crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.

This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.

This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.

Notable test changes:

  - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
    right certificate regardless of CipherSuite ordering, which is now
    completely ignored, as tested by TestCipherSuitePreference. Removed.

  - The openssl command of TestHandshakeServerExportKeyingMaterial was
    broken for TLS 1.0 in CL 262857, but its golden file was not
    regenerated, so the test kept passing. It now broke because the
    selected suite from the ones in the golden file changed.

  - In TestAESCipherReordering, "server strongly prefers AES-GCM" is
    removed because there is no way for a server to express a strong
    preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
    switched to ChaCha20 when the server lacks AES hardware; and finally
    "client supports multiple AES-GCM" changed to always prefer AES-128
    per the universal preference list.

    * this is going back on an explicit decision from CL 262857, and
      while that client order is weird and does suggest a strong dislike
      for ChaCha20, we have a strong dislike for software AES, so it
      didn't feel worth making the logic more complex

  - All Client-* golden files had to be regenerated because the
    ClientHello cipher suites have changed.
    (Even when Config.CipherSuites was limited to one suite, the TLS 1.3
    default order changed.)

Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)

Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>

1 files changed, 44 insertions, 44 deletions

diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
index 754b76ece9..81e5191925 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
@@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 97 0c 7e fc 7f  |....Y...U....~..|
-00000010  96 47 02 21 a7 19 45 a5  79 5c 5e fc c2 15 b3 fa  |.G.!..E.y\^.....|
-00000020  84 98 7d 67 65 c8 48 58  a1 5d 67 20 ad 2a c6 b3  |..}ge.HX.]g .*..|
-00000030  a4 17 82 12 4a c5 97 af  12 6b 7d f6 9e 49 f1 38  |....J....k}..I.8|
-00000040  d0 56 76 bc 81 23 ad 3a  3e 7f bc 2d c0 13 00 00  |.Vv..#.:>..-....|
+00000000  16 03 01 00 59 02 00 00  55 03 01 ca 72 6a a1 69  |....Y...U...rj.i|
+00000010  18 a4 f8 76 4a c3 5c e8  d5 c1 fb 06 c6 9a 14 67  |...vJ.\........g|
+00000020  ce e4 f6 52 67 ab 64 48  28 5a 63 20 55 ea ff 87  |...Rg.dH(Zc U...|
+00000030  5a 78 5c cb 21 af 83 a5  ed 1b d3 2c 39 81 e5 ca  |Zx\.!......,9...|
+00000040  63 d2 5c 57 27 1d d0 f9  41 40 43 b0 c0 13 00 00  |c.\W'...A@C.....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@@ -60,17 +60,17 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 a4 24 f7 67 e3 da fa  |........ .$.g...|
-000002d0  10 33 95 b4 46 00 c0 3c  cd 74 12 e4 a3 3b 01 70  |.3..F..<.t...;.p|
