Lower returned number for SSL_CTX_get_security_level (#1157)

A contributor pointed out that our default SSL settings don't quite align with OpenSSL's definition for different security levels. * #1002 (comment) I've lowered the return number for `SSL_CTX_get_security_level`, but this function is still only for compatibility purposes.
aws · Sep 6, 2023 · 42cd981 · 42cd981
1 parent 3385b60
commit 42cd981
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 14 deletions.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
@@ -5104,22 +5104,35 @@ OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
 // more convenient to codesearch for specific algorithm values.
 OPENSSL_EXPORT int SSL_set1_sigalgs_list(SSL *ssl, const char *str);
 
-// SSL_CTX_get_security_level returns 3. This is only to maintain compatibility
+// SSL_CTX_get_security_level returns 0. This is only to maintain compatibility
 // with OpenSSL and no security assumptions should be based on the number this
 // function returns.
 //
-// Per OpenSSL's definition of Level 3:
-// Level 3:
-// Security level set to 128 bits of security. As a result RSA, DSA and DH keys
-// shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In
-// addition to the level 2 exclusions cipher suites not offering forward secrecy
-// are prohibited. TLS versions below 1.1 are not permitted. Session tickets are
-// disabled.
-//
-// AWS-LC only supports atl least 128 bits of security, but we don't directly
-// prohibit session tickets and TLS 1.0 like Level 3 in OpenSSL states. This
-// behavior may change if we're asked to support actual Security level setting
-// in AWS-LC.
+// Per OpenSSL's definition of Level 0, 1, and 2:
+//
+// Level 0:
+// Everything is permitted. This retains compatibility with previous versions of
+// OpenSSL.
+//
+// Level 1
+// The security level corresponds to a minimum of 80 bits of security. Any
+// parameters offering below 80 bits of security are excluded. As a result RSA,
+// DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are
+// prohibited. All export cipher suites are prohibited since they all offer less
+// than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using
+// MD5 for the MAC is also prohibited.
+//
+// Level 2
+// Security level set to 112 bits of security. As a result RSA, DSA and DH keys
+// shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In
+// addition to the level 1 exclusions any cipher suite using RC4 is also
+// prohibited. SSL version 3 is also not allowed. Compression is disabled.
+//
+// AWS-LC's libssl doesn't support SSLv2 or SSLv3, and we have no support for MD5
+// or RC4 related cipher suites. However, we don't directly prohibit 512 bit RSA
+// keys like Level 1 in OpenSSL states. Since this function is only retained for
+// OpenSSL compatibility, we set the returned value to 0. This may change if
+// we're asked to support actual Security level setting in AWS-LC.
 OPENSSL_EXPORT int SSL_CTX_get_security_level(const SSL_CTX *ctx);
 
 // SSL_CTX_set_security_level does nothing. See documentation in

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
@@ -1112,6 +1112,6 @@ int SSL_delegated_credential_used(const SSL *ssl) {
   return ssl->s3->delegated_credential_used;
 }
 
-int SSL_CTX_get_security_level(const SSL_CTX *ctx) { return 3; }
+int SSL_CTX_get_security_level(const SSL_CTX *ctx) { return 0; }
 
 void SSL_CTX_set_security_level(const SSL_CTX *ctx, int level) {}