OpenSSL Ciphers

Doug Hardie bc979 at lafn.org
Sun Mar 8 01:33:32 UTC 2015 

> On 7 March 2015, at 15:13, Doug Hardie <bc979 at lafn.org> wrote:
> 
> 
>> On 7 March 2015, at 08:49, dweimer <dweimer at dweimer.net> wrote:
>> 
>> On 03/07/2015 1:35 am, Doug Hardie wrote:
>>>> On 6 March 2015, at 17:35, dweimer <dweimer at dweimer.net> wrote:
>>>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com> wrote:
>>>>>> Hi--
>>>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>> The default list of ciphers is quite extensive and includes some that are apparently causing some potential security issues.  I have a number of applications that use OpenSSL and many don’t have the code to restrict the list.  Fixing all that would take quite a bit of work.  However, looking into /usr/include/openssl/ssl.h I find a definition for the SSL_DEFAULT_CIPHER_LIST.  The comments indicate that that list is the one used when the application doesn’t specify anything.  I changed its definition to:
>>>>>>>> #define SSL_DEFAULT_CIPHER_LIST "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>>>>> However, s_connect will still create a connection with the export ciphers.  I tried adding !EXPORT to that list and it had no effect.  Is the definition actually used by openssl or is it just there for documentation?
>>>>>>> Not hearing anything on this, I suspect it’s not very well understood.  I have started updating the various servers/clients that use SSL/TLS.  The one that has me completely stumped is sendmail.  There is a web page which provides instructions "http://novosial.org/sendmail/cipherlist/index.html”.  However, when I follow them, I can still establish a connection and deliver mail using the export ciphers.
>>>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>>>> You can see which ciphers openssl will support via a statement like:
>>>>>> % openssl ciphers -v 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>>>>>> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>>> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>>>>>> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>>> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>>> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>>>>>> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>>> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>>>>>> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>>> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>>> ...and you can experiment with TLS negotiation results via something like:
>>>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect www.google.com:443
>>>>>> [ ... ]
>>>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>>>> Server public key is 2048 bit
>>>>>> Secure Renegotiation IS supported
>>>>>> Compression: NONE
>>>>>> Expansion: NONE
>>>>>> SSL-Session:
>>>>>> Protocol  : TLSv1
>>>>>> Cipher    : AES128-SHA
>>>>>> Session-ID: [ ... ]
>>>>>> Sendmail normally performs crypto via STARTTLS negotiation rather than via SMTPS; there's a CipherList option which can be defined via sendmail.mc / sendmail.cf.  You might need to recompile sendmail with -D_FFR_TLS_1, which I think that novosial page mentions.
>>>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>>>> mentioned above.  The CipherList option doesn’t seem to work.  I can
>>>>> connect and send mail with that in place using the EXPORT ciphers.
>>>> Doug,
>>>> I have this added to my /etc/mail/{HOSTNAME}.mc file.
>>>> LOCAL_CONFIG
>>>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>>> Of course you can use other options, this has been there for a while in mine, carried over from some time a few versions back. Probably should get around to testing it to make sure it actually is still working. It doesn't take long to add it in and run a quick test.
>>> As I replied earlier, I have done that.  I can still use:
>>> openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT
>> 
>> Strange, it seems to be working on mine.
>> 
>> if I use the following, it connects:
>> openssl s_client -connect 192.168.5.2:25 -starttls smtp
>> CONNECTED(00000003)
>> depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
>> [snip]
>> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
>> Server public key is 4096 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> SSL-Session:
>>   Protocol  : TLSv1.2
>>   Cipher    : DHE-RSA-AES256-GCM-SHA384
>> [snip]
>> 
>> 
>> if I use the cipher option specify aNULL it fails:
>> 
>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher aNULL
>> CONNECTED(00000003)
>> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 353 bytes and written 234 bytes
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
> 
> Interesting.  That does seem to work for you.  I will have to do some more digging into the code.  For some reason it doesn’t work for me.  Thanks for that assistance.  

After more testing, I think you need to try:

openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP

I suspect it will give:
New, TLSv1/SSLv3, Cipher is EXP-DES-CBC-SHA


That is the export cipher which is the problem.

More information about the freebsd-questions mailing list