From 1ea2fe5b8d082d193b7f6ecfa5d5d9a9700afe11 Mon Sep 17 00:00:00 2001 From: sledgehammer999 Date: Wed, 1 Feb 2023 02:23:12 +0200 Subject: [PATCH] Blacklist bad ciphers for TLS in the server Prevents the ROBOT attack. Closes #18483 --- src/base/http/server.cpp | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/base/http/server.cpp b/src/base/http/server.cpp index f53e437d7..d2b6ebf71 100644 --- a/src/base/http/server.cpp +++ b/src/base/http/server.cpp @@ -56,10 +56,33 @@ namespace QList safeCipherList() { const QStringList badCiphers {u"idea"_qs, u"rc4"_qs}; + // Contains Ciphersuites that use RSA for the Key Exchange but they don't mention it in their name + const QStringList badRSAShorthandSuites { + u"AES256-GCM-SHA384"_qs, u"AES128-GCM-SHA256"_qs, u"AES256-SHA256"_qs, + u"AES128-SHA256"_qs, u"AES256-SHA"_qs, u"AES128-SHA"_qs}; + // Contains Ciphersuites that use AES CBC mode but they don't mention it in their name + const QStringList badAESShorthandSuites { + u"ECDHE-ECDSA-AES256-SHA384"_qs, u"ECDHE-RSA-AES256-SHA384"_qs, u"DHE-RSA-AES256-SHA256"_qs, + u"ECDHE-ECDSA-AES128-SHA256"_qs, u"ECDHE-RSA-AES128-SHA256"_qs, u"DHE-RSA-AES128-SHA256"_qs, + u"ECDHE-ECDSA-AES256-SHA"_qs, u"ECDHE-RSA-AES256-SHA"_qs, u"DHE-RSA-AES256-SHA"_qs, + u"ECDHE-ECDSA-AES128-SHA"_qs, u"ECDHE-RSA-AES128-SHA"_qs, u"DHE-RSA-AES128-SHA"_qs}; const QList allCiphers {QSslConfiguration::supportedCiphers()}; QList safeCiphers; - std::copy_if(allCiphers.cbegin(), allCiphers.cend(), std::back_inserter(safeCiphers), [&badCiphers](const QSslCipher &cipher) + std::copy_if(allCiphers.cbegin(), allCiphers.cend(), std::back_inserter(safeCiphers), + [&badCiphers, &badRSAShorthandSuites, &badAESShorthandSuites](const QSslCipher &cipher) { + const QString name = cipher.name(); + if (name.contains(u"-cbc-"_qs, Qt::CaseInsensitive) // AES CBC mode is considered vulnerable to BEAST attack + || name.startsWith(u"adh-"_qs, Qt::CaseInsensitive) // Key Exchange: Diffie-Hellman, doesn't support Perfect Forward Secrecy + || name.startsWith(u"aecdh-"_qs, Qt::CaseInsensitive) // Key Exchange: Elliptic Curve Diffie-Hellman, doesn't support Perfect Forward Secrecy + || name.startsWith(u"psk-"_qs, Qt::CaseInsensitive) // Key Exchange: Pre-Shared Key, doesn't support Perfect Forward Secrecy + || name.startsWith(u"rsa-"_qs, Qt::CaseInsensitive) // Key Exchange: Rivest Shamir Adleman (RSA), doesn't support Perfect Forward Secrecy + || badRSAShorthandSuites.contains(name, Qt::CaseInsensitive) + || badAESShorthandSuites.contains(name, Qt::CaseInsensitive)) + { + return false; + } + return std::none_of(badCiphers.cbegin(), badCiphers.cend(), [&cipher](const QString &badCipher) { return cipher.name().contains(badCipher, Qt::CaseInsensitive);