OpenSSL Ciphers

Doug Hardie bc979 at lafn.org
Sat Mar 7 23:14:51 UTC 2015 

> On 7 March 2015, at 08:49, dweimer <dweimer at dweimer.net> wrote:
> 
> On 03/07/2015 1:35 am, Doug Hardie wrote:
>>> On 6 March 2015, at 17:35, dweimer <dweimer at dweimer.net> wrote:
>>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com> wrote:
>>>>> Hi--
>>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>> The default list of ciphers is quite extensive and includes some that are apparently causing some potential security issues.  I have a number of applications that use OpenSSL and many don’t have the code to restrict the list.  Fixing all that would take quite a bit of work.  However, looking into /usr/include/openssl/ssl.h I find a definition for the SSL_DEFAULT_CIPHER_LIST.  The comments indicate that that list is the one used when the application doesn’t specify anything.  I changed its definition to:
>>>>>>> #define SSL_DEFAULT_CIPHER_LIST "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>>>> However, s_connect will still create a connection with the export ciphers.  I tried adding !EXPORT to that list and it had no effect.  Is the definition actually used by openssl or is it just there for documentation?
>>>>>> Not hearing anything on this, I suspect it’s not very well understood.  I have started updating the various servers/clients that use SSL/TLS.  The one that has me completely stumped is sendmail.  There is a web page which provides instructions "http://novosial.org/sendmail/cipherlist/index.html”.  However, when I follow them, I can still establish a connection and deliver mail using the export ciphers.
>>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>>> You can see which ciphers openssl will support via a statement like:
>>>>> % openssl ciphers -v 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>>>>> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>>>>> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>>>>> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>>>>> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>> ...and you can experiment with TLS negotiation results via something like:
>>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect www.google.com:443
>>>>> [ ... ]
>>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>>> Server public key is 2048 bit
>>>>> Secure Renegotiation IS supported
>>>>> Compression: NONE
>>>>> Expansion: NONE
>>>>> SSL-Session:
>>>>>  Protocol  : TLSv1
>>>>>  Cipher    : AES128-SHA
>>>>>  Session-ID: [ ... ]
>>>>> Sendmail normally performs crypto via STARTTLS negotiation rather than via SMTPS; there's a CipherList option which can be defined via sendmail.mc / sendmail.cf.  You might need to recompile sendmail with -D_FFR_TLS_1, which I think that novosial page mentions.
>>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>>> mentioned above.  The CipherList option doesn’t seem to work.  I can
>>>> connect and send mail with that in place using the EXPORT ciphers.
>>> Doug,
>>> I have this added to my /etc/mail/{HOSTNAME}.mc file.
>>> LOCAL_CONFIG
>>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>> Of course you can use other options, this has been there for a while in mine, carried over from some time a few versions back. Probably should get around to testing it to make sure it actually is still working. It doesn't take long to add it in and run a quick test.
>> As I replied earlier, I have done that.  I can still use:
>> openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT
> 
> Strange, it seems to be working on mine.
> 
> if I use the following, it connects:
> openssl s_client -connect 192.168.5.2:25 -starttls smtp
> CONNECTED(00000003)
> depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
> [snip]
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
> Server public key is 4096 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>    Protocol  : TLSv1.2
>    Cipher    : DHE-RSA-AES256-GCM-SHA384
> [snip]
> 
> 
> if I use the cipher option specify aNULL it fails:
> 
> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher aNULL
> CONNECTED(00000003)
> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 353 bytes and written 234 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE

Interesting.  That does seem to work for you.  I will have to do some more digging into the code.  For some reason it doesn’t work for me.  Thanks for that assistance.

More information about the freebsd-questions mailing list