Add support for preferring the server's cipher list or the client's cipher

list. Prefer the server's cipher list by default.

Based on a diff from Kyle Thompson <jmp at giga dot moe>.

ok beck@ bcook@

5 files changed, 47 insertions, 8 deletions

diff --git a/lib/libtls/tls.h b/lib/libtls/tls.h
index 1a6257232c5..579a97798e8 100644
--- a/lib/libtls/tls.h
+++ b/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.14 2015/09/09 19:23:04 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.15 2015/09/10 09:10:42 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -66,8 +66,8 @@ int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
 void tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
 void tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
 
-void tls_config_clear_keys(struct tls_config *_config);
-int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);
+void tls_config_prefer_ciphers_client(struct tls_config *_config);
+void tls_config_prefer_ciphers_server(struct tls_config *_config);
 
 void tls_config_insecure_noverifycert(struct tls_config *_config);
 void tls_config_insecure_noverifyname(struct tls_config *_config);
@@ -76,6 +76,9 @@ void tls_config_verify(struct tls_config *_config);
 void tls_config_verify_client(struct tls_config *_config);
 void tls_config_verify_client_optional(struct tls_config *_config);
 
+void tls_config_clear_keys(struct tls_config *_config);
+int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);
+
 struct tls *tls_client(void);
 struct tls *tls_server(void);
 int tls_configure(struct tls *_ctx, struct tls_config *_config);
diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c
index 2a0033b3bdf..4d536853c81 100644
--- a/lib/libtls/tls_config.c
+++ b/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.11 2015/09/09 19:49:07 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.12 2015/09/10 09:10:42 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -80,6 +80,8 @@ tls_config_new(void)
 	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
 	tls_config_set_verify_depth(config, 6);
 	
+	tls_config_prefer_ciphers_server(config);
+
 	tls_config_verify(config);
 
 	return (config);
@@ -283,6 +285,18 @@ tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
 }
 
 void
+tls_config_prefer_ciphers_client(struct tls_config *config)
+{
+	config->ciphers_server = 0;
+}
+
+void
+tls_config_prefer_ciphers_server(struct tls_config *config)
+{
+	config->ciphers_server = 1;
+}
+
+void
 tls_config_insecure_noverifycert(struct tls_config *config)
 {
 	config->verify_cert = 0;
diff --git a/lib/libtls/tls_init.3 b/lib/libtls/tls_init.3
index 16495112ff6..17822d444d8 100644
--- a/lib/libtls/tls_init.3
+++ b/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.25 2015/07/19 17:10:23 jmc Exp $
+.\" $OpenBSD: tls_init.3,v 1.26 2015/09/10 09:10:42 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 19 2015 $
+.Dd $Mdocdate: September 10 2015 $
 .Dt TLS_INIT 3
 .Os
 .Sh NAME
@@ -35,6 +35,8 @@
 .Nm tls_config_set_key_mem ,
 .Nm tls_config_set_protocols ,
 .Nm tls_config_set_verify_depth ,
+.Nm tls_config_prefer_ciphers_client ,
+.Nm tls_config_prefer_ciphers_server ,
 .Nm tls_config_clear_keys ,
 .Nm tls_config_insecure_noverifycert ,
 .Nm tls_config_insecure_noverifyname ,
@@ -92,6 +94,10 @@
 .Ft "void"
 .Fn tls_config_set_verify_depth "struct tls_config *config" "int verify_depth"
 .Ft "void"
+.Fn tls_config_prefer_ciphers_client "struct tls_config *config"
+.Ft "void"
+.Fn tls_config_prefer_ciphers_server "struct tls_config *config"
+.Ft "void"
 .Fn tls_config_clear_keys "struct tls_config *config"
 .Ft "void"
 .Fn tls_config_insecure_noverifycert "struct tls_config *config"
@@ -291,6 +297,17 @@ Additionally, the values
 (TLSv1.2 only) may be used.
 .Em (Client and server)
 .It
+.Fn tls_config_prefer_ciphers_client
+prefers ciphers in the client's cipher list when selecting a cipher suite.
+This is considered to be less secure than preferring the server's list.
+.Em (Server)
+.It
+.Fn tls_config_prefer_ciphers_server
+prefers ciphers in the server's cipher list when selecting a cipher suite.
+This is considered to be more secure than preferring the client's list and is
+the default.
+.Em (Server)
+.It
 .Fn tls_config_clear_keys
 clears any secret keys from memory.
 .Em (Server)
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 58834c999f0..78ae542cb6d 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.16 2015/09/09 19:23:04 beck Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.17 2015/09/10 09:10:42 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -35,6 +35,7 @@ struct tls_config {
 	char *cert_mem;
 	size_t cert_len;
 	const char *ciphers;
+	int ciphers_server;
 	int dheparams;
 	int ecdhecurve;
 	const char *key_file;
diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c
index 8fa876c6fd5..a3cee095962 100644
--- a/lib/libtls/tls_server.c
+++ b/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.13 2015/09/09 19:49:07 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.14 2015/09/10 09:10:42 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -88,6 +88,10 @@ tls_configure_server(struct tls *ctx)
 		EC_KEY_free(ecdh_key);
 	}
 
+	if (ctx->config->ciphers_server == 1)
+		SSL_CTX_set_options(ctx->ssl_ctx,
+		    SSL_OP_CIPHER_SERVER_PREFERENCE); 
+
 	/*
 	 * Set session ID context to a random value.  We don't support
 	 * persistent caching of sessions so it is OK to set a temporary