mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-21 15:41:00 +00:00
tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
Set hybrid TLS 1.2/1.3 as default server configuration if both TLS 1.2 and TLS 1.3 are enabled at build time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
43263c045a
commit
097ba146e7
@ -5300,14 +5300,8 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
||||
#endif
|
||||
} else {
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
} else {
|
||||
/* Hybrid TLS 1.2 / 1.3 is not supported on server side yet */
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
}
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
|
@ -65,7 +65,7 @@ void mbedtls_test_init_handshake_options(
|
||||
opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
opts->expected_handshake_result = 0;
|
||||
opts->expected_ciphersuite = 0;
|
||||
opts->pk_alg = MBEDTLS_PK_RSA;
|
||||
|
@ -1488,7 +1488,7 @@ do_run_test_once() {
|
||||
fi
|
||||
}
|
||||
|
||||
# Detect if the current test is going to use TLS 1.3.
|
||||
# Detect if the current test is going to use TLS 1.3 or TLS 1.2.
|
||||
# $1 and $2 contain the server and client command lines, respectively.
|
||||
#
|
||||
# Note: this function only provides some guess about TLS version by simply
|
||||
@ -1496,23 +1496,52 @@ do_run_test_once() {
|
||||
# for the sake of tests' filtering (especially in conjunction with the
|
||||
# detect_required_features() function), it does NOT guarantee that the
|
||||
# result is accurate. It does not check other conditions, such as:
|
||||
# - MBEDTLS_SSL_PROTO_TLS1_x can be disabled to selectively remove
|
||||
# TLS 1.2/1.3 support
|
||||
# - we can force a ciphersuite which contains "WITH" in its name, meaning
|
||||
# that we are going to use TLS 1.2
|
||||
# - etc etc
|
||||
get_tls_version() {
|
||||
# First check if the version is forced on an Mbed TLS peer
|
||||
case $1 in
|
||||
*tls1_3*|*tls13*)
|
||||
*tls12*)
|
||||
echo "TLS12"
|
||||
return;;
|
||||
*tls13*)
|
||||
echo "TLS13"
|
||||
return;;
|
||||
esac
|
||||
case $2 in
|
||||
*tls1_3*|*tls13*)
|
||||
*tls12*)
|
||||
echo "TLS12"
|
||||
return;;
|
||||
*tls13*)
|
||||
echo "TLS13"
|
||||
return;;
|
||||
esac
|
||||
echo "TLS12"
|
||||
# Second check if the version is forced on an OpenSSL or GnuTLS peer
|
||||
case $1 in
|
||||
tls1_2*)
|
||||
echo "TLS12"
|
||||
return;;
|
||||
*tls1_3)
|
||||
echo "TLS13"
|
||||
return;;
|
||||
esac
|
||||
case $2 in
|
||||
*tls1_2)
|
||||
echo "TLS12"
|
||||
return;;
|
||||
*tls1_3)
|
||||
echo "TLS13"
|
||||
return;;
|
||||
esac
|
||||
# Third if the version is not forced, if TLS 1.3 is enabled then the test
|
||||
# is aimed to run a TLS 1.3 handshake.
|
||||
if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_3
|
||||
then
|
||||
echo "TLS13"
|
||||
else
|
||||
echo "TLS12"
|
||||
fi
|
||||
}
|
||||
|
||||
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
|
||||
|
@ -361,7 +361,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Handshake, tls1_3
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3
|
||||
|
||||
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
@ -429,9 +429,13 @@ depends_on:MBEDTLS_SSL_PROTO_DTLS
|
||||
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
|
||||
|
||||
Handshake min/max version check, all -> 1.2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Handshake min/max version check, all -> 1.3
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
|
@ -2533,13 +2533,18 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int
|
||||
options.pk_alg = MBEDTLS_PK_RSA;
|
||||
|
||||
/*
|
||||
* If both TLS 1.2 and 1.3 are enabled and we want to do a TLS 1.3
|
||||
* handshake, force the TLS 1.3 version on the server.
|
||||
* If both TLS 1.2 and 1.3 are enabled and we want to do a TLS 1.2
|
||||
* handshake, force the TLS 1.2 version on endpoint under test.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
|
||||
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
if (MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) {
|
||||
if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
|
||||
options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
} else {
|
||||
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -2623,6 +2628,10 @@ void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls)
|
||||
options.psk_str = psk_str;
|
||||
options.pk_alg = pk_alg;
|
||||
|
||||
options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
@ -2663,6 +2672,11 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str,
|
||||
options.opaque_usage = psa_usage;
|
||||
options.expected_handshake_result = expected_handshake_result;
|
||||
options.expected_ciphersuite = expected_ciphersuite;
|
||||
|
||||
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
@ -2687,9 +2701,10 @@ void app_data(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
options.expected_cli_fragments = expected_cli_fragments;
|
||||
options.expected_srv_fragments = expected_srv_fragments;
|
||||
options.dtls = dtls;
|
||||
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
#endif
|
||||
|
||||
options.client_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
|
||||
@ -2701,7 +2716,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
int expected_srv_fragments)
|
||||
@ -2735,7 +2750,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void handshake_serialization()
|
||||
{
|
||||
mbedtls_test_handshake_test_options options;
|
||||
@ -2743,6 +2758,7 @@ void handshake_serialization()
|
||||
|
||||
options.serialize = 1;
|
||||
options.dtls = 1;
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
goto exit;
|
||||
@ -2751,7 +2767,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
void handshake_fragmentation(int mfl,
|
||||
int expected_srv_hs_fragmentation,
|
||||
int expected_cli_hs_fragmentation)
|
||||
@ -2765,6 +2781,7 @@ void handshake_fragmentation(int mfl,
|
||||
|
||||
mbedtls_test_init_handshake_options(&options);
|
||||
options.dtls = 1;
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.mfl = mfl;
|
||||
/* Set cipher to one using CBC so that record splitting can be tested */
|
||||
options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
|
||||
@ -2799,6 +2816,7 @@ void renegotiation(int legacy_renegotiation)
|
||||
options.renegotiate = 1;
|
||||
options.legacy_renegotiation = legacy_renegotiation;
|
||||
options.dtls = 1;
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
|
||||
@ -2809,7 +2827,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 */
|
||||
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
|
||||
int serialize, int dtls, char *cipher)
|
||||
{
|
||||
@ -2822,6 +2840,9 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
|
||||
options.legacy_renegotiation = legacy_renegotiation;
|
||||
options.serialize = serialize;
|
||||
options.dtls = dtls;
|
||||
if (dtls) {
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
}
|
||||
options.resize_buffers = 1;
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
@ -3291,6 +3312,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
||||
|
||||
mbedtls_test_init_handshake_options(&options);
|
||||
options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
|
||||
/* Client side, force SECP256R1 to make one key bitflip fail
|
||||
* the raw key agreement. Flipping the first byte makes the
|
||||
|
Loading…
x
Reference in New Issue
Block a user