Use default configured ciphers instead of maintaining our own cipher list

src/urllib3/contrib/_securetransport/bindings.py

@@ -482,36 +482,3 @@ class SecurityConst:
     errSecNoTrustSettings = -25263
     errSecItemNotFound = -25300
     errSecInvalidTrustSettings = -25262
-
-    # Cipher suites. We only pick the ones our default cipher string allows.
-    # Source: https://developer.apple.com/documentation/security/1550981-ssl_cipher_suite_values
-    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C
-    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B
-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F
-    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9
-    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8
-    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F
-    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028
-    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027
-    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033
-    TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D
-    TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C
-    TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D
-    TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C
-    TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
-    TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
-    TLS_AES_128_GCM_SHA256 = 0x1301
-    TLS_AES_256_GCM_SHA384 = 0x1302
-    TLS_AES_128_CCM_8_SHA256 = 0x1305
-    TLS_AES_128_CCM_SHA256 = 0x1304

src/urllib3/contrib/pyopenssl.py

@@ -73,6 +73,11 @@ class UnsupportedExtension(Exception):
 # SNI always works.
 HAS_SNI = True
 
+# Use system TLS ciphers on OpenSSL 1.1.1+
+USE_DEFAULT_SSLCONTEXT_CIPHERS = util.ssl_._is_ge_openssl_v1_1_1(
+    openssl_backend.openssl_version_text(), openssl_backend.openssl_version_number()
+)
+
 # Map from urllib3 to PyOpenSSL compatible parameter-values.
 _openssl_versions = {
     util.PROTOCOL_TLS: OpenSSL.SSL.SSLv23_METHOD,
@@ -102,6 +107,7 @@ class UnsupportedExtension(Exception):
 
 orig_util_HAS_SNI = util.HAS_SNI
 orig_util_SSLContext = util.ssl_.SSLContext
+orig_util_USE_SYSTEM_SSL_CIPHERS = util.ssl_.USE_DEFAULT_SSLCONTEXT_CIPHERS
 
 
 log = logging.getLogger(__name__)
@@ -118,6 +124,7 @@ def inject_into_urllib3():
     util.ssl_.HAS_SNI = HAS_SNI
     util.IS_PYOPENSSL = True
     util.ssl_.IS_PYOPENSSL = True
+    util.ssl_.USE_DEFAULT_SSLCONTEXT_CIPHERS = USE_DEFAULT_SSLCONTEXT_CIPHERS
 
 
 def extract_from_urllib3():
@@ -129,6 +136,7 @@ def extract_from_urllib3():
     util.ssl_.HAS_SNI = orig_util_HAS_SNI
     util.IS_PYOPENSSL = False
     util.ssl_.IS_PYOPENSSL = False
+    util.ssl_.USE_DEFAULT_SSLCONTEXT_CIPHERS = orig_util_USE_SYSTEM_SSL_CIPHERS
 
 
 def _validate_dependencies_met():

src/urllib3/contrib/securetransport.py

@@ -82,6 +82,7 @@
 
 orig_util_HAS_SNI = util.HAS_SNI
 orig_util_SSLContext = util.ssl_.SSLContext
+orig_util_USE_SYSTEM_SSL_CIPHERS = util.ssl_.USE_DEFAULT_SSLCONTEXT_CIPHERS
 
 # This dictionary is used by the read callback to obtain a handle to the
 # calling wrapped socket. This is a pretty silly approach, but for now it'll
@@ -106,42 +107,6 @@
 # for no better reason than we need *a* limit, and this one is right there.
 SSL_WRITE_BLOCKSIZE = 16384
 
-# This is our equivalent of util.ssl_.DEFAULT_CIPHERS, but expanded out to
-# individual cipher suites. We need to do this because this is how
-# SecureTransport wants them.
-CIPHER_SUITES = [
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    SecurityConst.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-    SecurityConst.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-    SecurityConst.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-    SecurityConst.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-    SecurityConst.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    SecurityConst.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-    SecurityConst.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-    SecurityConst.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    SecurityConst.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    SecurityConst.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    SecurityConst.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-    SecurityConst.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-    SecurityConst.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-    SecurityConst.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-    SecurityConst.TLS_AES_256_GCM_SHA384,
-    SecurityConst.TLS_AES_128_GCM_SHA256,
-    SecurityConst.TLS_RSA_WITH_AES_256_GCM_SHA384,
-    SecurityConst.TLS_RSA_WITH_AES_128_GCM_SHA256,
-    SecurityConst.TLS_AES_128_CCM_8_SHA256,
-    SecurityConst.TLS_AES_128_CCM_SHA256,
-    SecurityConst.TLS_RSA_WITH_AES_256_CBC_SHA256,
-    SecurityConst.TLS_RSA_WITH_AES_128_CBC_SHA256,
-    SecurityConst.TLS_RSA_WITH_AES_256_CBC_SHA,
-    SecurityConst.TLS_RSA_WITH_AES_128_CBC_SHA,
-]
-
 # Basically this is simple: for PROTOCOL_SSLv23 we turn it into a low of
 # TLSv1 and a high of TLSv1.2. For everything else, we pin to that version.
 # TLSv1 to 1.2 are supported on macOS 10.8+
@@ -186,6 +151,7 @@ def inject_into_urllib3():
     util.ssl_.HAS_SNI = HAS_SNI
     util.IS_SECURETRANSPORT = True
     util.ssl_.IS_SECURETRANSPORT = True
+    util.ssl_.USE_DEFAULT_SSLCONTEXT_CIPHERS = True
 
 
 def extract_from_urllib3():
@@ -198,6 +164,7 @@ def extract_from_urllib3():
     util.ssl_.HAS_SNI = orig_util_HAS_SNI
     util.IS_SECURETRANSPORT = False
     util.ssl_.IS_SECURETRANSPORT = False
+    util.ssl_.USE_DEFAULT_SSLCONTEXT_CIPHERS = orig_util_USE_SYSTEM_SSL_CIPHERS
 
 
 def _read_callback(connection_id, data_buffer, data_length_pointer):
@@ -357,19 +324,6 @@ def _raise_on_error(self):
             self.close()
             raise exception
 
