Open dcooper16 opened 5 years ago
drwetter
commented
5 years ago Thanks, David for keeping an eye on it!
Will look into it next week. At least some ciphers need to be added to $ossl_strong_ciphers in run_cipherlists(), and in the preference check. Also it might be worth a try to find out whether there's an OpenSSL name yet,
Cheers, Dirk
dcooper16
commented
5 years ago Hi Dirk,
I hadn't thought about adding the ciphers to run_cipherlists() and other changes like that.
The changes I was thinking about were, for example, that in order to test for RFC 8492 ciphers it seems that the ClientHello needs to include a pwd_name extension and possibly a key_share extension. It may be okay that we don't know a valid user name, as the document recommends returning a ServerHello in response to an unknown name rather than terminating the connection (which would provide a way for an attacker to learn whether a user name is valid or not).
The draft-camwinget-tls-ts13-macciphersuites will require modifications to the code to "decrypt" the Server's response, but that should be very easy, since the data is not actually encrypted.
drwetter
commented
5 years ago Hi David, I haven't even clicked any link yet ;-)
dcooper16
commented
5 years ago In addition to the new cipher suites mentioned above, below are some more code points that have recently been registered:
TLS Supported Groups
| Value | Description | Reference | |
|---|---|---|---|
| 31 | brainpoolP256r1 | [draft-bruckert-brainpool-for-tls13] | |
| 32 | brainpoolP384r1 | [draft-bruckert-brainpool-for-tls13] | |
| 33 | brainpoolP512r1 | [draft-bruckert-brainpool-for-tls13] | |
| 34 | GC256A | [draft-smyshlyaev-tls12-gost-suites] | |
| 35 | GC256B | [draft-smyshlyaev-tls12-gost-suites] | |
| 36 | GC256C | [draft-smyshlyaev-tls12-gost-suites] | |
| 37 | GC256D | [draft-smyshlyaev-tls12-gost-suites] | |
| 38 | GC512A | [draft-smyshlyaev-tls12-gost-suites] | |
| 39 | GC512B | [draft-smyshlyaev-tls12-gost-suites] | |
| 40 | GC512C | [draft-smyshlyaev-tls12-gost-suites] |
TLS SignatureAlgorithm (for TLSv1.2 and earlier)
| Value | Description | Reference |
|---|---|---|
| 64 | gostr34102012_256 | [draft-smyshlyaev-tls12-gost-suites] |
| 65 | gostr34102012_512 | [draft-smyshlyaev-tls12-gost-suites] |
TLS SignatureScheme (for TLSv1.3)
| Value | Description | Reference |
|---|---|---|
| 0x081A | ecdsa_brainpoolP256r1_sha256 | [draft-bruckert-brainpool-for-tls13] |
| 0x081B | ecdsa_brainpoolP384r1_sha384 | [draft-bruckert-brainpool-for-tls13] |
| 0x081C | ecdsa_brainpoolP512r1_sha512 | [draft-bruckert-brainpool-for-tls13] |
drwetter
commented
5 years ago Thanks!
maybe we should watch the page (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml) with a cronjob or the CSV files...
dcooper16
commented
3 years ago Just to update this issue:
drwetter
commented
3 years ago Hi David,
thanks!
Would there be a negative impact if we add some of the values to our respective files? (draft: can't tell whether it's a good idea or we'd rather wait. --> you can tell better I guess)
Cheers,. Dirk
dcooper16
commented
3 years ago Hi Dirk,
Just adding these values to files such as etc/cipher-mapping.txt probably wouldn't cause any problems, but I'm not sure. There is code in testssl.sh that would eventually need to be updated. For example, there is code in testssl.sh that assumes a cipher suite is a TLSv1.3 cipher suite if and only if its code point begins with 13.
So, for the moment I would suggest waiting.
It appears that two authentication-only cipher suites have been defined for TLSv1.3 (see https://mailarchive.ietf.org/arch/msg/tls/0oy4wY4xiB1tASCBDWczh2xTVMM).
In looking at the TLS Cipher Suites registry, I noticed a number of recently-added cipher suites that are not yet in etc/cipher-mapping.txt:
I haven't had a chance to review these documents, so I don't know what would be involved in adding support for them to testssl.sh. For some of them it may be enough to just add the values for etc/cipher-mapping.txt, but for others at least some additional work would be required.