crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.

This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.

This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.

Notable test changes:

  - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
    right certificate regardless of CipherSuite ordering, which is now
    completely ignored, as tested by TestCipherSuitePreference. Removed.

  - The openssl command of TestHandshakeServerExportKeyingMaterial was
    broken for TLS 1.0 in CL 262857, but its golden file was not
    regenerated, so the test kept passing. It now broke because the
    selected suite from the ones in the golden file changed.

  - In TestAESCipherReordering, "server strongly prefers AES-GCM" is
    removed because there is no way for a server to express a strong
    preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
    switched to ChaCha20 when the server lacks AES hardware; and finally
    "client supports multiple AES-GCM" changed to always prefer AES-128
    per the universal preference list.

    * this is going back on an explicit decision from CL 262857, and
      while that client order is weird and does suggest a strong dislike
      for ChaCha20, we have a strong dislike for software AES, so it
      didn't feel worth making the logic more complex

  - All Client-* golden files had to be regenerated because the
    ClientHello cipher suites have changed.
    (Even when Config.CipherSuites was limited to one suite, the TLS 1.3
    default order changed.)

Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)

Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>

1 files changed, 47 insertions, 47 deletions

diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
index 641ab1bd15..3ee661ecec 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
@@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 3b 4c b9 76 d2  |....Y...U..;L.v.|
-00000010  c3 d1 ea 81 71 1a 10 e1  b1 69 5c 54 c2 df 17 0a  |....q....i\T....|
-00000020  de 41 cb d1 69 c3 9a da  90 fd 25 20 1e 02 11 16  |.A..i.....% ....|
-00000030  ab 66 13 56 3d 94 00 a9  80 7c d8 57 12 99 1c 5f  |.f.V=....|.W..._|
-00000040  7a b2 02 8c 23 f3 76 b8  59 5e 16 dd c0 09 00 00  |z...#.v.Y^......|
+00000000  16 03 01 00 59 02 00 00  55 03 01 b4 ff c0 49 36  |....Y...U.....I6|
+00000010  1d 31 9a a7 f6 33 f5 16  78 d7 10 9e 19 eb 1d 67  |.1...3..x......g|
+00000020  20 39 f8 73 7e 27 e2 dc  d1 ab 03 20 79 64 67 f7  | 9.s~'..... ydg.|
+00000030  8b c8 97 f0 b4 87 0e 2d  4b 22 6c ed 92 48 85 52  |.......-K"l..H.R|
+00000040  eb 57 56 a8 cf 19 9f 4d  e3 38 5e a0 c0 09 00 00  |.WV....M.8^.....|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  01 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
 00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
@@ -55,20 +55,20 @@
 00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
 00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
 00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 01 00 b5 0c 00  00 b1 03 00 1d 20 16 64  |*............ .d|
