Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
b0cf3f0d
Commit
b0cf3f0d
authored
May 17, 2017
by
Andrew Steinborn
Committed by
Matt Holt
May 17, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
tls: Prefer ChaCha20 if AES-NI instruction set is unavailable (#1675)
Fixes #1674
parent
8d3f3369
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
52 additions
and
18 deletions
+52
-18
caddytls/config.go
caddytls/config.go
+32
-2
caddytls/config_test.go
caddytls/config_test.go
+19
-1
caddytls/setup_test.go
caddytls/setup_test.go
+1
-15
No files found.
caddytls/config.go
View file @
b0cf3f0d
...
...
@@ -9,6 +9,7 @@ import (
"net/url"
"strings"
"github.com/codahale/aesnicheck"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
)
...
...
@@ -294,7 +295,7 @@ func (c *Config) buildStandardTLSConfig() error {
// default cipher suites
if
len
(
config
.
CipherSuites
)
==
0
{
config
.
CipherSuites
=
defaultCiphers
config
.
CipherSuites
=
getPreferredDefaultCiphers
()
}
// for security, ensure TLS_FALLBACK_SCSV is always included first
...
...
@@ -380,7 +381,7 @@ func RegisterConfigGetter(serverType string, fn ConfigGetter) {
func
SetDefaultTLSParams
(
config
*
Config
)
{
// If no ciphers provided, use default list
if
len
(
config
.
Ciphers
)
==
0
{
config
.
Ciphers
=
defaultCiphers
config
.
Ciphers
=
getPreferredDefaultCiphers
()
}
// Not a cipher suite, but still important for mitigating protocol downgrade attacks
...
...
@@ -464,6 +465,35 @@ var defaultCiphers = []uint16{
tls
.
TLS_RSA_WITH_AES_128_CBC_SHA
,
}
// List of ciphers we should prefer if native AESNI support is missing
var
defaultCiphersNonAESNI
=
[]
uint16
{
tls
.
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
tls
.
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
tls
.
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
tls
.
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
tls
.
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_128_CBC_SHA
,
}
// getPreferredDefaultCiphers returns an appropriate cipher suite to use, depending on
// the hardware support available for AES-NI.
//
// See https://github.com/mholt/caddy/issues/1674
func
getPreferredDefaultCiphers
()
[]
uint16
{
if
aesnicheck
.
HasAESNI
()
{
return
defaultCiphers
}
// Return a cipher suite that prefers ChaCha20
return
defaultCiphersNonAESNI
}
// Map of supported curves
// https://golang.org/pkg/crypto/tls/#CurveID
var
supportedCurvesMap
=
map
[
string
]
tls
.
CurveID
{
...
...
caddytls/config_test.go
View file @
b0cf3f0d
...
...
@@ -6,6 +6,8 @@ import (
"net/url"
"reflect"
"testing"
"github.com/codahale/aesnicheck"
)
func
TestConvertTLSConfigProtocolVersions
(
t
*
testing
.
T
)
{
...
...
@@ -60,10 +62,11 @@ func TestConvertTLSConfigCipherSuites(t *testing.T) {
{
Enabled
:
true
,
Ciphers
:
nil
},
}
defaultCiphersExpected
:=
getPreferredDefaultCiphers
()
expectedCiphers
:=
[][]
uint16
{
{
tls
.
TLS_FALLBACK_SCSV
,
0xc02c
,
0xc030
},
{
tls
.
TLS_FALLBACK_SCSV
,
0xc012
,
0xc030
,
0xc00a
},
append
([]
uint16
{
tls
.
TLS_FALLBACK_SCSV
},
defaultCiphers
...
),
append
([]
uint16
{
tls
.
TLS_FALLBACK_SCSV
},
defaultCiphers
Expected
...
),
}
for
i
,
config
:=
range
configs
{
...
...
@@ -79,6 +82,21 @@ func TestConvertTLSConfigCipherSuites(t *testing.T) {
}
}
func
TestGetPreferredDefaultCiphers
(
t
*
testing
.
T
)
{
expectedCiphers
:=
defaultCiphers
if
!
aesnicheck
.
HasAESNI
()
{
expectedCiphers
=
defaultCiphersNonAESNI
}
// Ensure ordering is correct and ciphers are what we expected.
result
:=
getPreferredDefaultCiphers
()
for
i
,
actual
:=
range
result
{
if
actual
!=
expectedCiphers
[
i
]
{
t
.
Errorf
(
"Expected cipher in position %d to be %0x, got %0x"
,
i
,
expectedCiphers
[
i
],
actual
)
}
}
}
func
TestStorageForNoURL
(
t
*
testing
.
T
)
{
c
:=
&
Config
{}
if
_
,
err
:=
c
.
StorageFor
(
""
);
err
==
nil
{
...
...
caddytls/setup_test.go
View file @
b0cf3f0d
...
...
@@ -58,21 +58,7 @@ func TestSetupParseBasic(t *testing.T) {
}
// Cipher checks
expectedCiphers
:=
[]
uint16
{
tls
.
TLS_FALLBACK_SCSV
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
,
tls
.
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
tls
.
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
tls
.
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
,
tls
.
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
,
tls
.
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_128_CBC_SHA
,
}
expectedCiphers
:=
append
([]
uint16
{
tls
.
TLS_FALLBACK_SCSV
},
getPreferredDefaultCiphers
()
...
)
// Ensure count is correct (plus one for TLS_FALLBACK_SCSV)
if
len
(
cfg
.
Ciphers
)
!=
len
(
expectedCiphers
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment