Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor TLS 1.3 cipher selection and fix SSL_get_ciphers #2092

Open
wants to merge 38 commits into
base: main
Choose a base branch
from
+558 −125
Open

Refactor TLS 1.3 cipher selection and fix SSL_get_ciphers #2092

Show file tree
Hide file tree
Changes from 36 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
bc7b951
combine the two cipher lists
smittals2 Dec 26, 2024
e80cb6e
defining default TLS 1.3 ciphersuites
smittals2 Dec 26, 2024
c49f32d
configure TLS 1.3 ciphersuites by default
smittals2 Dec 26, 2024
bfb369f
remove default TLS 13 ciphersuites macro
smittals2 Dec 27, 2024
ef0f455
fix update function for ctx->cipher_list
smittals2 Dec 27, 2024
aacb978
remove default tls13_cipher_list coonfiguirating in SSL_CTX
smittals2 Dec 27, 2024
b6f297b
testing for new SSL_Get_ciphers functionality
smittals2 Dec 27, 2024
749513a
configure TLS 1.3 ciphersuites by default
smittals2 Jan 2, 2025
1e818d5
modified existing tests to work with TLS 1.3 configured by default
smittals2 Jan 2, 2025
425e9a5
documentation update
smittals2 Jan 2, 2025
656b710
fixed logic for configuring in_group_flags
smittals2 Jan 2, 2025
2622e1e
changed TLS 1.3 ciphersuite ordering
smittals2 Jan 2, 2025
fe430f4
Merge branch 'main' into get_ciphers
smittals2 Jan 2, 2025
72603cc
add differentiation for AES HW acceleration when ordering ciphers for…
Jan 6, 2025
eb28574
use const
smittals2 Jan 6, 2025
5fcdd4a
remove old include
smittals2 Jan 6, 2025
d4e5047
clean up comments
smittals2 Jan 6, 2025
6707995
removing hardcoded tls1.3 logic pt1
smittals2 Jan 9, 2025
ff11f99
moved default tls1.3 ciphersuite preferences to internal header
smittals2 Jan 9, 2025
849bf37
cleaning up pt2
smittals2 Jan 9, 2025
3f467ff
fixing conditionals in collecting ciphers
smittals2 Jan 9, 2025
dbbd45c
changed cipherlist condition
smittals2 Jan 16, 2025
94d2189
minor pr comments
smittals2 Jan 16, 2025
7669f46
changed tls 1.3 cipher order
smittals2 Jan 16, 2025
fc0c20c
revert sorting order
smittals2 Jan 16, 2025
9ee29c8
new test for tls 1.3
smittals2 Jan 17, 2025
e38bfa3
modified ssl->config to hold tls 1.3 ciphersuite state
smittals2 Jan 21, 2025
dbd660a
revert default TLS 1.2 ciphersuites
smittals2 Jan 21, 2025
272ef8f
change uniqptr init
smittals2 Jan 21, 2025
0991f2f
minor edits to logic
smittals2 Jan 22, 2025
0d7b302
fixed test
smittals2 Jan 22, 2025
2c809d3
set Tls 1.3 ciphersuites explicitly
smittals2 Jan 22, 2025
7798ef6
Merge branch 'main' into get_ciphers
smittals2 Jan 22, 2025
8442723
changed SSLCipherPreferenceList initialization
smittals2 Jan 23, 2025
ae84e27
change server side cipher selection logic
smittals2 Jan 23, 2025
0e66ad6
added config/ctx testing
smittals2 Jan 23, 2025
a755968
indentation and documentation
smittals2 Jan 24, 2025
2c6d018
pr comments
smittals2 Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions include/openssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1690,10 +1690,9 @@ OPENSSL_EXPORT size_t SSL_get_all_standard_cipher_names(const char **out,
// Once an equal-preference group is used, future directives must be
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update SSL_get_ciphers documentation to note it returns all ciphers 1.2 and 1.3

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current documentation covers this case ("cipher list for |ssl|") but I'll make it more explicit. We just weren't living up to this contract initially.

