OpenSSL Ciphers
dweimer
dweimer at dweimer.net
Sat Mar 7 01:41:39 UTC 2015
On 03/06/2015 6:36 pm, Doug Hardie wrote:
>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com> wrote:
>>
>> Hi--
>>
>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>> The default list of ciphers is quite extensive and includes some
>>>> that are apparently causing some potential security issues. I have
>>>> a number of applications that use OpenSSL and many don’t have the
>>>> code to restrict the list. Fixing all that would take quite a bit
>>>> of work. However, looking into /usr/include/openssl/ssl.h I find a
>>>> definition for the SSL_DEFAULT_CIPHER_LIST. The comments indicate
>>>> that that list is the one used when the application doesn’t specify
>>>> anything. I changed its definition to:
>>>>
>>>> #define SSL_DEFAULT_CIPHER_LIST
>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>
>>>> However, s_connect will still create a connection with the export
>>>> ciphers. I tried adding !EXPORT to that list and it had no effect.
>>>> Is the definition actually used by openssl or is it just there for
>>>> documentation?
>>>
>>> Not hearing anything on this, I suspect it’s not very well
>>> understood. I have started updating the various servers/clients that
>>> use SSL/TLS. The one that has me completely stumped is sendmail.
>>> There is a web page which provides instructions
>>> "http://novosial.org/sendmail/cipherlist/index.html”. However, when
>>> I follow them, I can still establish a connection and deliver mail
>>> using the export ciphers.
>>>
>>> Has anyone successfully restricted the sendmail ciphers?
>>
>> You can see which ciphers openssl will support via a statement like:
>>
>> % openssl ciphers -v
>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
>> Mac=SHA1
>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256)
>> Mac=SHA1
>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
>> Mac=SHA1
>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128)
>> Mac=SHA1
>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128)
>> Mac=SHA1
>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
>> Mac=SHA1
>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>> Mac=SHA1
>> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>> Mac=MD5
>> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128)
>> Mac=MD5
>>
>> ...and you can experiment with TLS negotiation results via something
>> like:
>>
>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect
>> www.google.com:443
>> [ ... ]
>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>> Server public key is 2048 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> SSL-Session:
>> Protocol : TLSv1
>> Cipher : AES128-SHA
>> Session-ID: [ ... ]
>>
>> Sendmail normally performs crypto via STARTTLS negotiation rather than
>> via SMTPS; there's a CipherList option which can be defined via
>> sendmail.mc / sendmail.cf. You might need to recompile sendmail with
>> -D_FFR_TLS_1, which I think that novosial page mentions.
>
> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
> mentioned above. The CipherList option doesn’t seem to work. I can
> connect and send mail with that in place using the EXPORT ciphers.
>
Doug,
I have this added to my /etc/mail/{HOSTNAME}.mc file.
LOCAL_CONFIG
O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Of course you can use other options, this has been there for a while in
mine, carried over from some time a few versions back. Probably should
get around to testing it to make sure it actually is still working. It
doesn't take long to add it in and run a quick test.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the freebsd-questions
mailing list