[PATCH] DTLS: Add ECDHE-RSA-AES256-SHA384 as a v1.2 cipher suite

Jason Gunthorpe jgg at ziepe.ca
Thu Jul 30 15:59:18 EDT 2020 

If GCM is not available on the VPN server this is a reasonable fallback.

Severs will not auto-fallback to older TLS if the X-DTLS12-CipherSuite is
sent, so the existing non-GCM modes with the old TLS do not negotiate.

Connects with this logging:

> X-DTLS12-CipherSuite: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256
..
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-CBC)-(SHA384).

Signed-off-by: Jason Gunthorpe <jgg at ziepe.ca>
---
 gnutls-dtls.c | 2 ++
 gnutls.c      | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

Not really so expert on openconnect, by my local IT has disabled GCM
on the concentrator for some highly questionable reasons, this gets
DTLS working again.

Thanks

diff --git a/gnutls-dtls.c b/gnutls-dtls.c
index c6c716e4e4aaa4..2bdd48f53d3988 100644
--- a/gnutls-dtls.c
+++ b/gnutls-dtls.c
@@ -81,6 +81,8 @@ struct {
 	  "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:+SIGN-ALL:%COMPAT", "3.2.7", 1 },
 	{ "AES256-GCM-SHA384", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD,
 	  "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:+SIGN-ALL:%COMPAT", "3.2.7", 1 },
+	{ "ECDHE-RSA-AES256-SHA384", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA384,
+	  "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-CBC:+SHA384:+ECDHE-RSA:+SIGN-ALL:%COMPAT", "3.2.7", 1 },
 	/* NB. We agreed that any new cipher suites probably shouldn't use
 	 * Cisco's session resume hack (which ties us to a specific version
 	 * of DTLS). Instead, we'll use GNUTLS_KX_PSK and let it negotiate
diff --git a/gnutls.c b/gnutls.c
index 53bf2a4361acb5..8b5a68aaa035d2 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -2207,7 +2207,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 		/* GnuTLS 3.5.19 and onward refuse to negotiate AES-CBC-HMAC-SHA256
 		 * by default but some Cisco servers can't do anything better, so
 		 * explicitly add '+SHA256' to allow it. Yay Cisco. */
-		default_prio = "NORMAL:-VERS-SSL3.0:+SHA256:%COMPAT";
+		default_prio = "NORMAL:-VERS-SSL3.0:+SHA256:+SHA384:%COMPAT";
 #endif
 
 		snprintf(vpninfo->ciphersuite_config, sizeof(vpninfo->ciphersuite_config), "%s%s%s",
-- 
2.27.0

More information about the openconnect-devel mailing list