implement "cipher_suites"

manual port of commit fd11a85

Author: alandekok

raddb/mods-available/eap

@@ -527,6 +527,22 @@ eap {
 		#
 #		psk_query = "%sql(select hex(key) from psk_keys where keyid = '%{TLS-PSK-Identity}')"
 
+		#
+		#  cipher_suites:: TLS 1.3 cipher suites.
+		#
+		#  For TLS-PSK, uncomment the following line to use
+		#  standard ciphers for TLS 1.3.
+		#
+		#  TLS-PSK may work without this line, but it is
+		#  likely to not work when the "next hop" home_server
+		#  accepts both certificates and PSK.  OpenSSL will
+		#  negotiate cipher suites which are incompatible with
+		#  PSK, and then fail.
+		#
+		#  Setting the `cipher_suites` here forces PSK to be negotiated.
+		#
+#		cipher_suites = "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+
 		#
 		#  You can create the DH parameters by running the
 		#  following command:

src/lib/tls/conf-h

@@ -158,6 +158,7 @@ struct fr_tls_conf_s {
 	uint32_t	padding_block_size;		//!< for TLS 1.3, pad blocks to multiple of this size.
 
 	char const	*cipher_list;			//!< Acceptable ciphers.
+	char const	*cipher_suites;			//!< Acceptable TLS 1.3 cipher suites.
 	bool		cipher_server_preference;	//!< use server preferences for cipher selection
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
 	bool		allow_renegotiation;		//!< Whether or not to allow cipher renegotiation.

src/lib/tls/conf.c

@@ -184,6 +184,9 @@ conf_parser_t fr_tls_server_config[] = {
 	{ FR_CONF_OFFSET("disable_single_dh_use", fr_tls_conf_t, disable_single_dh_use) },
 
 	{ FR_CONF_OFFSET("cipher_list", fr_tls_conf_t, cipher_list) },
+#ifdef TLS1_3_VERSION
+	{ FR_CONF_OFFSET("cipher_suites", fr_tls_conf_t, cipher_suites) },
+#endif
 	{ FR_CONF_OFFSET("cipher_server_preference", fr_tls_conf_t, cipher_server_preference), .dflt = "yes" },
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
 	{ FR_CONF_OFFSET("allow_renegotiation", fr_tls_conf_t, allow_renegotiation), .dflt = "no" },
@@ -232,6 +235,9 @@ conf_parser_t fr_tls_client_config[] = {
 	{ FR_CONF_OFFSET("fragment_size",  fr_tls_conf_t, fragment_size), .dflt = "1024" },
 
 	{ FR_CONF_OFFSET("cipher_list", fr_tls_conf_t, cipher_list) },
+#ifdef TLS1_3_VERSION
+	{ FR_CONF_OFFSET("cipher_suites", fr_tls_conf_t, cipher_suites) },
+#endif
 
 #ifndef OPENSSL_NO_ECDH
 	{ FR_CONF_OFFSET("ecdh_curve", fr_tls_conf_t, ecdh_curve), .dflt = "prime256v1" },

src/lib/tls/ctx.c

@@ -930,6 +930,22 @@ SSL_CTX *fr_tls_ctx_alloc(fr_tls_conf_t const *conf, bool client)
 		}
 	}
 
+#ifdef TLS1_3_VERSION
+	/*
+	 *	Set the TLS 1.3 cipher suites if we were told to.
+	 *
+	 *	This helps with TLS-PSK: OpenSSL will otherwise
+	 *	negotiate cipher suites which are incompatible with
+	 *	PSK, and then fail.
+	 */
+	if (conf->cipher_suites) {
+		if (!SSL_CTX_set_ciphersuites(ctx, conf->cipher_suites)) {
+			fr_tls_log(NULL, "Failed setting cipher suites");
+			goto error;
+		}
+	}
+#endif
+
 	/*
 	 *	Print the actual cipher list
 	 */