Bug 214915 - [Curl][WinCairo] Remove deprecated cipher suites.
Summary: [Curl][WinCairo] Remove deprecated cipher suites.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-07-29 03:39 PDT by Takashi Komori
Modified: 2022-11-17 00:41 PST (History)
14 users (show)

See Also:

Attachments
Patch (59.61 KB, patch)
2020-07-29 18:06 PDT, Takashi Komori 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Takashi Komori 2020-07-29 03:39:30 PDT 
In WinCairo port some deprecated cipher suites are enabled.
We remove those cipher suites and enable stronger algorithms, for reducing handshake time.
Comment 1 Takashi Komori 2020-07-29 18:06:07 PDT 
Created attachment 405537 [details]
Patch
Comment 2 Basuke Suzuki 2020-07-30 13:48:35 PDT 
Looks good to me.

If possible, can you point the default set of ciphers libcurl uses? It is not clear which cipher suites are removed.
Comment 3 Takashi Komori 2020-07-31 02:19:30 PDT 
(In reply to Basuke Suzuki from comment #2)
> Looks good to me.
> 
> If possible, can you point the default set of ciphers libcurl uses? It is
> not clear which cipher suites are removed.

In WinCairo port cipher suites below are enabled.

AES_128_GCM_SHA256
CHACHA20_POLY1305_SHA256
AES_256_GCM_SHA384
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE_RSA_WITH_AES_256_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA
DHE_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_3DES_EDE_CBC_SHA
Comment 4 Takashi Komori 2020-07-31 02:19:57 PDT 
Cipher suites below are disabled.

RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
DHE_RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA256
RSA_WITH_CAMELLIA_128_CBC_SHA
DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA256
DHE_RSA_WITH_AES_256_CBC_SHA256
GOSTR341001_WITH_28147_CNT_IMIT
RSA_WITH_CAMELLIA_256_CBC_SHA
DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
DHE_RSA_WITH_AES_128_GCM_SHA256
RSA_WITH_AES_128_GCM_SHA256
RSA_WITH_AES_256_GCM_SHA384
DHE_RSA_WITH_AES_256_GCM_SHA384
RSA_WITH_CAMELLIA_128_CBC_SHA256
DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
RSA_WITH_CAMELLIA_256_CBC_SHA256
DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
ECDHE_ECDSA_WITH_RC4_128_SHA
ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ECDHE_RSA_WITH_RC4_128_SHA
ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDHE_RSA_WITH_AES_256_CBC_SHA384
DHE_RAS_WITH_CHACHA20_POLY1305_SHA256
Comment 5 Takashi Komori 2020-07-31 02:24:31 PDT 
Default cipher suites for curl before applying the patch are suites summed up enabled and disabled.
Comment 6 Fujii Hironori 2020-08-11 13:47:51 PDT 
Comment on attachment 405537 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=405537&action=review

> Tools/ChangeLog:11
> +        For testing enabled/diabled ciphers we added HTTPServer.cpp which uses TCPServer.cpp

Bug 215379 is going to land HTTPServer as a separate patch. Let's redo this patch after Bug 215379.
Comment 7 Kenji Shukuwa 2022-11-16 22:19:18 PST 
Pull request: https://github.com/WebKit/WebKit/pull/6582
Comment 8 EWS 2022-11-17 00:40:38 PST 
Committed 256775@main (597ffc8de927): <https://commits.webkit.org/256775@main>

Reviewed commits have been landed. Closing PR #6582 and removing active labels.
Comment 9 Radar WebKit Bug Importer 2022-11-17 00:41:17 PST 
<rdar://problem/102455626>