From 1da8902d7186dcf2ac301f838a56ad33a9b7babb Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Tue, 13 Apr 2021 23:48:24 +0200
Subject: [PATCH] changes for 0.13.0, also deprecate ciphers and
 signature_algorithms

---
 CHANGES.md    | 24 +++++++++++++++++++++
 lib/config.ml | 59 +++++++++++++++++++++++++++------------------------
 2 files changed, 55 insertions(+), 28 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index cf4c0b37..50edfafe 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,27 @@
+## v0.13.0 (2021-04-14)
+
+* Remove static RSA and CBC ciphersuites from default configuration. The
+  default configuration now includes FFDHE and ECDHE key exchanges with RSA or
+  ECDSA/EdDSA certificates, and AEAD ciphers
+  (AES-GCM, AES-CCM, ChaCha20-Poly1305) (#429 by @hannesm)
+* Remove SHA1 from signature_algorithms in the default configuration
+  (#429 by @hannesm)
+* Support ECDSA and EdDSA certificates and private keys via x509 0.12.0 and
+  mirage-crypto-ec (#428 by @hannesm)
+  Breaking changes:
+  - the second part of type Tls.Config.certchain is now a X509.Private_key.t
+    (previously Mirage_crypto_pk.Rsa.priv)
+  - the type aliases X509_lwt.priv and X509_lwt.authenticator have been removed
+* Use mirage-crypto-ec instead of fiat-p256 and hacl_x25519 for elliptic curve
+  support - this adds P384 and P521 ECDH support (#428 by @hannesm)
+* Remove custom Monad implementation, use Result and Rresult instead
+  (#429 by @hannesm)
+* Remove Utils.Cs submodule, use Cstruct API instead (#429 by @hannesm)
+* Breaking: Tls.Engine.ret type is now a result instead of a custom variant type
+  (#429 by @hannesm)
+* Breaking: Tls_lwt.Unix.epoch results in (Tls.Core.epoch_data, unit) result -
+  it was a custom error type previously (#429 by @hannesm)
+
 ## v0.12.8 (2020-12-08)
 
 * Re-add ECPointFormats hello extension (both client and server) to avoid
diff --git a/lib/config.ml b/lib/config.ml
index f0fdda98..d3462f00 100644
--- a/lib/config.ml
+++ b/lib/config.ml
@@ -87,39 +87,39 @@ module Ciphers = struct
     `DHE_RSA_WITH_AES_256_CCM ;
     `DHE_RSA_WITH_AES_128_CCM ;
     `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ;
-    `DHE_RSA_WITH_AES_256_CBC_SHA256 ;
-    `DHE_RSA_WITH_AES_128_CBC_SHA256 ;
-    `DHE_RSA_WITH_AES_256_CBC_SHA ;
-    `DHE_RSA_WITH_AES_128_CBC_SHA ;
     `ECDHE_RSA_WITH_AES_128_GCM_SHA256 ;
     `ECDHE_RSA_WITH_AES_256_GCM_SHA384 ;
     `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ;
-    `ECDHE_RSA_WITH_AES_256_CBC_SHA384 ;
-    `ECDHE_RSA_WITH_AES_128_CBC_SHA256 ;
-    `ECDHE_RSA_WITH_AES_256_CBC_SHA ;
-    `ECDHE_RSA_WITH_AES_128_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_AES_128_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_AES_256_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ;
-    `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ;
     `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ;
     `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ;
     `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ;
-    `RSA_WITH_AES_256_GCM_SHA384 ;
-    `RSA_WITH_AES_128_GCM_SHA256 ;
-    `RSA_WITH_AES_256_CCM ;
-    `RSA_WITH_AES_128_CCM ;
-    `RSA_WITH_AES_256_CBC_SHA256 ;
-    `RSA_WITH_AES_128_CBC_SHA256 ;
-    `RSA_WITH_AES_256_CBC_SHA ;
-    `RSA_WITH_AES_128_CBC_SHA ;
     ]
 
   let supported = default @ [
-    `DHE_RSA_WITH_3DES_EDE_CBC_SHA ;
-    `RSA_WITH_3DES_EDE_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ;
-  ]
+      `DHE_RSA_WITH_AES_256_CBC_SHA256 ;
+      `DHE_RSA_WITH_AES_128_CBC_SHA256 ;
+      `DHE_RSA_WITH_AES_256_CBC_SHA ;
+      `DHE_RSA_WITH_AES_128_CBC_SHA ;
+      `ECDHE_RSA_WITH_AES_256_CBC_SHA384 ;
+      `ECDHE_RSA_WITH_AES_128_CBC_SHA256 ;
+      `ECDHE_RSA_WITH_AES_256_CBC_SHA ;
+      `ECDHE_RSA_WITH_AES_128_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_AES_128_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_AES_256_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ;
+      `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ;
+      `RSA_WITH_AES_256_CBC_SHA256 ;
+      `RSA_WITH_AES_128_CBC_SHA256 ;
+      `RSA_WITH_AES_256_CBC_SHA ;
+      `RSA_WITH_AES_128_CBC_SHA ;
+      `RSA_WITH_AES_256_GCM_SHA384 ;
+      `RSA_WITH_AES_128_GCM_SHA256 ;
+      `RSA_WITH_AES_256_CCM ;
+      `RSA_WITH_AES_128_CCM ;
+      `DHE_RSA_WITH_3DES_EDE_CBC_SHA ;
+      `RSA_WITH_3DES_EDE_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ;
+    ]
 
   (* as defined in https://httpwg.org/specs/rfc7540.html#BadCipherSuites *)
   let http2 = default13 @ [
@@ -152,12 +152,15 @@ let default_signature_algorithms =
     `RSA_PKCS1_SHA256 ;
     `RSA_PKCS1_SHA384 ;
     `RSA_PKCS1_SHA512 ;
-    `RSA_PKCS1_SHA224 ;
-    `ECDSA_SECP256R1_SHA1 ;
-    `RSA_PKCS1_SHA1 ]
+  ]
 
 let supported_signature_algorithms =
-  default_signature_algorithms @ [ `RSA_PKCS1_MD5 ]
+  default_signature_algorithms @ [
+    `RSA_PKCS1_SHA224 ;
+    `ECDSA_SECP256R1_SHA1 ;
+    `RSA_PKCS1_SHA1 ;
+    `RSA_PKCS1_MD5
+  ]
 
 let min_dh_size = 1024