commit 4e3a63c13ccd40f09d2c0bcd8cae93ccfe4fb0d7
parent b2790caacc105a99439da717de2b78f18f297d78
Author: David Goulet <dgoulet@torproject.org>
Date: Thu, 26 Jun 2025 12:16:45 -0400
Merge branch 'maint-0.4.8'
Diffstat:
5 files changed, 47 insertions(+), 5 deletions(-)
diff --git a/changes/tls13-cipher b/changes/tls13-cipher
@@ -0,0 +1,2 @@
+ o Minor feature (client, TLS):
+ - Set the TLS 1.3 cipher list instead of falling back on the default value.
diff --git a/configure.ac b/configure.ac
@@ -1156,8 +1156,9 @@ dnl confusing with LibreSSL, OpenSSL, and various distributions' patches
dnl to them.
AC_CHECK_FUNCS([ \
EVP_PBE_scrypt \
- SSL_CTX_set_security_level
- ])
+ SSL_CTX_set_security_level \
+ SSL_set_ciphersuites
+])
fi # enable_nss
diff --git a/src/lib/tls/ciphers_v13.inc b/src/lib/tls/ciphers_v13.inc
@@ -0,0 +1,15 @@
+/* Here are the TLS1.3 ciphers. Note that we don't have XCIPHER instances
+ * here, since we don't want to ever fake them.
+ *
+ * This matches Firefox's list:
+ * https://searchfox.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#100
+ */
+#ifdef TLS1_3_RFC_AES_128_GCM_SHA256
+ CIPHER(0x1301, TLS1_3_RFC_AES_128_GCM_SHA256)
+#endif
+#ifdef TLS1_3_RFC_CHACHA20_POLY1305_SHA256
+ CIPHER(0x1303, TLS1_3_RFC_CHACHA20_POLY1305_SHA256)
+#endif
+#ifdef TLS1_3_RFC_AES_256_GCM_SHA384
+ CIPHER(0x1302, TLS1_3_RFC_AES_256_GCM_SHA384)
+#endif
diff --git a/src/lib/tls/include.am b/src/lib/tls/include.am
@@ -33,6 +33,7 @@ src_lib_libtor_tls_testing_a_CFLAGS = \
# ADD_C_FILE: INSERT HEADERS HERE.
noinst_HEADERS += \
src/lib/tls/ciphers.inc \
+ src/lib/tls/ciphers_v13.inc \
src/lib/tls/buffers_tls.h \
src/lib/tls/nss_countbytes.h \
src/lib/tls/tortls.h \
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -383,6 +383,12 @@ static const char CLIENT_CIPHER_LIST[] =
* of any cipher we say. */
"!SSLv2"
;
+static char CLIENT_CIPHER_LIST_TLSv13[] =
+#ifndef COCCI
+#include "lib/tls/ciphers_v13.inc"
+#endif
+ ""
+ ;
#undef CIPHER
#undef XCIPHER
@@ -666,9 +672,26 @@ tor_tls_new(tor_socket_t sock, int isServer)
}
#endif /* defined(SSL_CTRL_SET_MAX_PROTO_VERSION) */
- if (!SSL_set_cipher_list(result->ssl,
- isServer ? UNRESTRICTED_TLS1_2_SERVER_CIPHER_LIST
- : CLIENT_CIPHER_LIST)) {
+ /* Contrary to SSL_set_cipher_list(), TLSv1.3 SSL_set_ciphersuites() does NOT
+ * accept the final ':' so we have to strip it out. */
+ size_t TLSv13len = strlen(CLIENT_CIPHER_LIST_TLSv13);
+ if (TLSv13len && CLIENT_CIPHER_LIST_TLSv13[TLSv13len - 1] == ':') {
+ CLIENT_CIPHER_LIST_TLSv13[TLSv13len - 1] = '\0';
+ }
+
+ const bool tls12_ciphers_ok = SSL_set_cipher_list(
+ result->ssl,
+ isServer ? UNRESTRICTED_TLS1_2_SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST);
+
+ bool tls13_ciphers_ok = true;
+#ifdef HAVE_SSL_SET_CIPHERSUITES
+ if (!isServer) {
+ tls13_ciphers_ok =
+ SSL_set_ciphersuites(result->ssl, CLIENT_CIPHER_LIST_TLSv13);
+ }
+#endif
+
+ if (!tls12_ciphers_ok || !tls13_ciphers_ok) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "setting ciphers");
#ifdef SSL_set_tlsext_host_name
SSL_set_tlsext_host_name(result->ssl, NULL);
