From 899ef2b00a0c75ee10a50332ae566411e4bc2552 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Blin?=
<sebastien.blin@savoirfairelinux.com>
Date: Fri, 10 Jan 2020 11:34:08 -0500
Subject: [PATCH] gnutls: bump to 3.6.11
Avoid to negotiate FFDHE because this add a big delay on mobile devices (prefers
elliptic curve ciphers).
Change-Id: I10f4eb77e6dd8866b1b139fdbb8e3d2e41f44011
---
contrib/src/gnutls/SHA512SUMS | 3 +--
contrib/src/gnutls/rules.mak | 10 +---------
src/security/tls_session.cpp | 16 ++++++++++++++--
3 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/contrib/src/gnutls/SHA512SUMS b/contrib/src/gnutls/SHA512SUMS
index 3586dbcca4..a86cbcbc70 100644
--- a/contrib/src/gnutls/SHA512SUMS
+++ b/contrib/src/gnutls/SHA512SUMS
@@ -1,2 +1 @@
-ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz
-fe0481f9e4219e983b01b91e69ffd95819a4c0d0c09028509106d561967e9c5d900bc5e3a48140a34fa4467feda2a619085adf3fa8fdade96c8debf125e91ae8 gnutls-3.6.10.tar.xz
\ No newline at end of file
+dbf6766131496f66d712cf3a8f042e93eea057d843972c7cc0376c25b6f3802f51af4fe9b38fbb07e8194748a185055a2bd26c1fabd234d330b892466061462a gnutls-3.6.11.tar.xz
\ No newline at end of file
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 0b455ac4fa..29eefd5455 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -1,14 +1,6 @@
# GnuTLS
-ifdef HAVE_ANDROID
-GNUTLS_VERSION := 3.6.7
-else
-ifdef HAVE_IOS
-GNUTLS_VERSION := 3.6.7
-else
-GNUTLS_VERSION := 3.6.10
-endif
-endif
+GNUTLS_VERSION := 3.6.11
GNUTLS_URL := https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-$(GNUTLS_VERSION).tar.xz
diff --git a/src/security/tls_session.cpp b/src/security/tls_session.cpp
index 17fe4e68bb..d2fa9beea1 100644
--- a/src/security/tls_session.cpp
+++ b/src/security/tls_session.cpp
@@ -56,8 +56,20 @@ namespace jami { namespace tls {
static constexpr const char* DTLS_CERT_PRIORITY_STRING {"SECURE192:-VERS-TLS-ALL:+VERS-DTLS-ALL:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"};
static constexpr const char* DTLS_FULL_PRIORITY_STRING {"SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-VERS-TLS-ALL:+VERS-DTLS-ALL:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"};
-static constexpr const char* TLS_CERT_PRIORITY_STRING {"SECURE192:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"};
-static constexpr const char* TLS_FULL_PRIORITY_STRING {"SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"};
+// Note: -GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:
+// is added after gnutls 3.6.7, because some safety checks were introduced for FFDHE resulting in a performance drop for our usage (2/3s of delay)
+// This performance drop is visible on mobiles devices.
+
+// Benchmark result (on a computer)
+// $gnutls-cli --benchmark-tls-kx
+// (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) 20.48 transactions/sec
+// (avg. handshake time: 48.45 ms, sample variance: 0.68)
+// (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) 208.14 transactions/sec
+// (avg. handshake time: 4.01 ms, sample variance: 0.01)
+// (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) 240.93 transactions/sec
+// (avg. handshake time: 4.00 ms, sample variance: 0.00)
+static constexpr const char* TLS_CERT_PRIORITY_STRING {"SECURE192:-RSA:-GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"};
+static constexpr const char* TLS_FULL_PRIORITY_STRING {"SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-RSA:-GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"};
static constexpr uint32_t RX_MAX_SIZE {64*1024}; // 64k = max size of a UDP packet
static constexpr std::size_t INPUT_MAX_SIZE {1000}; // Maximum number of packets to store before dropping (pkt size = DTLS_MTU)
static constexpr ssize_t FLOOD_THRESHOLD {4*1024};
--
GitLab