TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6fb0f745be1a8fae991400bf2ade7dd44b57598d^! / . / library / ssl_ciphersuites.c
commit6fb0f745be1a8fae991400bf2ade7dd44b57598d[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Oct 25 17:08:15 2013 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Oct 25 17:08:15 2013 +0200
tree27928858073606ed4309e774c2ef8c51e697bb6d
parent8d01eea7af2a28259140a9a4476f1020015a1fab [diff] [blame]
Rank GCM before CBC in ciphersuite_preference

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 0409001..a582444 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c

@@ -40,48 +40,57 @@
 
 /*
  * Ordered from most preferred to least preferred in terms of security.
+ *
+ * Current rule (except weak and null which come last):
+ * 1. By key exchange:
+ *    Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
+ * 2. By key length and cipher:
+ *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES > RC4
+ * 3. By cipher mode when relevant GCM > CBC
+ * 4. By hash function used
+ * 5. By key exchange/auth again: EC > non-EC
  */
 static const int ciphersuite_preference[] =
 {
     /* All AES-256 ephemeral suites */
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 
     /* All CAMELLIA-256 ephemeral suites */
+    TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+    TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
     TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
     TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-    TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
 
     /* All AES-128 ephemeral suites */
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 
     /* All CAMELLIA-128 ephemeral suites */
+    TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+    TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
     TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-    TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-    TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
 
     /* All remaining >= 128-bit ephemeral suites */
     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
@@ -91,46 +100,48 @@
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 
     /* The PSK ephemeral suites */
-    TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-    TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-    TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-    TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    TLS_ECDHE_PSK_WITH_RC4_128_SHA,
-    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
-    TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
     TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
-    TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+    TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
+    TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+    TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
     TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
-    TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+    TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
     TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
-    TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+    TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
     TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+    TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+    TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
+    TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDHE_PSK_WITH_RC4_128_SHA,
     TLS_DHE_PSK_WITH_RC4_128_SHA,
 
     /* All AES-256 suites */
-    TLS_RSA_WITH_AES_256_CBC_SHA256,
     TLS_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_RSA_WITH_AES_256_CBC_SHA256,
     TLS_RSA_WITH_AES_256_CBC_SHA,
 
     /* All CAMELLIA-256 suites */
+    TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-    TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
 
     /* All AES-128 suites */
-    TLS_RSA_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_RSA_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_AES_128_CBC_SHA,
 
     /* All CAMELLIA-128 suites */
+    TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-    TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
 
     /* All remaining >= 128-bit suites */
     TLS_RSA_WITH_3DES_EDE_CBC_SHA,
@@ -138,30 +149,34 @@
     TLS_RSA_WITH_RC4_128_MD5,
 
     /* The RSA PSK suites */
+    TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
     TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
     TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
-    TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
-    TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+    TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
+    TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
     TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
     TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
-    TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
-    TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+    TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
     TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_RSA_PSK_WITH_RC4_128_SHA,
 
     /* The PSK suites */
+    TLS_PSK_WITH_AES_256_GCM_SHA384,
     TLS_PSK_WITH_AES_256_CBC_SHA384,
     TLS_PSK_WITH_AES_256_CBC_SHA,
-    TLS_PSK_WITH_AES_256_GCM_SHA384,
-    TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+    TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
+    TLS_PSK_WITH_AES_128_GCM_SHA256,
     TLS_PSK_WITH_AES_128_CBC_SHA256,
     TLS_PSK_WITH_AES_128_CBC_SHA,
-    TLS_PSK_WITH_AES_128_GCM_SHA256,
-    TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+    TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
     TLS_PSK_WITH_3DES_EDE_CBC_SHA,
     TLS_PSK_WITH_RC4_128_SHA,
 
@@ -178,6 +193,7 @@
     TLS_DHE_PSK_WITH_NULL_SHA384,
     TLS_DHE_PSK_WITH_NULL_SHA256,
     TLS_DHE_PSK_WITH_NULL_SHA,
+
     TLS_RSA_WITH_NULL_SHA256,
     TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_WITH_NULL_MD5,