From 0bebbc33faae7ac10e7a7980b260e786f05d81bf Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sat, 22 Mar 2014 18:13:50 +0100 Subject: Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995) --- Lib/test/test_ssl.py | 12 ++++++++++++ Misc/NEWS | 4 ++++ Modules/_ssl.c | 15 +++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 1a2a9f0..891720e 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2567,6 +2567,18 @@ else: s.connect((HOST, server.port)) self.assertIn("no shared cipher", str(server.conn_errors[0])) + @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL") + def test_default_ecdh_curve(self): + # Issue #21015: elliptic curve-based Diffie Hellman key exchange + # should be enabled by default on SSL contexts. + context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + context.load_cert_chain(CERTFILE) + context.set_ciphers("ECDH") + with ThreadedEchoServer(context=context) as server: + with context.wrap_socket(socket.socket()) as s: + s.connect((HOST, server.port)) + self.assertIn("ECDH", s.cipher()[0]) + @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES, "'tls-unique' channel binding not available") def test_tls_unique_channel_binding(self): diff --git a/Misc/NEWS b/Misc/NEWS index b5b719d..6b527ea 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -21,6 +21,10 @@ Core and Builtins Library ------- +- Issue #21015: SSL contexts will now automatically select an elliptic + curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise + default to "prime256v1". + - Issue #20995: Enhance default ciphers used by the ssl module to enable better security an prioritize perfect forward secrecy. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 813c926..5031476 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2059,6 +2059,21 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) options |= SSL_OP_NO_SSLv2; SSL_CTX_set_options(self->ctx, options); +#ifndef OPENSSL_NO_ECDH + /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use + prime256v1 by default. This is Apache mod_ssl's initialization + policy, so we should be safe. */ +#if defined(SSL_CTX_set_ecdh_auto) + SSL_CTX_set_ecdh_auto(self->ctx, 1); +#else + { + EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + SSL_CTX_set_tmp_ecdh(self->ctx, key); + EC_KEY_free(key); + } +#endif +#endif + #define SID_CTX "Python" SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX, sizeof(SID_CTX)); -- cgit v0.12