OpenSSL Ciphers

Charles Swiger cswiger at mac.com
Sat Mar 7 00:28:24 UTC 2015 

Hi--

> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>> The default list of ciphers is quite extensive and includes some that are apparently causing some potential security issues.  I have a number of applications that use OpenSSL and many don’t have the code to restrict the list.  Fixing all that would take quite a bit of work.  However, looking into /usr/include/openssl/ssl.h I find a definition for the SSL_DEFAULT_CIPHER_LIST.  The comments indicate that that list is the one used when the application doesn’t specify anything.  I changed its definition to:
>> 
>> #define SSL_DEFAULT_CIPHER_LIST "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>> 
>> However, s_connect will still create a connection with the export ciphers.  I tried adding !EXPORT to that list and it had no effect.  Is the definition actually used by openssl or is it just there for documentation?
> 
> Not hearing anything on this, I suspect it’s not very well understood.  I have started updating the various servers/clients that use SSL/TLS.  The one that has me completely stumped is sendmail.  There is a web page which provides instructions "http://novosial.org/sendmail/cipherlist/index.html”.  However, when I follow them, I can still establish a connection and deliver mail using the export ciphers.  
> 
> Has anyone successfully restricted the sendmail ciphers?

You can see which ciphers openssl will support via a statement like:

% openssl ciphers -v 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 

...and you can experiment with TLS negotiation results via something like:

% openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect www.google.com:443
[ ... ]
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: [ ... ]

Sendmail normally performs crypto via STARTTLS negotiation rather than via SMTPS; there's a CipherList option which can be defined via sendmail.mc / sendmail.cf.  You might need to recompile sendmail with -D_FFR_TLS_1, which I think that novosial page mentions.

Regards,
-- 
-Chuck

More information about the freebsd-questions mailing list