// opcode-less. Inside an equal-preference group, spaces are not allowed.
//
// TLS 1.3 ciphers do not participate in this mechanism and instead have a
// built-in preference order. Functions to set cipher lists do not affect TLS
// 1.3, and functions to query the cipher list do not include TLS 1.3
// ciphers.
// Note: TLS 1.3 ciphersuites are only configurable via
// |SSL_CTX_set_ciphersuites| or |SSL_set_ciphersuites|. Other setter functions have
// no impact on TLS 1.3 ciphersuites.
Comment on lines +1693 to +1695
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have tests that attempt to set 1.3 ciphers and ensure they are rejected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean use the TLS 1.2 setter functions to set TLS 1.3 ciphers? If so yes you get a no cipher match error.


// SSL_DEFAULT_CIPHER_LIST is the default cipher suite configuration. It is
// substituted when a cipher string starts with 'DEFAULT'.
Expand Down
41 changes: 12 additions & 29 deletions ssl/handshake_client.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,7 @@ static bool collect_cipher_protocol_ids(STACK_OF(SSL_CIPHER) *ciphers,
CBB *cbb, uint32_t mask_k, uint32_t mask_a, uint16_t max_version,
uint16_t min_version, bool *any_enabled) {
*any_enabled = false;

for (const SSL_CIPHER *cipher : ciphers) {
// Skip disabled ciphers
if ((cipher->algorithm_mkey & mask_k) ||
Expand Down Expand Up @@ -259,49 +260,31 @@ static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out,
return false;
}

// Add TLS 1.3 ciphers.
if (hs->max_version >= TLS1_3_VERSION && ssl->ctx->tls13_cipher_list) {
// Use the configured TLSv1.3 ciphers list.
STACK_OF(SSL_CIPHER) *ciphers = ssl->ctx->tls13_cipher_list->ciphers.get();
// Add all ciphers unless TLS 1.3 only connection
if (hs->min_version < TLS1_3_VERSION && type != ssl_client_hello_inner) {
andrewhop marked this conversation as resolved.
Show resolved Hide resolved
bool any_enabled = false;
if (!collect_cipher_protocol_ids(ciphers, &child, mask_k,
if (!collect_cipher_protocol_ids(SSL_get_ciphers(ssl), &child, mask_k,
mask_a, hs->max_version, hs->min_version, &any_enabled)) {
return false;
Comment on lines +266 to 268
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double checking my understanding: this is in an if/else block so only hs->min_version < TLS1_3_VERSION or hs->max_version >= TLS1_3_VERSION will run. If min is less than 1.3 we want to add both, and SSL_get_ciphers returns both?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes if min is less than 1.3, we want to add min to max (where max could also be anything). We pass this in to collect_cipher_protocol_ids.

SSL_get_ciphers will return the SSL level (if configured) and otherwise SSL_CTX main cipher list which now holds all ciphersuites.

}

// If all ciphers were disabled, return the error to the caller.
if (!any_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHERS_AVAILABLE);
return false;
}
} else if (hs->max_version >= TLS1_3_VERSION) {
// Use the built in TLSv1.3 ciphers. Order ChaCha20-Poly1305 relative to
// AES-GCM based on hardware support.
const bool has_aes_hw = ssl->config->aes_hw_override
? ssl->config->aes_hw_override_value
: EVP_has_aes_hardware();

if (!has_aes_hw &&
!CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
return false;
}
if (!CBB_add_u16(&child, TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff) ||
!CBB_add_u16(&child, TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff)) {
return false;
}
if (has_aes_hw &&
!CBB_add_u16(&child, TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
return false;
}
}

if (hs->min_version < TLS1_3_VERSION && type != ssl_client_hello_inner) {
} else if (hs->max_version >= TLS1_3_VERSION && ssl->ctx->tls13_cipher_list) {
// Only TLS 1.3 ciphers
STACK_OF(SSL_CIPHER) *ciphers = ssl->ctx->tls13_cipher_list->ciphers.get();
bool any_enabled = false;
if (!collect_cipher_protocol_ids(SSL_get_ciphers(ssl), &child, mask_k,

if (!collect_cipher_protocol_ids(ciphers, &child, mask_k,
mask_a, hs->max_version, hs->min_version, &any_enabled)) {
return false;
}
Comment on lines +282 to 286
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you filtering the TLS 1.3 ciphers again here? From line 276 we already know we want 1.3 ciphers and tls13_cipher_list only has 1.3 ciphers in it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually can these two blocks be combined into a single flow:

  1. Call SSL_get_ciphers to get all 1.2 and 1.3 ciphers
  2. Filter that based on min/max
  3. Write that to the CBB

Copy link
Contributor Author

@smittals2 smittals2 Jan 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cannot combine the two blocks. Different cases for ECH (discussed offline)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree you can't combine the two blocks into one shared block, but I'm still curious about the filtering, can this just use ciphers from up above which only includes 1.3 ciphers?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you saying use the same SSL_get_ciphers call below as well?

The reason we can't do this is if you are a ECH ClientHelloInner, and you support TLS versions less than 1.3, by RFC we still only send TLS 1.3 ciphersuites. Since collect_ciphers takes min max version from the handshake, using the above ciphers var would erroneously pull in TLS 1.2 and below ciphersuites. Therefore, we specifically pass in only the tls13_ciphersuites in the else block


// If all ciphers were disabled, return the error to the caller.
if (!any_enabled && hs->max_version < TLS1_3_VERSION) {
if (!any_enabled) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHERS_AVAILABLE);
return false;
}
Expand Down
30 changes: 25 additions & 5 deletions ssl/internal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -715,6 +715,9 @@ const EVP_MD *ssl_get_handshake_digest(uint16_t version,
// rejected. If false, nonsense will be silently ignored. If |config_tls13| is
// true, only TLS 1.3 ciphers are considered in |ssl_cipher_collect_ciphers|. If
// false, TLS 1.2 and below ciphers participate in |ssl_cipher_collect_ciphers|.
// In every invocation, |ctx->cipher_list| is updated with any user-configured
// or default TLS 1.3 cipher suites in |ctx->tls13_cipher_list|.
//
// An empty result is considered an error regardless of |strict| or
// |config_tls13|. |has_aes_hw| indicates if the list should be ordered based on
// having support for AES in hardware or not.
Expand Down Expand Up @@ -2371,6 +2374,8 @@ bool ssl_write_client_hello_without_extensions(const SSL_HANDSHAKE *hs,
ssl_client_hello_type_t type,
bool empty_session_id);

int update_cipher_list(UniquePtr<SSLCipherPreferenceList> &dst, UniquePtr<SSLCipherPreferenceList> &ciphers, UniquePtr<SSLCipherPreferenceList> &tls13_ciphers);

// ssl_add_client_hello constructs a ClientHello and adds it to the outgoing
// flight. It returns true on success and false on error.
bool ssl_add_client_hello(SSL_HANDSHAKE *hs);
Expand Down Expand Up @@ -3244,9 +3249,12 @@ struct SSL_CONFIG {

X509_VERIFY_PARAM *param = nullptr;

// crypto
// All ciphersuites
UniquePtr<SSLCipherPreferenceList> cipher_list;

// TLS 1.3 specific ciphersuites
UniquePtr<SSLCipherPreferenceList> tls13_cipher_list;

// This is used to hold the local certificate used (i.e. the server
// certificate for a server or the client certificate for a client).
UniquePtr<CERT> cert;
Expand Down Expand Up @@ -3721,6 +3729,18 @@ struct ssl_method_st {
const bssl::SSL_X509_METHOD *x509_method;
};

// TLS13_DEFAULT_CIPHER_LIST_AES_HW is the default TLS 1.3 cipher suite
// configuration when AES hardware acceleration is enabled.
#define TLS13_DEFAULT_CIPHER_LIST_AES_HW "TLS_AES_128_GCM_SHA256:" \
"TLS_AES_256_GCM_SHA384:" \
"TLS_CHACHA20_POLY1305_SHA256"

// TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW is the default TLS 1.3 cipher suite
// configuration when no AES hardware acceleration is enabled.
#define TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW "TLS_CHACHA20_POLY1305_SHA256:" \
"TLS_AES_128_GCM_SHA256:" \
"TLS_AES_256_GCM_SHA384"