-00000280  ca 24 70 6f 61 2f 9e 2d  43 0a 73 ac 67 f0 7a e5  |.$poa/.-C.s.g.z.|
-00000290  c7 4e c4 1f ad 13 0d eb  df ff 0d ff a3 27 00 8b  |.N...........'..|
-000002a0  30 81 88 02 42 01 1a 33  8b 88 78 ed 5c c1 56 0d  |0...B..3..x.\.V.|
-000002b0  75 51 69 a0 e7 45 6d ae  b0 67 55 3f be 23 3e 92  |uQi..Em..gU?.#>.|
-000002c0  fe 26 68 a2 30 84 2f b3  33 66 f6 dd 71 67 99 5e  |.&h.0./.3f..qg.^|
-000002d0  1c 6f bf 87 ed 33 a0 87  69 f6 35 65 8d cb 3a 7e  |.o...3..i.5e..:~|
-000002e0  95 a7 a4 40 54 cb 97 02  42 00 a3 fe 50 34 68 9f  |...@T...B...P4h.|
-000002f0  f2 43 98 23 e4 24 ad 36  e9 d3 e0 75 2c 11 46 6c  |.C.#.$.6...u,.Fl|
-00000300  48 33 c5 bc 2d 04 ff cc  bb ec 38 ec f4 b3 55 31  |H3..-.....8...U1|
-00000310  8a 6e 38 a5 6d a0 9c fc  f6 98 75 48 c6 79 53 de  |.n8.m.....uH.yS.|
-00000320  dd 91 49 f0 b6 32 83 45  61 89 4e 16 03 01 00 0a  |..I..2.Ea.N.....|
-00000330  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
-00000340  00 00 00                                          |...|
+00000270  2a 16 03 01 00 b4 0c 00  00 b0 03 00 1d 20 ec 38  |*............ .8|
+00000280  f7 41 d0 f3 f4 6a ca 47  18 74 f1 22 2c 47 ee 39  |.A...j.G.t.",G.9|
+00000290  c9 a2 db 64 05 01 ae 5d  08 65 53 7f 24 78 00 8a  |...d...].eS.$x..|
+000002a0  30 81 87 02 41 64 39 65  56 fa d4 69 e7 c5 a5 32  |0...Ad9eV..i...2|
+000002b0  4c 52 55 96 fe 01 cd 41  3c 18 ed df fd 09 c3 89  |LRU....A<.......|
+000002c0  80 bd 88 9e d7 a1 85 16  d1 a4 5a f0 9a 76 e9 2f  |..........Z..v./|
+000002d0  d2 a4 42 a4 89 98 6c 87  64 b1 49 4e 6a 68 d2 43  |..B...l.d.INjh.C|
+000002e0  41 a2 c7 a6 2f f7 02 42  01 6c bb 32 c0 47 7e 08  |A.../..B.l.2.G~.|
+000002f0  6b 7a 44 18 b7 5d 4c 4d  6d 80 92 bb e5 65 98 1b  |kzD..]LMm....e..|
+00000300  d7 a6 a3 1b b5 f3 46 1a  e7 e0 89 04 40 b0 29 aa  |......F.....@.).|
+00000310  fe 85 6a 9a 4b 18 75 ab  00 52 71 54 41 8d eb 31  |..j.K.u..RqTA..1|
+00000320  47 69 9b 9d dc 3b 1b 3e  76 27 16 03 01 00 0a 0d  |Gi...;.>v'......|
+00000330  00 00 06 03 01 02 40 00  00 16 03 01 00 04 0e 00  |......@.........|
+00000340  00 00                                             |..|
 >>> Flow 3 (client to server)
 00000000  16 03 01 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -105,29 +105,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 90  68 a8 2f 6f 2b 70 e4 25  |........h./o+p.%|
-00000240  7d fb b7 85 db 44 ec 1a  ad 6d 84 fb 95 21 fa 24  |}....D...m...!.$|
-00000250  7b 31 6a 97 4f 06 ee 87  22 c3 7c 81 70 ed e3 2a  |{1j.O...".|.p..*|
-00000260  d5 2c d1 4e 6d f0 12 52  2f 98 05 08 af 41 fa 87  |.,.Nm..R/....A..|
-00000270  d1 62 98 6c 06 47 ec 7a  44 e0 7d ae 7a 7d ef 1b  |.b.l.G.zD.}.z}..|
-00000280  d5 2c fa 1b 70 a3 fb 9a  5d 8c 60 b4 44 6a e5 b8  |.,..p...].`.Dj..|
-00000290  80 4c 29 fc f1 2d f1 11  46 81 c4 01 e4 11 2e 05  |.L)..-..F.......|
-000002a0  cb 2b ca d9 4a 14 39 06  93 77 19 db 80 03 82 38  |.+..J.9..w.....8|
-000002b0  e5 c1 0f 11 17 47 a7 14  03 01 00 01 01 16 03 01  |.....G..........|
-000002c0  00 30 a6 68 28 50 75 6d  eb f4 32 c8 a3 57 3f b1  |.0.h(Pum..2..W?.|
