diff --git a/tests/pems/gen_self_signed_cert.sh b/tests/pems/gen_self_signed_cert.sh index 058934644b3..5bc4e3e7046 100755 --- a/tests/pems/gen_self_signed_cert.sh +++ b/tests/pems/gen_self_signed_cert.sh @@ -139,7 +139,7 @@ if [ "$KEY_TYPE" == "rsa" ]; then openssl req -x509 -config "$cert_conf_path" -newkey rsa:${RSA_KEY_SIZE} -${HASH_ALG} -nodes -keyout ${PREFIX}rsa_key.pem -out ${PREFIX}rsa_cert.pem -days 36500 elif [ "$KEY_TYPE" == "ecdsa" ]; then openssl ecparam -out "${PREFIX}ecdsa_key.pem" -name "$CURVE_NAME" -genkey - openssl req -new -config "$cert_conf_path" -days 36500 -nodes -x509 -key "${PREFIX}ecdsa_key.pem" -out "${PREFIX}ecdsa_cert.pem" + openssl req -new -config "$cert_conf_path" -${HASH_ALG} -days 36500 -nodes -x509 -key "${PREFIX}ecdsa_key.pem" -out "${PREFIX}ecdsa_cert.pem" else echo "Incorrect key-type: $KEY_TYPE" usage ; diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c index d310c2b4bd6..7545162efc1 100644 --- a/tests/unit/s2n_security_policies_test.c +++ b/tests/unit/s2n_security_policies_test.c @@ -105,6 +105,9 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&ecdsa_chain_and_key, S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN, S2N_DEFAULT_ECDSA_TEST_PRIVATE_KEY)); + DEFER_CLEANUP(struct s2n_cert_chain_and_key *ecdsa_sha384_chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); + EXPECT_SUCCESS(s2n_test_cert_permutation_load_server_chain(&ecdsa_sha384_chain_and_key, "ec", "ecdsa", "p384", "sha384")); + DEFER_CLEANUP(struct s2n_cert_chain_and_key *rsa_pss_chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); if (s2n_is_rsa_pss_certs_supported()) { EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&rsa_pss_chain_and_key, @@ -1019,6 +1022,28 @@ int main(int argc, char **argv) "test_all_tls13", ecdsa_chain_and_key), S2N_ERR_CIPHER_NOT_SUPPORTED); }; + + /* We know of customers that expect to move between the policies in + * this section without multi-phased rollouts, so avoid inadvertant + * breakage by verifying compatibility. + */ + if (s2n_is_tls13_fully_supported()) { + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_rfc9151, "default_tls13", ecdsa_sha384_chain_and_key)); + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_rfc9151, "default_fips", ecdsa_sha384_chain_and_key)); + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_rfc9151, "20250211", ecdsa_sha384_chain_and_key)); + + /* default_tls13 is currently 20240503 */ + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20240503, "rfc9151", ecdsa_sha384_chain_and_key)); + /* default_fips is currently 20240502 */ + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20240502, "rfc9151", ecdsa_sha384_chain_and_key)); + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20250211, "rfc9151", ecdsa_sha384_chain_and_key)); + + /* default_tls13 > 20250211 + * note this does not require a sha384 key. + */ + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20240503, "20250211", ecdsa_chain_and_key)); + EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20240503, "default_tls13", ecdsa_chain_and_key)); + }; }; /* Sanity check that changes to default security policies are not completely diff --git a/tls/s2n_cipher_preferences.c b/tls/s2n_cipher_preferences.c index 13d7bcd8a21..307eaffa0de 100644 --- a/tls/s2n_cipher_preferences.c +++ b/tls/s2n_cipher_preferences.c @@ -2180,4 +2180,15 @@ const struct s2n_cipher_preferences cipher_preferences_rfc9151 = { .allow_chacha20_boosting = false, }; +struct s2n_cipher_suite *cipher_suites_20250211[] = { + /* TLS1.3 */ + &s2n_tls13_aes_256_gcm_sha384, +}; + +const struct s2n_cipher_preferences cipher_preferences_20250211 = { + .count = s2n_array_len(cipher_suites_20250211), + .suites = cipher_suites_20250211, + .allow_chacha20_boosting = false, +}; + /* clang-format on */ diff --git a/tls/s2n_cipher_preferences.h b/tls/s2n_cipher_preferences.h index 132b52052b8..4d200f81062 100644 --- a/tls/s2n_cipher_preferences.h +++ b/tls/s2n_cipher_preferences.h @@ -62,6 +62,7 @@ extern const struct s2n_cipher_preferences cipher_preferences_20240603; extern const struct s2n_cipher_preferences cipher_preferences_20241008; extern const struct s2n_cipher_preferences cipher_preferences_20241008_gcm; extern const struct s2n_cipher_preferences cipher_preferences_20241009; +extern const struct s2n_cipher_preferences cipher_preferences_20250211; extern const struct s2n_cipher_preferences cipher_preferences_default_fips; diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c index edb0f7868a5..28e6f297475 100644 --- a/tls/s2n_security_policies.c +++ b/tls/s2n_security_policies.c @@ -1131,6 +1131,25 @@ const struct s2n_security_policy security_policy_rfc9151 = { .certificate_preferences_apply_locally = true, }; +/* + * This security policy is a mix of default_tls13 (20240503) and rfc9151, with + * a primary requirement that AES-256 is the ciphersuite chosen. Other + * requirements are generally picked to raise minimum thresholds (e.g., + * requiring TLS 1.3) where possible without losing compatibility with modern + * default_tls13 clients or servers. + */ +const struct s2n_security_policy security_policy_20250211 = { + .minimum_protocol_version = S2N_TLS13, + .cipher_preferences = &cipher_preferences_20250211, + .kem_preferences = &kem_preferences_null, + .signature_preferences = &s2n_signature_preferences_rfc9151, + .certificate_signature_preferences = &s2n_certificate_signature_preferences_20201110, + .ecc_preferences = &s2n_ecc_preferences_20210816, + .rules = { + [S2N_PERFECT_FORWARD_SECRECY] = true, + }, +}; + const struct s2n_security_policy security_policy_test_all = { .minimum_protocol_version = S2N_SSLv3, .cipher_preferences = &cipher_preferences_test_all, @@ -1331,6 +1350,7 @@ struct s2n_security_policy_selection security_policy_selection[] = { { .version = "20210816", .security_policy = &security_policy_20210816, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20210816_GCM", .security_policy = &security_policy_20210816_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "20240603", .security_policy = &security_policy_20240603, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, + { .version = "20250211", .security_policy = &security_policy_20250211, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "rfc9151", .security_policy = &security_policy_rfc9151, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "test_all", .security_policy = &security_policy_test_all, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, { .version = "test_all_fips", .security_policy = &security_policy_test_all_fips, .ecc_extension_required = 0, .pq_kem_extension_required = 0 }, diff --git a/tls/s2n_security_policies.h b/tls/s2n_security_policies.h index 762c15fdca8..095353aa22e 100644 --- a/tls/s2n_security_policies.h +++ b/tls/s2n_security_policies.h @@ -129,6 +129,7 @@ extern const struct s2n_security_policy security_policy_20240603; extern const struct s2n_security_policy security_policy_20240730; extern const struct s2n_security_policy security_policy_20241001; extern const struct s2n_security_policy security_policy_20241001_pq_mixed; +extern const struct s2n_security_policy security_policy_20250211; extern const struct s2n_security_policy security_policy_rfc9151; extern const struct s2n_security_policy security_policy_test_all;