Make redbean SSL more tunable

This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2025-07-13 14:39:10 +00:00 · 2021-08-09 07:00:23 -07:00 · 2021-08-09 07:00:23 -07:00 · 53b9f83e1c
commit 53b9f83e1c
parent d86027fe90
15 changed files with 567 additions and 227 deletions
--- a/third_party/mbedtls/ssl_ciphersuites.c
+++ b/third_party/mbedtls/ssl_ciphersuites.c
@ -42,17 +42,26 @@ asm(".include \"libc/disclaimer.inc\"");
 */

 #if defined(MBEDTLS_SSL_TLS_C)
-static const uint16_t ciphersuite_preference[] =
+const uint16_t ciphersuite_preference[] =
 {
 #if defined(MBEDTLS_SSL_CIPHERSUITES)
    MBEDTLS_SSL_CIPHERSUITES,
 #else

 #ifdef MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
-    /* strong perfect forward secrecy */
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+#endif
+
+#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+#endif
+
+#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@ -61,21 +70,14 @@ static const uint16_t ciphersuite_preference[] =
    MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 #endif

 #ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
    MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
@ -83,6 +85,18 @@ static const uint16_t ciphersuite_preference[] =
    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+#endif
+
+#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+#endif
+
+#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
@ -111,8 +125,8 @@ static const uint16_t ciphersuite_preference[] =
    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
    MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
    MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
@ -128,7 +142,7 @@ static const uint16_t ciphersuite_preference[] =
    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
    MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
    MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, // e.g. IE 8 XP
    MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
    MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
    MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,