Split the existing TLS cipher suite groups into four:

"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)

This allows for flexibility and finer grained control, rather than having
two extremes (an issue raised by Marko Kreen some time ago).

ok beck@ tedu@

3 files changed, 22 insertions, 11 deletions

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 6b47eeb8d1..43f06b0063 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.21 2016/07/07 14:09:03 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.22 2016/07/13 16:30:48 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -289,9 +289,13 @@ tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
             strcasecmp(ciphers, "default") == 0 ||
             strcasecmp(ciphers, "secure") == 0)
                 ciphers = TLS_CIPHERS_DEFAULT;
-        else if (strcasecmp(ciphers, "compat") == 0 ||
-            strcasecmp(ciphers, "legacy") == 0)
+        else if (strcasecmp(ciphers, "compat") == 0)
                 ciphers = TLS_CIPHERS_COMPAT;
+        else if (strcasecmp(ciphers, "legacy") == 0)
+                ciphers = TLS_CIPHERS_LEGACY;
+        else if (strcasecmp(ciphers, "all") == 0 ||
+            strcasecmp(ciphers, "insecure") == 0)
+                ciphers = TLS_CIPHERS_ALL;
 
         if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
                 tls_config_set_errorx(config, "out of memory");
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index cd1f00af23..b4c6a7cc3a 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.61 2016/05/27 11:25:57 sthen Exp $
+.\" $OpenBSD: tls_init.3,v 1.62 2016/07/13 16:30:48 jsing Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 27 2016 $
+.Dd $Mdocdate: July 13 2016 $
 .Dt TLS_INIT 3
 .Os
 .Sh NAME
@@ -322,13 +322,18 @@ sets the list of ciphers that may be used.
 Lists of ciphers are specified by name, and the
 permitted names are:
 .Pp
-.Bl -tag -width "default" -offset indent -compact
-.It Dv "secure"
-.It Dv "default" (an alias for secure)
+.Bl -tag -width "insecure" -offset indent -compact
+.It Dv "secure" (or alias "default")
+.It Dv "compat"
 .It Dv "legacy"
-.It Dv "compat" (an alias for legacy)
+.It Dv "insecure" (or alias "all")
 .El
 .Pp
+Alternatively, libssl cipher strings can be specified.
+See the CIPHERS section of
+.Xr openssl 1
+for further information.
+.Pp
 .Em (Client and server)
 .It
 .Fn tls_config_set_key_file
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 886ee1151f..6c56e6fb84 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.31 2016/07/07 14:09:03 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.32 2016/07/13 16:30:48 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -26,8 +26,10 @@
 
 #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
 
-#define TLS_CIPHERS_COMPAT      "ALL:!aNULL:!eNULL"
 #define TLS_CIPHERS_DEFAULT     "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
+#define TLS_CIPHERS_COMPAT      "HIGH:!aNULL"
+#define TLS_CIPHERS_LEGACY      "HIGH:MEDIUM:!aNULL"
+#define TLS_CIPHERS_ALL         "ALL:!aNULL:!eNULL"
 
 union tls_addr {
         struct in_addr ip4;