Fix strong TLS 1.2-1.3 cipher suites for GnuTLS

x448 · web-flow · commit 932d852e1e7a · 2020-04-19T19:12:07.000-05:00
GnuTLS priority order (cipher suites) specifies:

TLS_AES_128_GCM_SHA256                 0x13, 0x01    TLS1.3
TLS_CHACHA20_POLY1305_SHA256           0x13, 0x03    TLS1.3
TLS_AES_256_GCM_SHA384                 0x13, 0x02    TLS1.3
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256     0xc0, 0x2b    TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305      0xcc, 0xa9    TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384     0xc0, 0x2c    TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256       0xc0, 0x2f    TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305        0xcc, 0xa8    TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384       0xc0, 0x30    TLS1.2

The sequence is slightly different from OpenSSL but it's acceptable
since the main goal was to disable weak cipher suites and have
TLS 1.3 listed before TLS 1.2.
diff --git a/rustup-init.sh b/rustup-init.sh
@@ -529,13 +529,17 @@ get_ciphersuites_for_wget() {
 
 # Return strong TLS 1.2-1.3 cipher suites in OpenSSL or GnuTLS syntax. TLS 1.2 
 # excludes non-ECDHE and non-AEAD cipher suites. DHE is excluded due to bad 
-# DH params often found on servers (see RFC 7919). Sequence matches Firefox 68 ESR
-# with weak cipher suites disabled via about:config.  $1 must be openssl or gnutls.
+# DH params often found on servers (see RFC 7919). Sequence matches or is
+# similar to Firefox 68 ESR with weak cipher suites disabled via about:config.  
+# $1 must be openssl or gnutls.
 get_strong_ciphersuites_for() {
     if [ "$1" = "openssl" ]; then
+        # OpenSSL is forgiving of unknown values, no problems with TLS 1.3 values on versions that don't support it yet.
         echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
     elif [ "$1" = "gnutls" ]; then
-        echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_CHACHA20_POLY1305:TLS_ECDHE_RSA_CHACHA20_POLY1305:TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:TLS_ECDHE_RSA_AES_256_GCM_SHA384"
+        # GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't
+        # Begin with SECURE128 (and higher) then remove/add to build cipher suites. Produces same 9 cipher suites as OpenSSL but in slightly different order.
+        echo "SECURE128:-VERS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
     fi 
 }
 