-000002d0  37 84 8e 7e 1d 1d 93 7d  9f ec ff ac 1c 8d bf 30  |7..~...}.......0|
-000002e0  d2 b0 0f 3f 02 c3 ef ac  a3 62 94 26 1c 8f 7e 8d  |...?.....b.&..~.|
-000002f0  74 99                                             |t.|
+00000230  86 0f 00 00 82 00 80 05  7e 70 eb cb ef e3 d9 6f  |........~p.....o|
+00000240  59 29 b5 da f2 07 f5 42  62 4e 74 9b cf 00 e1 5c  |Y).....BbNt....\|
+00000250  69 a5 67 3a b0 b2 ca f2  10 ed 1c b4 81 5d 7d 9e  |i.g:.........]}.|
+00000260  1a 45 69 42 13 c5 b0 86  dc 3d 60 e5 cf fd ae 0f  |.EiB.....=`.....|
+00000270  17 bb 4a ed d7 06 eb f1  6d 47 98 b7 e8 87 eb 3c  |..J.....mG.....<|
+00000280  12 55 2c 06 de 55 48 c7  59 85 cb 62 d6 e7 1d 05  |.U,..UH.Y..b....|
+00000290  1e 6d 69 84 cd 16 8e dd  ed 5b 5a 2f f2 97 b7 78  |.mi......[Z/...x|
+000002a0  93 c1 fb 75 26 c8 b5 58  43 17 c7 52 54 20 4f 7d  |...u&..XC..RT O}|
+000002b0  7c 46 89 65 fe 51 29 14  03 01 00 01 01 16 03 01  ||F.e.Q).........|
+000002c0  00 30 d9 59 e6 7e c0 a6  2a af 36 0c 2e cf 0f 42  |.0.Y.~..*.6....B|
+000002d0  54 d4 41 c6 3c f8 84 d9  2a a6 82 94 22 2d ac ae  |T.A.<...*..."-..|
+000002e0  d9 f7 68 22 f6 f0 2e 56  c1 97 80 73 0d b3 f0 70  |..h"...V...s...p|
+000002f0  49 78                                             |Ix|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 80 3e 0d 50 13  |..........0.>.P.|
-00000010  5f 00 ba 2e 47 46 5d 63  1b 72 a8 02 24 1c 3e 1f  |_...GF]c.r..$.>.|
-00000020  ed e2 3a 45 d7 7d 3a f2  33 97 c3 ab 13 9b 0e 4a  |..:E.}:.3......J|
-00000030  04 f0 08 48 ab d3 46 0b  40 7d 5c                 |...H..F.@}\|
+00000000  14 03 01 00 01 01 16 03  01 00 30 06 19 79 49 41  |..........0..yIA|
+00000010  f9 9c 75 84 73 95 96 bd  1e 25 56 a9 49 ed 8e 38  |..u.s....%V.I..8|
+00000020  34 40 60 dc f0 2d f3 6c  cf 5b 80 84 2b 81 db 5f  |4@`..-.l.[..+.._|
+00000030  f4 27 03 ad b8 8d 80 0c  99 69 6f                 |.'.......io|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 f7 32 e7  36 4f 77 2f 4a 05 fd 27  |.... .2.6Ow/J..'|
-00000010  19 57 52 f7 8a 0c 7f fb  14 78 b2 06 bf ca 86 73  |.WR......x.....s|
-00000020  32 13 33 04 91 17 03 01  00 20 7e e4 fe c5 6d f7  |2.3...... ~...m.|
-00000030  d4 69 30 57 89 a0 76 70  40 a7 b5 17 74 2f 5d 16  |.i0W..vp@...t/].|
-00000040  c1 19 30 73 f8 37 c4 10  5b b7 15 03 01 00 20 08  |..0s.7..[..... .|
-00000050  41 5e 0b 9f 36 23 bd 9a  09 f7 58 9d a3 d7 26 3a  |A^..6#....X...&:|
-00000060  f4 5e 6b bf 9c d4 6f 0c  d3 9e cd de cb 95 57     |.^k...o.......W|
+00000000  17 03 01 00 20 20 67 bd  ff 84 9b 0e 58 f3 45 1e  |....  g.....X.E.|
+00000010  7a 25 d5 ae f0 26 4b 42  c7 f3 a5 77 7b 2f 42 21  |z%...&KB...w{/B!|
+00000020  2e c6 c9 81 23 17 03 01  00 20 69 1c 2a b9 05 16  |....#.... i.*...|
+00000030  8b 71 3a c2 18 76 bd 25  1f de 83 e9 14 e2 a3 5c  |.q:..v.%.......\|
+00000040  9b 33 ee 14 39 da e2 e7  a3 a7 15 03 01 00 20 e9  |.3..9......... .|
+00000050  dc 16 0c 13 56 7a e5 fd  ce b9 4f d1 c7 20 3f ca  |....Vz....O.. ?.|
+00000060  72 20 15 f7 11 81 fe 88  ab 90 4c dc 0b a5 11     |r ........L....|