summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2023-11-20 05:13:06 +0000
committerLaurent Bercot <ska@appnovation.com>2023-11-20 05:13:06 +0000
commit9c4a097d900fb623abeb61d3a58cf58e9c5f383f (patch)
treee616efc1b33fcd984d1599b8b7f4473acc2ca779
parent60b4d9d032509de8395b5c8131c36327f020946f (diff)
downloads6-networking-9c4a097d900fb623abeb61d3a58cf58e9c5f383f.tar.xz
Update documentation; make s6-tlsd-io more conservative by default
Signed-off-by: Laurent Bercot <ska@appnovation.com>
-rw-r--r--doc/libsbearssl/index.html17
-rw-r--r--doc/libstls/index.html6
-rw-r--r--doc/s6-tlsd-io.html7
-rw-r--r--src/sbearssl/sbearssl_server_init_and_run.c1
4 files changed, 22 insertions, 9 deletions
diff --git a/doc/libsbearssl/index.html b/doc/libsbearssl/index.html
index 64a7c0b..291290d 100644
--- a/doc/libsbearssl/index.html
+++ b/doc/libsbearssl/index.html
@@ -22,8 +22,8 @@
<p>
<tt>libsbearssl</tt> is a support library for the
-<a href="../s6-tlsc.html">s6-tlsc</a> and
-<a href="../s6-tlsd.html">s6-tlsd</a> executables when they're built
+<a href="../s6-tlsc-io.html">s6-tlsc-io</a> and
+<a href="../s6-tlsd-io.html">s6-tlsd-io</a> executables when they're built
against the <a href="https://bearssl.org/">BearSSL</a>
backend. Among other things, it offers interfaces to read private
keys and certificates from a Unix filesystem, which BearSSL does
@@ -533,7 +533,7 @@ DN of the end entity after validation. <em>eltstatus</em> must point to a
user-supplied <tt>uint8_t</tt>, which after validation encodes the status
of DN extraction: bit 7 of <em>eltstatus</em> is set if there was an issue during extraction (in
which case the contents of <em>*eedn</em> are meaningless) and clear if
-everything went well, and bits 0 to 6 are set iff the corresponding element
+everything went well, and bits 0 to 5 are set iff the corresponding element
of the DN is present, by increasing order C, ST, L, O, OU and CN.
</p>
@@ -603,9 +603,13 @@ a high-level function missing from BearSSL: it fully initializes a
and all the hashes provided by BearSSL with a good degradation order,
supporting TLS 1.0 to TLS 1.2, etc. What it doesn't set: the engine buffer,
the certificate policy, the optional engine flags, and the optional client
-certificate validation.
+certificate validation. If the user wishes to be more conservative with the
+TLS versions, they can use the
+<a href="https://bearssl.org/apidoc/bearssl__ssl_8h.html#aca341c90ed49000ec1560101d6794e07">br_ssl_engine_set_versions()</a>
+call on <em>&amp;sc&rarr;eng</em> afterwards.
</p>
+
<h4> <code> void sbearssl_sctx_set_policy_sni (br_ssl_server_context *sc, sbearssl_sni_policy_context *pol) </code> </h4>
<p>
@@ -725,6 +729,11 @@ server for client authentication. </li>
<li> Bit 0: if clear, no close_notify is performed and the engine
will transmit EOF as received. If set, close_notify will be performed to
end the TLS connection. </li>
+ <li> Bit 1: if clear, on reception of an EOF from the peer without a
+preceding close_notify, the EOF will be transmitted to the local program,
+and the connection will eventually end normally, with the process exiting 0.
+If set, if the peer closes the connection without sending a close_notify,
+the process will exit 98 with a fatal error message. </li>
</ul> </li>
<li> <em>verbosity</em> defines the engine's verbosity: the
higher the more verbose. This parameter is currently ignored. </li>
diff --git a/doc/libstls/index.html b/doc/libstls/index.html
index c1bb833..4abafa7 100644
--- a/doc/libstls/index.html
+++ b/doc/libstls/index.html
@@ -175,6 +175,12 @@ separate closing of both ways. EOF allows full-duplex until the
very end, but is insecure if the application protocol does not
know in advance how many bytes it should get. Modern application
protocols should all work with EOF. </li>
+ <li> bit 1 tells the engine whether (if set) or not (if clear) to
+be sensitive to close_notify if on the <em>receiving</em> side of them.
+If set, if the peer closes the connection without sending a close_notify,
+the process will exit 98 with a fatal error message. If clear, the EOF
+will be transmitted and the engine will continue serving the other half
+of the connection until it's closed as well, and the process wil exit 0. </li>
</ul> </li>
<li> <em>tto</em> is a pointer to a
<a href="//skarnet.org/software/skalibs/libstddjb/tai.html">tain_t</a>
diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index 55e293f..9d419fd 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -89,11 +89,8 @@ call. </li>
</ul>
<p>
- As a server, <tt>s6-tlsd-io</tt> can be conservative in its
-choice of protocols. It is currently not very conservative
-when using the BearSSL backend; it could become more so in
-the future, by defining a custom server profile that supports
-only TLS-1.2 but with several algorithms and cipher suites.
+ As a server, <tt>s6-tlsd-io</tt> is conservative in its choice of protocols.
+It only supports TLS versions 1.2 and higher as supported by the backend, to avoid downgrade attacks.
</p>
<h2> Environment variables </h2>
diff --git a/src/sbearssl/sbearssl_server_init_and_run.c b/src/sbearssl/sbearssl_server_init_and_run.c
index 01abb32..248a18a 100644
--- a/src/sbearssl/sbearssl_server_init_and_run.c
+++ b/src/sbearssl/sbearssl_server_init_and_run.c
@@ -82,6 +82,7 @@ void sbearssl_server_init_and_run (int *fds, tain const *tto, uint32_t preoption
br_x509_trust_anchor btas[n ? n : 1] ;
sbearssl_sctx_init_full_generic(&sc) ;
+ if (!(preoptions & 16)) br_ssl_engine_set_versions(&sc.eng, BR_TLS12, BR_TLS12) ;
sbearssl_sctx_set_policy_sni(&sc, &pol) ;
random_buf((char *)bufi, 32) ;
br_ssl_engine_inject_entropy(&sc.eng, bufi, 32) ;