-000002e0  fb 98 01 9a e9 2d d0 18  7b 00 80 ce c5 7b 4b 87  |.....-..{....{K.|
-000002f0  cd bc 5d 63 09 7e d4 ce  09 53 7a 1b e5 b4 10 54  |..]c.~...Sz....T|
-00000300  89 52 ac 82 9c 78 88 ed  e8 1a 8c 3a 7a 2c 9a c5  |.R...x.....:z,..|
-00000310  2b 97 1c 79 43 bd b1 ee  93 6f 4c 4d fc 3c 47 91  |+..yC....oLM.<G.|
-00000320  a6 ac ad be a9 39 12 98  40 f7 6a a3 e7 21 76 90  |.....9..@.j..!v.|
-00000330  c9 80 2b bc 80 3f 7e 60  59 7d cd 38 84 a8 53 2a  |..+..?~`Y}.8..S*|
-00000340  92 24 08 8f 84 da cd 9a  86 80 10 05 8f 1b fd 86  |.$..............|
-00000350  93 b6 ef 13 70 e5 6a d5  0e a5 bf 80 bf 50 a8 d4  |....p.j......P..|
-00000360  87 99 b8 d6 f0 4f 45 d5  e6 8b e1 16 03 01 00 0a  |.....OE.........|
+000002c0  aa 0c 00 00 a6 03 00 1d  20 e8 a5 9c e4 73 3d 75  |........ ....s=u|
+000002d0  0c 3e f2 de 21 9c 0f 91  b4 fd 94 f0 27 f6 d9 7d  |.>..!.......'..}|
+000002e0  cd 0c 4c 50 b0 47 db dd  12 00 80 04 c0 be d5 bb  |..LP.G..........|
+000002f0  e8 e2 a2 2e d9 2e 75 fa  b6 07 d0 f7 75 52 fb 2f  |......u.....uR./|
+00000300  50 cd 43 68 bd 42 11 6d  d6 9f a3 d1 00 fd a9 14  |P.Ch.B.m........|
+00000310  0c 2a dd 76 ea 73 21 52  00 3a 83 cf d7 07 c7 bd  |.*.v.s!R.:......|
+00000320  78 21 ce 35 80 b3 06 22  f1 96 a7 20 41 f8 aa 61  |x!.5..."... A..a|
+00000330  94 b4 77 d4 d9 92 f2 66  c5 1c d1 82 f3 b9 e2 9d  |..w....f........|
+00000340  a9 30 1c e2 4e ec 0d 32  3d 0d 61 22 c8 e5 95 9f  |.0..N..2=.a"....|
+00000350  cf 3e fc a8 c5 c3 f8 45  45 29 ea a7 e7 b7 a6 17  |.>.....EE)......|
+00000360  9e 5f 83 d4 b3 f0 da 31  73 94 f2 16 03 01 00 0a  |._.....1s.......|
 00000370  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
 00000380  00 00 00                                          |...|
 >>> Flow 3 (client to server)
@@ -110,29 +110,29 @@
 00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
 00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 91 0f 00  |...._X.;t.......|
-00000240  00 8d 00 8b 30 81 88 02  42 01 71 f3 c4 3a 85 08  |....0...B.q..:..|
-00000250  3b 18 26 48 5c 3f c3 8a  4f e9 d7 29 48 59 1a 35  |;.&H\?..O..)HY.5|
-00000260  ee b3 0d 5e 29 03 1d 34  95 0e 40 73 85 13 14 d0  |...^)..4..@s....|
-00000270  fb fb 96 77 21 fb d8 43  d7 e2 bf 2c 95 7b 75 5d  |...w!..C...,.{u]|
-00000280  59 15 81 71 d2 b6 82 96  d9 cc 78 02 42 01 d3 51  |Y..q......x.B..Q|
-00000290  af 25 d0 f8 a4 e2 e7 8e  7e 46 56 53 8f d1 09 f6  |.%......~FVS....|
-000002a0  76 88 5a 42 83 89 92 7b  c7 e4 40 9c 3d 05 ac 43  |v.ZB...{..@.=..C|
-000002b0  bf 6e 24 14 fe 36 f8 43  a6 90 8e a1 bd e2 92 84  |.n$..6.C........|
-000002c0  60 e3 92 34 1c 7b 53 d5  57 6d 23 32 12 a8 23 14  |`..4.{S.Wm#2..#.|
-000002d0  03 01 00 01 01 16 03 01  00 30 6f 06 c7 84 fa 7f  |.........0o.....|
-000002e0  c9 66 a9 6f 26 37 45 db  42 c8 8f 63 c3 5b 05 07  |.f.o&7E.B..c.[..|
-000002f0  ef 07 41 be 71 60 35 d3  16 8f 92 f6 89 cb c7 dc  |..A.q`5.........|
-00000300  4e 45 61 99 31 45 66 40  36 86                    |NEa.1Ef@6.|
+00000240  00 8d 00 8b 30 81 88 02  42 00 9a b9 f6 98 e3 ed  |....0...B.......|
+00000250  ed 0d a3 0e 54 51 9f 73  d4 87 40 4e a9 39 4b 2d  |....TQ.s..@N.9K-|
+00000260  2a b9 4d 8d e3 46 c3 b6  39 f2 ca a9 c9 0f 79 c1  |*.M..F..9.....y.|
+00000270  0c 90 6f de 58 97 72 fc  a8 c1 4c 12 aa a4 85 57  |..o.X.r...L....W|
+00000280  50 7c a0 02 8a 12 c5 80  aa b6 39 02 42 00 9c b7  |P|........9.B...|
+00000290  95 b4 04 83 5b 3a e1 ac  da 78 86 11 f5 30 75 4a  |....[:...x...0uJ|
+000002a0  25 67 6c fd ef 5a d8 56  d3 60 93 cf 65 07 2b 1f  |%gl..Z.V.`..e.+.|
+000002b0  a9 40 a8 ba cd 0e 41 2d  10 43 a4 61 93 b7 0a 11  |.@....A-.C.a....|
+000002c0  78 d1 72 2b 20 07 49 5a  76 02 17 57 87 78 c7 14  |x.r+ .IZv..W.x..|
+000002d0  03 01 00 01 01 16 03 01  00 30 93 de 1b 64 0e 56  |.........0...d.V|
+000002e0  d9 a8 da f7 37 cb ac ac  3e f5 e2 f9 87 19 f2 79  |....7...>......y|
+000002f0  24 76 19 a4 a2 41 d6 9e  7d ca aa 3e 1d d7 22 dd  |$v...A..}..>..".|
+00000300  05 aa dd 74 03 db fd a2  de ee                    |...t......|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 d3 83 ac 08 7f  |..........0.....|
-00000010  a1 91 51 7c b7 99 6f 24  cd b1 cd 31 7b 12 20 47  |..Q|..o$...1{. G|
-00000020  66 08 22 f6 28 ea 81 fe  92 b5 c8 40 60 bc 5b 19  |f.".(......@`.[.|
-00000030  e0 2b d1 26 fd 4c 12 22  c5 13 9a                 |.+.&.L."...|
+00000000  14 03 01 00 01 01 16 03  01 00 30 4d 4f d6 67 05  |..........0MO.g.|
+00000010  32 8c 16 cb 19 35 b3 b9  02 d8 5e 24 b6 c8 b7 3a  |2....5....^$...:|
+00000020  17 34 98 77 e1 73 e0 cd  a9 30 a8 15 60 8c f4 9a  |.4.w.s...0..`...|
+00000030  dc cf 7a fd 86 85 1c 2b  33 21 e8                 |..z....+3!.|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 79 06 89  7e e0 17 9a e3 dc 4c ee  |.... y..~.....L.|
-00000010  70 63 13 bc 27 f5 43 fa  f8 90 49 d9 89 43 7a 15  |pc..'.C...I..Cz.|
-00000020  d4 e2 a8 e6 3e 17 03 01  00 20 ea 84 0e 21 62 d5  |....>.... ...!b.|
-00000030  ee 26 5e fc 3e 0c 83 3b  91 01 c4 a7 8e 9b c4 1a  |.&^.>..;........|
-00000040  86 f8 a0 44 21 44 2f 31  cf a1 15 03 01 00 20 c6  |...D!D/1...... .|
-00000050  11 f1 65 ea f3 39 d1 d2  ac 95 1f 81 36 ae db b1  |..e..9......6...|
-00000060  88 a8 42 25 86 ec 1b c1  7e 12 60 a9 6b 7f 66     |..B%....~.`.k.f|
+00000000  17 03 01 00 20 b8 c5 17  b7 92 d8 93 7a b2 fd 4f  |.... .......z..O|
+00000010  15 d1 db b9 47 54 00 a0  f6 77 92 03 a8 89 e5 ba  |....GT...w......|
+00000020  cc eb d9 bd 27 17 03 01  00 20 57 d5 9a f6 36 b2  |....'.... W...6.|
+00000030  57 ba cd 64 77 36 b9 74  fb bd 95 51 03 61 e8 45  |W..dw6.t...Q.a.E|
+00000040  cb b8 35 f0 05 17 b3 08  c6 cb 15 03 01 00 20 28  |..5........... (|
+00000050  43 03 ab 3f e2 f5 d0 33  4c 7f 50 a4 ee 7b 46 e6  |C..?...3L.P..{F.|
+00000060  12 76 d0 fd c3 99 5c 63  a4 04 ea 4b e3 bd 99     |.v....\c...K...|