for the server side
# This list has been explicitly chosen to:
# * TLS 1.3 ChaCha20 and AES-GCM cipher suites
# * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
# * Prefer ECDHE over DHE for better performance
# * Prefer AEAD over CBC for better performance and security
Expand All @@ -206,6 +210,8 @@
# * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and
# 3DES for security reasons
_RESTRICTED_SERVER_CIPHERS = (
'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:'
'TLS13-AES-128-GCM-SHA256:'
'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
'!aNULL:!eNULL:!MD5:!DSS:!RC4:!3DES'
Expand Down
32 changes: 32 additions & 0 deletions Lib/test/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,13 @@ def test_constants(self):
ssl.OP_NO_COMPRESSION
self.assertIn(ssl.HAS_SNI, {True, False})
self.assertIn(ssl.HAS_ECDH, {True, False})
ssl.OP_NO_SSLv2
ssl.OP_NO_SSLv3
ssl.OP_NO_TLSv1
ssl.OP_NO_TLSv1_3
if ssl.OPENSSL_VERSION_INFO >= (1, 0, 1):
ssl.OP_NO_TLSv1_1
ssl.OP_NO_TLSv1_2

def test_str_for_enums(self):
# Make sure that the PROTOCOL_* constants have enum-like string
Expand Down Expand Up @@ -3088,12 +3095,33 @@ def test_version_basic(self):
self.assertEqual(s.version(), 'TLSv1')
self.assertIs(s.version(), None)

@unittest.skipUnless(ssl.HAS_TLSv1_3,
"test requires TLSv1.3 enabled OpenSSL")
def test_tls1_3(self):
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.load_cert_chain(CERTFILE)
# disable all but TLS 1.3
context.options |= (
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
)
with ThreadedEchoServer(context=context) as server:
with context.wrap_socket(socket.socket()) as s:
s.connect((HOST, server.port))
self.assertIn(s.cipher()[0], [
'TLS13-AES-256-GCM-SHA384',
'TLS13-CHACHA20-POLY1305-SHA256',
'TLS13-AES-128-GCM-SHA256',
])

@unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
def test_default_ecdh_curve(self):
# Issue #21015: elliptic curve-based Diffie Hellman key exchange
# should be enabled by default on SSL contexts.
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.load_cert_chain(CERTFILE)
# TLSv1.3 defaults to PFS key agreement and no longer has KEA in
# cipher name.
context.options |= ssl.OP_NO_TLSv1_3
# Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
# explicitly using the 'ECCdraft' cipher alias. Otherwise,
# our default cipher list should prefer ECDH-based ciphers
Expand Down Expand Up @@ -3522,6 +3550,10 @@ def test_session_handling(self):
context2.load_verify_locations(CERTFILE)
context2.load_cert_chain(CERTFILE)

# TODO: session reuse does not work with TLS 1.3
context.options |= ssl.OP_NO_TLSv1_3
context2.options |= ssl.OP_NO_TLSv1_3

server = ThreadedEchoServer(context=context, chatty=False)
with server:
with context.wrap_socket(socket.socket()) as s:
Expand Down
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Library/2017-09-04-16-39-49.bpo-29136.vSn1oR.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add TLS 1.3 cipher suites and OP_NO_TLSv1_3.
13 changes: 13 additions & 0 deletions Modules/_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5350,6 +5350,11 @@ PyInit__ssl(void)
#if HAVE_TLSv1_2
PyModule_AddIntConstant(m, "OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1);
PyModule_AddIntConstant(m, "OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2);
#endif
#ifdef SSL_OP_NO_TLSv1_3
PyModule_AddIntConstant(m, "OP_NO_TLSv1_3", SSL_OP_NO_TLSv1_3);
#else
PyModule_AddIntConstant(m, "OP_NO_TLSv1_3", 0);
#endif
PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE",
SSL_OP_CIPHER_SERVER_PREFERENCE);
Expand Down Expand Up @@ -5399,6 +5404,14 @@ PyInit__ssl(void)
Py_INCREF(r);
PyModule_AddObject(m, "HAS_ALPN", r);

#if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3)
r = Py_True;
#else
r = Py_False;
#endif
Py_INCREF(r);
PyModule_AddObject(m, "HAS_TLSv1_3", r);

/* Mappings for error codes */
err_codes_to_names = PyDict_New();
err_names_to_codes = PyDict_New();
Expand Down