OpenSSL Ciphers
dweimer
dweimer at dweimer.net
Sun Mar 8 02:58:10 UTC 2015
On 03/07/2015 7:32 pm, Doug Hardie wrote:
>> On 7 March 2015, at 15:13, Doug Hardie <bc979 at lafn.org> wrote:
>>
>>
>>> On 7 March 2015, at 08:49, dweimer <dweimer at dweimer.net> wrote:
>>>
>>> On 03/07/2015 1:35 am, Doug Hardie wrote:
>>>>> On 6 March 2015, at 17:35, dweimer <dweimer at dweimer.net> wrote:
>>>>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com>
>>>>>>> wrote:
>>>>>>> Hi--
>>>>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>>> The default list of ciphers is quite extensive and includes
>>>>>>>>> some that are apparently causing some potential security
>>>>>>>>> issues. I have a number of applications that use OpenSSL and
>>>>>>>>> many don’t have the code to restrict the list. Fixing all that
>>>>>>>>> would take quite a bit of work. However, looking into
>>>>>>>>> /usr/include/openssl/ssl.h I find a definition for the
>>>>>>>>> SSL_DEFAULT_CIPHER_LIST. The comments indicate that that list
>>>>>>>>> is the one used when the application doesn’t specify anything.
>>>>>>>>> I changed its definition to:
>>>>>>>>> #define SSL_DEFAULT_CIPHER_LIST
>>>>>>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>>>>>> However, s_connect will still create a connection with the
>>>>>>>>> export ciphers. I tried adding !EXPORT to that list and it had
>>>>>>>>> no effect. Is the definition actually used by openssl or is it
>>>>>>>>> just there for documentation?
>>>>>>>> Not hearing anything on this, I suspect it’s not very well
>>>>>>>> understood. I have started updating the various servers/clients
>>>>>>>> that use SSL/TLS. The one that has me completely stumped is
>>>>>>>> sendmail. There is a web page which provides instructions
>>>>>>>> "http://novosial.org/sendmail/cipherlist/index.html”. However,
>>>>>>>> when I follow them, I can still establish a connection and
>>>>>>>> deliver mail using the export ciphers.
>>>>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>>>>> You can see which ciphers openssl will support via a statement
>>>>>>> like:
>>>>>>> % openssl ciphers -v
>>>>>>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>>>>>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
>>>>>>> Mac=SHA1
>>>>>>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256)
>>>>>>> Mac=SHA1
>>>>>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
>>>>>>> Mac=SHA1
>>>>>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128)
>>>>>>> Mac=SHA1
>>>>>>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128)
>>>>>>> Mac=SHA1
>>>>>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
>>>>>>> Mac=SHA1
>>>>>>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>>>>>> Mac=SHA1
>>>>>>> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>>>>>> Mac=MD5
>>>>>>> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128)
>>>>>>> Mac=MD5
>>>>>>> ...and you can experiment with TLS negotiation results via
>>>>>>> something like:
>>>>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect
>>>>>>> www.google.com:443
>>>>>>> [ ... ]
>>>>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>>>>> Server public key is 2048 bit
>>>>>>> Secure Renegotiation IS supported
>>>>>>> Compression: NONE
>>>>>>> Expansion: NONE
>>>>>>> SSL-Session:
>>>>>>> Protocol : TLSv1
>>>>>>> Cipher : AES128-SHA
>>>>>>> Session-ID: [ ... ]
>>>>>>> Sendmail normally performs crypto via STARTTLS negotiation rather
>>>>>>> than via SMTPS; there's a CipherList option which can be defined
>>>>>>> via sendmail.mc / sendmail.cf. You might need to recompile
>>>>>>> sendmail with -D_FFR_TLS_1, which I think that novosial page
>>>>>>> mentions.
>>>>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>>>>> mentioned above. The CipherList option doesn’t seem to work. I
>>>>>> can
>>>>>> connect and send mail with that in place using the EXPORT ciphers.
>>>>> Doug,
>>>>> I have this added to my /etc/mail/{HOSTNAME}.mc file.
>>>>> LOCAL_CONFIG
>>>>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>>>> Of course you can use other options, this has been there for a
>>>>> while in mine, carried over from some time a few versions back.
>>>>> Probably should get around to testing it to make sure it actually
>>>>> is still working. It doesn't take long to add it in and run a quick
>>>>> test.
>>>> As I replied earlier, I have done that. I can still use:
>>>> openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT
>>>
>>> Strange, it seems to be working on mine.
>>>
>>> if I use the following, it connects:
>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp
>>> CONNECTED(00000003)
>>> depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com,
>>> Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy
>>> Secure Certificate Authority - G2
>>> [snip]
>>> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
>>> Server public key is 4096 bit
>>> Secure Renegotiation IS supported
>>> Compression: NONE
>>> Expansion: NONE
>>> SSL-Session:
>>> Protocol : TLSv1.2
>>> Cipher : DHE-RSA-AES256-GCM-SHA384
>>> [snip]
>>>
>>>
>>> if I use the cipher option specify aNULL it fails:
>>>
>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher aNULL
>>> CONNECTED(00000003)
>>> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
>>> alert handshake
>>> failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
>>> ---
>>> no peer certificate available
>>> ---
>>> No client certificate CA names sent
>>> ---
>>> SSL handshake has read 353 bytes and written 234 bytes
>>> ---
>>> New, (NONE), Cipher is (NONE)
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>
>> Interesting. That does seem to work for you. I will have to do some
>> more digging into the code. For some reason it doesn’t work for me.
>> Thanks for that assistance.
>
> After more testing, I think you need to try:
>
> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP
>
> I suspect it will give:
> New, TLSv1/SSLv3, Cipher is EXP-DES-CBC-SHA
>
>
> That is the export cipher which is the problem.
openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP
CONNECTED(00000003)
34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake
failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 353 bytes and written 108 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I did nothing special with the build, just put this in the configuration
for sendmail .mc file
In my case the local hostname of the jail I am running sendmail in is
webmail.dweimer.local
So /etc/mail/webmail.dweimer.local.mc
dnl Cert Options
define(`confCACERT_PATH', `/common/GoDaddy.Cert/')dnl
define(`confCACERT', `/common/GoDaddy.Cert/gd_bundle_g2_g1.pem')dnl
define(`confSERVER_CERT', `/common/GoDaddy.Cert/dweimer.net.pem')dnl
define(`confSERVER_KEY', `/common/GoDaddy.Cert/dweimer.net.key.pem')dnl
dnl DAEMON_OPTIONS
dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
LOCAL_CONFIG
O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
define(`confDOMAIN_NAME', `webmail.dweimer.net')dnl
then from within /etc/mail
run:
make && make install && make restart
Then the test should run fine.
I guess I do have this in my make.conf
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
However I believe this was put in there when adding the SMTP
Authentication support, and isn't required for the SSL part.
This cipher list was pulled from an old Apache recommendation probably
should update it, but this is just a server I use for my personal email
and testing things.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the freebsd-questions
mailing list