-    def _set_ciphers(self):
-        """
-        Sets up the allowed ciphers. By default this matches the set in
-        util.ssl_.DEFAULT_CIPHERS, at least as supported by macOS. This is done
-        custom and doesn't allow changing at this time, mostly because parsing
-        OpenSSL cipher strings is going to be a freaking nightmare.
-        """
-        ciphers = (Security.SSLCipherSuite * len(CIPHER_SUITES))(*CIPHER_SUITES)
-        result = Security.SSLSetEnabledCiphers(
-            self.context, ciphers, len(CIPHER_SUITES)
-        )
-        _assert_no_error(result)
-
     def _set_alpn_protocols(self, protocols):
         """
         Sets up the ALPN protocols on the context.
@@ -506,9 +460,6 @@ def handshake(
             )
             _assert_no_error(result)
 
-        # Setup the ciphers.
-        self._set_ciphers()
-
         # Setup the ALPN protocols.
         self._set_alpn_protocols(alpn_protocols)
 
@@ -824,9 +775,7 @@ def load_default_certs(self):
         return self.set_default_verify_paths()
 
     def set_ciphers(self, ciphers):
-        # For now, we just require the default cipher string.
-        if ciphers != util.ssl_.DEFAULT_CIPHERS:
-            raise ValueError("SecureTransport doesn't support custom cipher strings")
+        raise ValueError("SecureTransport doesn't support custom cipher strings")
 
     def load_verify_locations(self, cafile=None, capath=None, cadata=None):
         # OK, we only really support cadata and cafile.

src/urllib3/util/ssl_.py

@@ -14,24 +14,43 @@
 IS_PYOPENSSL = False
 IS_SECURETRANSPORT = False
 ALPN_PROTOCOLS = ["http/1.1"]
+USE_DEFAULT_SSLCONTEXT_CIPHERS = False
 
 # Maps the length of a digest to a possible hash function producing this digest
 HASHFUNC_MAP = {32: md5, 40: sha1, 64: sha256}
 
 
+def _is_ge_openssl_v1_1_1(
+    openssl_version_text: str, openssl_version_number: int
+) -> bool:
+    """Returns True for OpenSSL 1.1.1+ (>=0x10101000)
+    LibreSSL reports a version number of 0x20000000 for
+    OpenSSL version number so we need to filter out LibreSSL.
+    """
+    return (
+        not openssl_version_text.startswith("LibreSSL")
+        and openssl_version_number >= 0x10101000
+    )
+
+
 try:  # Do we have ssl at all?
     import ssl
     from ssl import (
         CERT_REQUIRED,
         HAS_SNI,
         OP_NO_COMPRESSION,
         OP_NO_TICKET,
+        OPENSSL_VERSION,
+        OPENSSL_VERSION_NUMBER,
         PROTOCOL_TLS,
         OP_NO_SSLv2,
         OP_NO_SSLv3,
         SSLContext,
     )
 
+    USE_DEFAULT_SSLCONTEXT_CIPHERS = _is_ge_openssl_v1_1_1(
+        OPENSSL_VERSION, OPENSSL_VERSION_NUMBER
+    )
     PROTOCOL_SSLv23 = PROTOCOL_TLS
     from .ssltransport import SSLTransport
 except ImportError:
@@ -75,6 +94,7 @@
         "!eNULL",
         "!MD5",
         "!DSS",
+        "!AESCCM",
     ]
 )
 
@@ -176,14 +196,18 @@ def create_urllib3_context(
         Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``,
         ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``.
     :param ciphers:
-        Which cipher suites to allow the server to select.
+        Which cipher suites to allow the server to select. Defaults to either system configured
+        ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers.
     :returns:
         Constructed SSLContext object with specified options
     :rtype: SSLContext
     """
     context = SSLContext(ssl_version or PROTOCOL_TLS)
 
-    context.set_ciphers(ciphers or DEFAULT_CIPHERS)
+    # Unless we're given ciphers defer to either system ciphers in
+    # the case of OpenSSL 1.1.1+ or use our own secure default ciphers.
+    if ciphers is not None or not USE_DEFAULT_SSLCONTEXT_CIPHERS:
+        context.set_ciphers(ciphers or DEFAULT_CIPHERS)
 
     # Setting the default here, as we may have no ssl module on import
     cert_reqs = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs

test/contrib/test_pyopenssl.py

@@ -30,6 +30,7 @@ def teardown_module():
         pass
 
 
+from ..test_ssl import TestSSL  # noqa: E402, F401
 from ..test_util import TestUtilSSL  # noqa: E402, F401
 from ..with_dummyserver.test_https import (  # noqa: E402, F401
     TestHTTPS,
@@ -46,7 +47,9 @@ def teardown_module():
     TestClientCerts,
     TestSNI,
     TestSocketClosing,
-    TestSSL,
+)
+from ..with_dummyserver.test_socketlevel import (  # noqa: E402, F401
+    TestSSL as TestSocketSSL,
 )