RESOLVED FIXED 214915
[Curl][WinCairo] Remove deprecated cipher suites. 
https://bugs.webkit.org/show_bug.cgi?id=214915
Summary [Curl][WinCairo] Remove deprecated cipher suites.
Takashi Komori
Reported 2020-07-29 03:39:30 PDT
In WinCairo port some deprecated cipher suites are enabled. We remove those cipher suites and enable stronger algorithms, for reducing handshake time.
Attachments
Patch (59.61 KB, patch)
2020-07-29 18:06 PDT, Takashi Komori 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Takashi Komori
Comment 1 2020-07-29 18:06:07 PDT
Created attachment 405537 [details] Patch
Basuke Suzuki
Comment 2 2020-07-30 13:48:35 PDT
Looks good to me. If possible, can you point the default set of ciphers libcurl uses? It is not clear which cipher suites are removed.
Takashi Komori
Comment 3 2020-07-31 02:19:30 PDT
(In reply to Basuke Suzuki from comment #2) > Looks good to me. > > If possible, can you point the default set of ciphers libcurl uses? It is > not clear which cipher suites are removed. In WinCairo port cipher suites below are enabled. AES_128_GCM_SHA256 CHACHA20_POLY1305_SHA256 AES_256_GCM_SHA384 ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE_RSA_WITH_AES_256_CBC_SHA DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA RSA_WITH_3DES_EDE_CBC_SHA
Takashi Komori
Comment 4 2020-07-31 02:19:57 PDT
Cipher suites below are disabled. RSA_WITH_RC4_128_MD5 RSA_WITH_RC4_128_SHA DHE_RSA_WITH_3DES_EDE_CBC_SHA RSA_WITH_AES_128_CBC_SHA256 RSA_WITH_AES_256_CBC_SHA256 RSA_WITH_CAMELLIA_128_CBC_SHA DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE_RSA_WITH_AES_128_CBC_SHA256 DHE_RSA_WITH_AES_256_CBC_SHA256 GOSTR341001_WITH_28147_CNT_IMIT RSA_WITH_CAMELLIA_256_CBC_SHA DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE_RSA_WITH_AES_128_GCM_SHA256 RSA_WITH_AES_128_GCM_SHA256 RSA_WITH_AES_256_GCM_SHA384 DHE_RSA_WITH_AES_256_GCM_SHA384 RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 RSA_WITH_CAMELLIA_256_CBC_SHA256 DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE_RSA_WITH_RC4_128_SHA ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE_RSA_WITH_AES_256_CBC_SHA384 DHE_RAS_WITH_CHACHA20_POLY1305_SHA256
Takashi Komori
Comment 5 2020-07-31 02:24:31 PDT
Default cipher suites for curl before applying the patch are suites summed up enabled and disabled.
Fujii Hironori
Comment 6 2020-08-11 13:47:51 PDT
Comment on attachment 405537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=405537&action=review > Tools/ChangeLog:11 > + For testing enabled/diabled ciphers we added HTTPServer.cpp which uses TCPServer.cpp Bug 215379 is going to land HTTPServer as a separate patch. Let's redo this patch after Bug 215379.
Kenji Shukuwa
Comment 7 2022-11-16 22:19:18 PST
Pull request: https://github.com/WebKit/WebKit/pull/6582
EWS
Comment 8 2022-11-17 00:40:38 PST
Committed 256775@main (597ffc8de927): <https://commits.webkit.org/256775@main> Reviewed commits have been landed. Closing PR #6582 and removing active labels.
Radar WebKit Bug Importer
Comment 9 2022-11-17 00:41:17 PST
<rdar://problem/102455626>
Note You need to log in before you can comment on or make changes to this bug.