#define MIN_SAFE_FRAGMENT_SIZE 512
struct ssl_ctx_st : public bssl::RefCounted<ssl_ctx_st> {
explicit ssl_ctx_st(const SSL_METHOD *ssl_method);
Expand Down Expand Up @@ -3754,12 +3774,12 @@ struct ssl_ctx_st : public bssl::RefCounted<ssl_ctx_st> {
// quic_method is the method table corresponding to the QUIC hooks.
const SSL_QUIC_METHOD *quic_method = nullptr;

// Currently, cipher_list holds the tls1.2 and below ciphersuites.
// TODO: move |tls13_cipher_list| to |cipher_list| during cipher
// configuration.
// cipher_list holds all available cipher suites for tls 1.3,
// and 1.2 and below
bssl::UniquePtr<bssl::SSLCipherPreferenceList> cipher_list;

// tls13_cipher_list holds the tls1.3 and above ciphersuites.
// tls13_cipher_list holds the default or configured tls1.3 and above
// cipher suites.
bssl::UniquePtr<bssl::SSLCipherPreferenceList> tls13_cipher_list;

X509_STORE *cert_store = nullptr;
Expand Down
80 changes: 80 additions & 0 deletions ssl/ssl_cipher.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1234,6 +1234,86 @@ static bool is_known_default_alias_keyword_filter_rule(const char *rule,
return false;
}

// update_cipher_list updates |ctx->cipher_list| by:
smittals2 marked this conversation as resolved.
Show resolved Hide resolved
// 1. Removing any existing TLS 1.3 ciphersuites
// 2. Adding configured ciphersuites from |ctx->tls13_cipher_list|
// 3. Configuring a new |ctx->cipher_list->in_group_flags|
// This function maintains the ordering of ciphersuites and places TLS 1.3
// ciphersuites at the front of the list.
smittals2 marked this conversation as resolved.
Show resolved Hide resolved
// Returns one on success and zero on failure.
int update_cipher_list(UniquePtr<SSLCipherPreferenceList> &dst, UniquePtr<SSLCipherPreferenceList> &ciphers, UniquePtr<SSLCipherPreferenceList> &tls13_ciphers) {
bssl::UniquePtr<STACK_OF(SSL_CIPHER)> tmp_cipher_list;
int num_removed_tls13_ciphers = 0, num_added_tls13_ciphers = 0;
Array<bool> updated_in_group_flags;

if (ciphers && ciphers->ciphers) {
tmp_cipher_list.reset(sk_SSL_CIPHER_dup(ciphers->ciphers.get()));
} else {
tmp_cipher_list.reset(sk_SSL_CIPHER_new_null());
}

if (tmp_cipher_list == NULL) {
smittals2 marked this conversation as resolved.
Show resolved Hide resolved
return 0;
}

// Delete any existing TLSv1.3 ciphersuites. These will be first in the list
smittals2 marked this conversation as resolved.
Show resolved Hide resolved
while (sk_SSL_CIPHER_num(tmp_cipher_list.get()) > 0 &&
SSL_CIPHER_get_min_version(sk_SSL_CIPHER_value(tmp_cipher_list.get(), 0))
== TLS1_3_VERSION) {
sk_SSL_CIPHER_delete(tmp_cipher_list.get(), 0);
num_removed_tls13_ciphers++;
}

int num_updated_tls12_ciphers = sk_SSL_CIPHER_num(tmp_cipher_list.get());

if (tls13_ciphers && tls13_ciphers->ciphers) {
STACK_OF(SSL_CIPHER) *tls13_cipher_stack = tls13_ciphers->ciphers.get();
num_added_tls13_ciphers = sk_SSL_CIPHER_num(tls13_cipher_stack);
for (int i = sk_SSL_CIPHER_num(tls13_cipher_stack) - 1; i >= 0; i--) {
const SSL_CIPHER *tls13_cipher = sk_SSL_CIPHER_value(tls13_cipher_stack, i);
if (!sk_SSL_CIPHER_unshift(tmp_cipher_list.get(), tls13_cipher)) {
return 0;
}
}
}


if (!updated_in_group_flags.Init(num_added_tls13_ciphers + num_updated_tls12_ciphers)) {
return 0;
}
std::fill(updated_in_group_flags.begin(), updated_in_group_flags.end(), false);

// Copy in_group_flags from |ctx->tls13_cipher_list|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does in_group_flags do?

