diff --git a/cipher_suites.go b/cipher_suites.go index 35bf09f..1d1670d 100644 --- a/cipher_suites.go +++ b/cipher_suites.go @@ -334,10 +334,35 @@ var disabledCipherSuites = []uint16{ } var ( - defaultCipherSuitesLen = len(cipherSuitesPreferenceOrder) - len(disabledCipherSuites) - defaultCipherSuites = cipherSuitesPreferenceOrder[:defaultCipherSuitesLen] + defaultCipherSuitesLen int + defaultCipherSuites []uint16 ) +// rsaKexCiphers contains the ciphers which use RSA based key exchange, +// which we disable by default. +var rsaKexCiphers = map[uint16]bool{ + TLS_RSA_WITH_RC4_128_SHA: true, + TLS_RSA_WITH_3DES_EDE_CBC_SHA: true, + TLS_RSA_WITH_AES_128_CBC_SHA: true, + TLS_RSA_WITH_AES_256_CBC_SHA: true, + TLS_RSA_WITH_AES_128_CBC_SHA256: true, + TLS_RSA_WITH_AES_128_GCM_SHA256: true, + TLS_RSA_WITH_AES_256_GCM_SHA384: true, +} + +//var rsaKEXgodebug = godebug.New("tlsrsakex") + +func init() { + rsaKexEnabled := false // rsaKEXgodebug.Value() == "1" + for _, c := range cipherSuitesPreferenceOrder[:len(cipherSuitesPreferenceOrder)-len(disabledCipherSuites)] { + if !rsaKexEnabled && rsaKexCiphers[c] { + continue + } + defaultCipherSuites = append(defaultCipherSuites, c) + } + defaultCipherSuitesLen = len(defaultCipherSuites) +} + // defaultCipherSuitesTLS13 is also the preference order, since there are no // disabled by default TLS 1.3 cipher suites. The same AES vs ChaCha20 logic as // cipherSuitesPreferenceOrder applies. diff --git a/common.go b/common.go index 53209a6..c64df94 100644 --- a/common.go +++ b/common.go @@ -683,7 +683,9 @@ type Config struct { // the list is ignored. Note that TLS 1.3 ciphersuites are not configurable. // // If CipherSuites is nil, a safe default list is used. The default cipher - // suites might change over time. + // suites might change over time. In Go 1.22 RSA key exchange based cipher + // suites were removed from the default list, but can be re-added with the + // GODEBUG setting tlsrsakex=1. CipherSuites []uint16 // PreferServerCipherSuites is a legacy field and has no effect.