OpenSSL Ciphers
dweimer
dweimer at dweimer.net
Sat Mar 7 16:49:15 UTC 2015
On 03/07/2015 1:35 am, Doug Hardie wrote:
>> On 6 March 2015, at 17:35, dweimer <dweimer at dweimer.net> wrote:
>>
>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com> wrote:
>>>> Hi--
>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>> The default list of ciphers is quite extensive and includes some
>>>>>> that are apparently causing some potential security issues. I
>>>>>> have a number of applications that use OpenSSL and many don’t have
>>>>>> the code to restrict the list. Fixing all that would take quite a
>>>>>> bit of work. However, looking into /usr/include/openssl/ssl.h I
>>>>>> find a definition for the SSL_DEFAULT_CIPHER_LIST. The comments
>>>>>> indicate that that list is the one used when the application
>>>>>> doesn’t specify anything. I changed its definition to:
>>>>>> #define SSL_DEFAULT_CIPHER_LIST
>>>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>>> However, s_connect will still create a connection with the export
>>>>>> ciphers. I tried adding !EXPORT to that list and it had no
>>>>>> effect. Is the definition actually used by openssl or is it just
>>>>>> there for documentation?
>>>>> Not hearing anything on this, I suspect it’s not very well
>>>>> understood. I have started updating the various servers/clients
>>>>> that use SSL/TLS. The one that has me completely stumped is
>>>>> sendmail. There is a web page which provides instructions
>>>>> "http://novosial.org/sendmail/cipherlist/index.html”. However,
>>>>> when I follow them, I can still establish a connection and deliver
>>>>> mail using the export ciphers.
>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>> You can see which ciphers openssl will support via a statement like:
>>>> % openssl ciphers -v
>>>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
>>>> Mac=SHA1
>>>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256)
>>>> Mac=SHA1
>>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
>>>> Mac=SHA1
>>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128)
>>>> Mac=SHA1
>>>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128)
>>>> Mac=SHA1
>>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
>>>> Mac=SHA1
>>>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>>> Mac=SHA1
>>>> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>>> Mac=MD5
>>>> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128)
>>>> Mac=MD5
>>>> ...and you can experiment with TLS negotiation results via something
>>>> like:
>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect
>>>> www.google.com:443
>>>> [ ... ]
>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>> Server public key is 2048 bit
>>>> Secure Renegotiation IS supported
>>>> Compression: NONE
>>>> Expansion: NONE
>>>> SSL-Session:
>>>> Protocol : TLSv1
>>>> Cipher : AES128-SHA
>>>> Session-ID: [ ... ]
>>>> Sendmail normally performs crypto via STARTTLS negotiation rather
>>>> than via SMTPS; there's a CipherList option which can be defined via
>>>> sendmail.mc / sendmail.cf. You might need to recompile sendmail
>>>> with -D_FFR_TLS_1, which I think that novosial page mentions.
>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>> mentioned above. The CipherList option doesn’t seem to work. I can
>>> connect and send mail with that in place using the EXPORT ciphers.
>>
>> Doug,
>> I have this added to my /etc/mail/{HOSTNAME}.mc file.
>>
>> LOCAL_CONFIG
>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>
>> Of course you can use other options, this has been there for a while
>> in mine, carried over from some time a few versions back. Probably
>> should get around to testing it to make sure it actually is still
>> working. It doesn't take long to add it in and run a quick test.
>
>
> As I replied earlier, I have done that. I can still use:
>
> openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT
>
Strange, it seems to be working on mine.
if I use the following, it connects:
openssl s_client -connect 192.168.5.2:25 -starttls smtp
CONNECTED(00000003)
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.",
OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure
Certificate Authority - G2
[snip]
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
[snip]
if I use the cipher option specify aNULL it fails:
openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher aNULL
CONNECTED(00000003)
34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake
failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 353 bytes and written 234 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the freebsd-questions
mailing list