Copy link
Contributor Author

@smittals2 smittals2 Jan 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/aws/aws-lc/blob/81f138a0632151e24ecbf3e0b08c37d6f82f57ed/ssl/internal.h#L648C1-L677C8

if (tls13_ciphers && tls13_ciphers->in_group_flags) {
const auto& tls13_flags = tls13_ciphers->in_group_flags;
// Ensure value of last element in |in_group_flags| is 0. The last cipher
// in a list must be the end of any group in that list.
if (tls13_flags[num_added_tls13_ciphers - 1] != 0) {
tls13_flags[num_added_tls13_ciphers - 1] = false;
}
Comment on lines +1287 to +1291
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this fail here instead? If this happens does that mean something happened up above and the wrong number of things got added?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can a group include a 1.3 and 1.2 cipher suite?

Copy link
Contributor Author

@smittals2 smittals2 Jan 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, you can only group ciphersuites within the same TLS version

for (int i = 0; i < num_added_tls13_ciphers; i++) {
updated_in_group_flags[i] = tls13_flags[i];
}
}

// Copy remaining in_group_flags from |ctx->cipher_list|
if (ciphers && ciphers->in_group_flags) {
for (int i = 0; i < num_updated_tls12_ciphers; i++) {
updated_in_group_flags[i + num_added_tls13_ciphers] =
ciphers->in_group_flags[i + num_removed_tls13_ciphers];
}
}

Span<const bool> flags_span(updated_in_group_flags.data(), updated_in_group_flags.size());
UniquePtr<SSLCipherPreferenceList> new_list = MakeUnique<SSLCipherPreferenceList>();
if (!new_list || !new_list->Init(std::move(tmp_cipher_list), flags_span)) {
return 0;
}

dst = std::move(new_list);
return 1;
}

bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
const bool has_aes_hw, const char *rule_str,
bool strict, bool config_tls13) {
Expand Down
73 changes: 58 additions & 15 deletions ssl/ssl_lib.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -586,7 +586,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
return nullptr;
}

if (!SSL_CTX_set_strict_cipher_list(ret.get(), SSL_DEFAULT_CIPHER_LIST) ||
const bool has_aes_hw = EVP_has_aes_hardware();
const char *cipher_rule;
if (has_aes_hw) {
cipher_rule = TLS13_DEFAULT_CIPHER_LIST_AES_HW;
} else {
cipher_rule = TLS13_DEFAULT_CIPHER_LIST_NO_AES_HW;
}

if (!SSL_CTX_set_ciphersuites(ret.get(), cipher_rule) ||
!SSL_CTX_set_strict_cipher_list(ret.get(), SSL_DEFAULT_CIPHER_LIST) ||
smittals2 marked this conversation as resolved.
Show resolved Hide resolved
// Lock the SSL_CTX to the specified version, for compatibility with
// legacy uses of SSL_METHOD.
!SSL_CTX_set_max_proto_version(ret.get(), method->version) ||
Expand Down Expand Up @@ -2178,17 +2187,25 @@ const char *SSL_get_cipher_list(const SSL *ssl, int n) {
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
const bool has_aes_hw = ctx->aes_hw_override ? ctx->aes_hw_override_value
: EVP_has_aes_hardware();
return ssl_create_cipher_list(&ctx->cipher_list, has_aes_hw, str,
if (!ssl_create_cipher_list(&ctx->cipher_list, has_aes_hw, str,
false /* not strict */,
false /* don't configure TLSv1.3 ciphers */);
false /* don't configure TLSv1.3 ciphers */)) {
return 0;
}

return update_cipher_list(ctx->cipher_list, ctx->cipher_list, ctx->tls13_cipher_list);
Comment on lines +2188 to +2194
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just pass the 1.3 ciphers to ssl_create_cipher_list and have it put them at the beginning automatically?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same ssl_create_cipher_list function is used to create tls13_cipher_lists and the main cipher_list. Therefore, I have chosen to do update's separately to properly distinguish what is being set.

