5
5
* | (__| |_| | _ <| |___
6
6
* \___|\___/|_| \_\_____|
8
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
8
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
10
10
* This software is licensed as described in the file COPYING, which
11
11
* you should have received as part of this distribution. The terms
123
123
{"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
124
124
{"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
125
125
/* AES ciphers. */
126
{"dhe_dss_aes_128_cbc_sha", TLS_DHE_DSS_WITH_AES_128_CBC_SHA},
127
{"dhe_dss_aes_256_cbc_sha", TLS_DHE_DSS_WITH_AES_256_CBC_SHA},
128
{"dhe_rsa_aes_128_cbc_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
129
{"dhe_rsa_aes_256_cbc_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
126
130
{"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
127
131
{"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
128
#ifdef NSS_ENABLE_ECC
129
132
/* ECC ciphers. */
130
133
{"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
131
134
{"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
152
155
{"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
153
156
{"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
154
157
{"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
158
/* following ciphers are new in NSS 3.4 and not enabled by default, therefore
159
they are enabled explicitly */
160
static const int enable_ciphers_by_default[] = {
161
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
162
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
163
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
164
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
165
TLS_RSA_WITH_AES_128_CBC_SHA,
166
TLS_RSA_WITH_AES_256_CBC_SHA,
167
SSL_NULL_WITH_NULL_NULL
158
#ifdef TLS_RSA_WITH_NULL_SHA256
159
/* new HMAC-SHA256 cipher suites specified in RFC */
160
{"rsa_null_sha_256", TLS_RSA_WITH_NULL_SHA256},
161
{"rsa_aes_128_cbc_sha_256", TLS_RSA_WITH_AES_128_CBC_SHA256},
162
{"rsa_aes_256_cbc_sha_256", TLS_RSA_WITH_AES_256_CBC_SHA256},
163
{"dhe_rsa_aes_128_cbc_sha_256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
164
{"dhe_rsa_aes_256_cbc_sha_256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
165
{"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
166
{"ecdhe_rsa_aes_128_cbc_sha_256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
168
#ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
169
/* AES GCM cipher suites in RFC 5288 and RFC 5289 */
170
{"rsa_aes_128_gcm_sha_256", TLS_RSA_WITH_AES_128_GCM_SHA256},
171
{"dhe_rsa_aes_128_gcm_sha_256", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
172
{"dhe_dss_aes_128_gcm_sha_256", TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
173
{"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
174
{"ecdh_ecdsa_aes_128_gcm_sha_256", TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
175
{"ecdhe_rsa_aes_128_gcm_sha_256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
176
{"ecdh_rsa_aes_128_gcm_sha_256", TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
170
180
static const char* pem_library = "libnsspem.so";
191
201
PRBool cipher_state[NUM_OF_CIPHERS];
196
205
/* First disable all ciphers. This uses a different max value in case
197
206
* NSS adds more ciphers later we don't want them available by
200
209
for(i=0; i<SSL_NumImplementedCiphers; i++) {
201
SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
210
SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
204
213
/* Set every entry in our list to false */
239
248
/* Finally actually enable the selected ciphers */
240
249
for(i=0; i<NUM_OF_CIPHERS; i++) {
241
rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
242
if(rv != SECSuccess) {
253
if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
243
254
failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
244
255
return SECFailure;
616
627
static void HandshakeCallback(PRFileDesc *sock, void *arg)
630
struct connectdata *conn = (struct connectdata*) arg;
631
unsigned int buflenmax = 50;
632
unsigned char buf[50];
634
SSLNextProtoState state;
636
if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) {
640
if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
643
case SSL_NEXT_PROTO_NO_SUPPORT:
644
case SSL_NEXT_PROTO_NO_OVERLAP:
645
infof(conn->data, "TLS, neither ALPN nor NPN succeeded\n");
647
#ifdef SSL_ENABLE_ALPN
648
case SSL_NEXT_PROTO_SELECTED:
649
infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
652
case SSL_NEXT_PROTO_NEGOTIATED:
653
infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
657
if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
658
memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)
660
conn->negnpn = NPN_HTTP2_DRAFT09;
662
else if(buflen == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, buf,
663
ALPN_HTTP_1_1_LENGTH)) {
664
conn->negnpn = NPN_HTTP1_1;
622
673
static void display_cert_info(struct SessionHandle *data,
1345
1407
/* reset the flag to avoid an infinite loop */
1346
1408
data->state.ssl_connect_retry = FALSE;
1348
/* enable all ciphers from enable_ciphers_by_default */
1349
cipher_to_enable = enable_ciphers_by_default;
1350
while(SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
1351
if(SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
1352
curlerr = CURLE_SSL_CIPHER;
1358
1410
if(data->set.ssl.cipher_list) {
1359
1411
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
1360
1412
curlerr = CURLE_SSL_CIPHER;
1374
1426
if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
1377
if(SSL_HandshakeCallback(model, HandshakeCallback, NULL) != SECSuccess)
1429
if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
1380
1432
if(data->set.ssl.verifypeer) {
1437
1489
SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
1493
if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
1494
#ifdef SSL_ENABLE_NPN
1495
if(data->set.ssl_enable_npn) {
1496
if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)
1501
#ifdef SSL_ENABLE_ALPN
1502
if(data->set.ssl_enable_alpn) {
1503
if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)
1509
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
1510
if(data->set.ssl_enable_npn || data->set.ssl_enable_alpn) {
1511
alpn_protos[cur] = NGHTTP2_PROTO_VERSION_ID_LEN;
1513
memcpy(&alpn_protos[cur], NGHTTP2_PROTO_VERSION_ID,
1514
NGHTTP2_PROTO_VERSION_ID_LEN);
1515
cur += NGHTTP2_PROTO_VERSION_ID_LEN;
1516
alpn_protos[cur] = ALPN_HTTP_1_1_LENGTH;
1518
memcpy(&alpn_protos[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
1520
if(SSL_SetNextProtoNego(connssl->handle, alpn_protos, alpn_protos_len)
1525
infof(data, "SSL, can't negotiate HTTP/2.0 with neither NPN nor ALPN\n");
1440
1532
/* Force handshake on next I/O */
1441
1533
SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);