From 195dc78c6e691fdbdc0d7a615deb84dbb0a19879 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 19 Feb 2015 13:27:05 -0500 Subject: [PATCH] Allow False Start only for >= TLS 1.2 && AEAD && forward-secure && ALPN/NPN. Tighten up the requirements for False Start. At this point, neither AES-CBC or RC4 are something that we want to use unless we're sure that the server wants to speak them. Rebase of original CL at: https://boringssl-review.googlesource.com/#/c/1980/ BUG=427721 Change-Id: I9ef7a596edeb8df1ed070aac67c315b94f3cc77f Reviewed-on: https://boringssl-review.googlesource.com/3501 Reviewed-by: Adam Langley --- ssl/ssl_lib.c | 31 ++++++++++++------------------- ssl/test/runner/runner.go | 2 ++ 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index de573303..d070e82d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2893,26 +2893,19 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, } int ssl3_can_false_start(const SSL *s) { - const SSL_CIPHER *c; + const SSL_CIPHER *const cipher = SSL_get_current_cipher(s); - /* require a strong enough cipher */ - if (SSL_get_cipher_bits(s, NULL) < 128) { - return 0; - } - - /* require ALPN or NPN extension */ - if (!s->s3->alpn_selected && !s->s3->next_proto_neg_seen) { - return 0; - } - - /* require a forward-secret cipher */ - c = SSL_get_current_cipher(s); - if (!c || - (c->algorithm_mkey != SSL_kEDH && c->algorithm_mkey != SSL_kEECDH)) { - return 0; - } - - return 1; + /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or + * NPN. */ + return !SSL_IS_DTLS(s) && + SSL_version(s) >= TLS1_2_VERSION && + (s->s3->alpn_selected || s->s3->next_proto_neg_seen) && + cipher != NULL && + (cipher->algorithm_mkey == SSL_kEDH || + cipher->algorithm_mkey == SSL_kEECDH) && + (cipher->algorithm_enc == SSL_AES128GCM || + cipher->algorithm_enc == SSL_AES256GCM || + cipher->algorithm_enc == SSL_CHACHA20POLY1305); } const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ae7e0e2c..8e9a9480 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1742,6 +1742,8 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) expectedNextProtoType: npn, }) + // TODO(davidben): Add tests for when False Start doesn't trigger. + // Client does False Start and negotiates NPN. testCases = append(testCases, testCase{ protocol: protocol,