}

int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) {
const bool has_aes_hw = ctx->aes_hw_override ? ctx->aes_hw_override_value
: EVP_has_aes_hardware();
return ssl_create_cipher_list(&ctx->cipher_list, has_aes_hw, str,
if (!ssl_create_cipher_list(&ctx->cipher_list, has_aes_hw, str,
true /* strict */,
false /* don't configure TLSv1.3 ciphers */);
false /* don't configure TLSv1.3 ciphers */)) {
return 0;
}

return update_cipher_list(ctx->cipher_list, ctx->cipher_list, ctx->tls13_cipher_list);
}

int SSL_set_cipher_list(SSL *ssl, const char *str) {
Expand All @@ -2198,17 +2215,29 @@ int SSL_set_cipher_list(SSL *ssl, const char *str) {
const bool has_aes_hw = ssl->config->aes_hw_override
? ssl->config->aes_hw_override_value
: EVP_has_aes_hardware();
return ssl_create_cipher_list(&ssl->config->cipher_list, has_aes_hw, str,
if (!ssl_create_cipher_list(&ssl->config->cipher_list, has_aes_hw, str,
false /* not strict */,
false /* don't configure TLSv1.3 ciphers */);
false /* don't configure TLSv1.3 ciphers */)) {
return 0;
}

UniquePtr<SSLCipherPreferenceList> &tls13_ciphers = ssl->config->tls13_cipher_list ? ssl->config->tls13_cipher_list :
ssl->ctx->tls13_cipher_list;

return update_cipher_list(ssl->config->cipher_list, ssl->config->cipher_list, tls13_ciphers);
}

int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) {
const bool has_aes_hw = ctx->aes_hw_override ? ctx->aes_hw_override_value
: EVP_has_aes_hardware();
return ssl_create_cipher_list(&ctx->tls13_cipher_list, has_aes_hw, str,

if (!ssl_create_cipher_list(&ctx->tls13_cipher_list, has_aes_hw, str,
false /* not strict */,
true /* only configure TLSv1.3 ciphers */);
true /* only configure TLSv1.3 ciphers */)) {
return 0;
}

return update_cipher_list(ctx->cipher_list, ctx->cipher_list, ctx->tls13_cipher_list);
}

int SSL_set_ciphersuites(SSL *ssl, const char *str) {
Expand All @@ -2218,9 +2247,16 @@ int SSL_set_ciphersuites(SSL *ssl, const char *str) {
const bool has_aes_hw = ssl->config->aes_hw_override
? ssl->config->aes_hw_override_value
: EVP_has_aes_hardware();
return ssl_create_cipher_list(&ssl->config->cipher_list, has_aes_hw, str,
false /* not strict */,
true /* configure TLSv1.3 ciphers */);
if (!ssl_create_cipher_list(&ssl->config->tls13_cipher_list,
has_aes_hw, str, false /* not strict */,
true /* configure TLSv1.3 ciphers */)) {
return 0;
}

UniquePtr<SSLCipherPreferenceList> &ciphers = ssl->config->cipher_list ? ssl->config->cipher_list :
ssl->ctx->cipher_list;

return update_cipher_list(ssl->config->cipher_list, ciphers, ssl->config->tls13_cipher_list);
}

int SSL_set_strict_cipher_list(SSL *ssl, const char *str) {
Expand All @@ -2230,9 +2266,16 @@ int SSL_set_strict_cipher_list(SSL *ssl, const char *str) {
const bool has_aes_hw = ssl->config->aes_hw_override
? ssl->config->aes_hw_override_value
: EVP_has_aes_hardware();
return ssl_create_cipher_list(&ssl->config->cipher_list, has_aes_hw, str,
true /* strict */,
false /* don't configure TLSv1.3 ciphers */);
if (!ssl_create_cipher_list(&ssl->config->cipher_list,
has_aes_hw, str, true /* strict */,
false /* don't configure TLSv1.3 ciphers */)) {
return 0;
}

UniquePtr<SSLCipherPreferenceList> &tls13_ciphers = ssl->config->tls13_cipher_list ? ssl->config->tls13_cipher_list :
ssl->ctx->tls13_cipher_list;

return update_cipher_list(ssl->config->cipher_list, ssl->config->cipher_list, tls13_ciphers);
}

const char *SSL_get_servername(const SSL *ssl, const int type) {
Expand Down
Loading
Loading