Allow False Start only for >= TLS 1.2 && AEAD && forward-secure && ALPN/NPN.

Tighten up the requirements for False Start. At this point, neither AES-CBC or RC4 are something that we want to use unless we're sure that the server wants to speak them. Rebase of original CL at: https://boringssl-review.googlesource.com/#/c/1980/ BUG=427721 Change-Id: I9ef7a596edeb8df1ed070aac67c315b94f3cc77f Reviewed-on: https://boringssl-review.googlesource.com/3501 Reviewed-by: Adam Langley <agl@google.com>
2015-02-19 13:27:05 -05:00 · 2015-02-19 13:27:05 -05:00 · 195dc78c6e
commit 195dc78c6e
parent 5f237bc843
2 changed files with 14 additions and 19 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -2893,26 +2893,19 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
 }

 int ssl3_can_false_start(const SSL *s) {
-  const SSL_CIPHER *c;
+  const SSL_CIPHER *const cipher = SSL_get_current_cipher(s);

-  /* require a strong enough cipher */
-  if (SSL_get_cipher_bits(s, NULL) < 128) {
-    return 0;
-  }
-
-  /* require ALPN or NPN extension */
-  if (!s->s3->alpn_selected && !s->s3->next_proto_neg_seen) {
-    return 0;
-  }
-
-  /* require a forward-secret cipher */
-  c = SSL_get_current_cipher(s);
-  if (!c ||
-      (c->algorithm_mkey != SSL_kEDH && c->algorithm_mkey != SSL_kEECDH)) {
-    return 0;
-  }
-
-  return 1;
+  /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or
+   * NPN. */
+  return !SSL_IS_DTLS(s) &&
+      SSL_version(s) >= TLS1_2_VERSION &&
+      (s->s3->alpn_selected || s->s3->next_proto_neg_seen) &&
+      cipher != NULL &&
+      (cipher->algorithm_mkey == SSL_kEDH ||
+       cipher->algorithm_mkey == SSL_kEECDH) &&
+      (cipher->algorithm_enc == SSL_AES128GCM ||
+       cipher->algorithm_enc == SSL_AES256GCM ||
+       cipher->algorithm_enc == SSL_CHACHA20POLY1305);
 }

 const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) {
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -1742,6 +1742,8 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol)
 			expectedNextProtoType: npn,
 		})

+		// TODO(davidben): Add tests for when False Start doesn't trigger.
+
 		// Client does False Start and negotiates NPN.
 		testCases = append(testCases, testCase{
 			protocol: protocol,