OpenSSL Ciphers

dweimer dweimer at dweimer.net
Sun Mar 8 03:16:26 UTC 2015 

On 03/07/2015 8:58 pm, dweimer wrote:
> On 03/07/2015 7:32 pm, Doug Hardie wrote:
>>> On 7 March 2015, at 15:13, Doug Hardie <bc979 at lafn.org> wrote:
>>> 
>>> 
>>>> On 7 March 2015, at 08:49, dweimer <dweimer at dweimer.net> wrote:
>>>> 
>>>> On 03/07/2015 1:35 am, Doug Hardie wrote:
>>>>>> On 6 March 2015, at 17:35, dweimer <dweimer at dweimer.net> wrote:
>>>>>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>>>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com> 
>>>>>>>> wrote:
>>>>>>>> Hi--
>>>>>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>>>> The default list of ciphers is quite extensive and includes 
>>>>>>>>>> some that are apparently causing some potential security 
>>>>>>>>>> issues.  I have a number of applications that use OpenSSL and 
>>>>>>>>>> many don’t have the code to restrict the list.  Fixing all 
>>>>>>>>>> that would take quite a bit of work.  However, looking into 
>>>>>>>>>> /usr/include/openssl/ssl.h I find a definition for the 
>>>>>>>>>> SSL_DEFAULT_CIPHER_LIST.  The comments indicate that that list 
>>>>>>>>>> is the one used when the application doesn’t specify anything. 
>>>>>>>>>>  I changed its definition to:
>>>>>>>>>> #define SSL_DEFAULT_CIPHER_LIST 
>>>>>>>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>>>>>>> However, s_connect will still create a connection with the 
>>>>>>>>>> export ciphers.  I tried adding !EXPORT to that list and it 
>>>>>>>>>> had no effect.  Is the definition actually used by openssl or 
>>>>>>>>>> is it just there for documentation?
>>>>>>>>> Not hearing anything on this, I suspect it’s not very well 
>>>>>>>>> understood.  I have started updating the various 
>>>>>>>>> servers/clients that use SSL/TLS.  The one that has me 
>>>>>>>>> completely stumped is sendmail.  There is a web page which 
>>>>>>>>> provides instructions 
>>>>>>>>> "http://novosial.org/sendmail/cipherlist/index.html”.  However, 
>>>>>>>>> when I follow them, I can still establish a connection and 
>>>>>>>>> deliver mail using the export ciphers.
>>>>>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>>>>>> You can see which ciphers openssl will support via a statement 
>>>>>>>> like:
>>>>>>>> % openssl ciphers -v 
>>>>>>>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>>>>>>>> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  
>>>>>>>> Mac=SHA1
>>>>>>>> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  
>>>>>>>> Mac=SHA1
>>>>>>>> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  
>>>>>>>> Mac=SHA1
>>>>>>>> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  
>>>>>>>> Mac=SHA1
>>>>>>>> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  
>>>>>>>> Mac=SHA1
>>>>>>>> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  
>>>>>>>> Mac=SHA1
>>>>>>>> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  
>>>>>>>> Mac=SHA1
>>>>>>>> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  
>>>>>>>> Mac=MD5
>>>>>>>> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  
>>>>>>>> Mac=MD5
>>>>>>>> ...and you can experiment with TLS negotiation results via 
>>>>>>>> something like:
>>>>>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect 
>>>>>>>> www.google.com:443
>>>>>>>> [ ... ]
>>>>>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>>>>>> Server public key is 2048 bit
>>>>>>>> Secure Renegotiation IS supported
>>>>>>>> Compression: NONE
>>>>>>>> Expansion: NONE
>>>>>>>> SSL-Session:
>>>>>>>> Protocol  : TLSv1
>>>>>>>> Cipher    : AES128-SHA
>>>>>>>> Session-ID: [ ... ]
>>>>>>>> Sendmail normally performs crypto via STARTTLS negotiation 
>>>>>>>> rather than via SMTPS; there's a CipherList option which can be 
>>>>>>>> defined via sendmail.mc / sendmail.cf.  You might need to 
>>>>>>>> recompile sendmail with -D_FFR_TLS_1, which I think that 
>>>>>>>> novosial page mentions.
>>>>>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>>>>>> mentioned above.  The CipherList option doesn’t seem to work.  I 
>>>>>>> can
>>>>>>> connect and send mail with that in place using the EXPORT 
>>>>>>> ciphers.
>>>>>> Doug,
>>>>>> I have this added to my /etc/mail/{HOSTNAME}.mc file.
>>>>>> LOCAL_CONFIG
>>>>>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>>>>> Of course you can use other options, this has been there for a 
>>>>>> while in mine, carried over from some time a few versions back. 
>>>>>> Probably should get around to testing it to make sure it actually 
>>>>>> is still working. It doesn't take long to add it in and run a 
>>>>>> quick test.
>>>>> As I replied earlier, I have done that.  I can still use:
>>>>> openssl s_client -connect localhost:25 -starttls smtp -cipher 
>>>>> EXPORT
>>>> 
>>>> Strange, it seems to be working on mine.
>>>> 
>>>> if I use the following, it connects:
>>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp
>>>> CONNECTED(00000003)
>>>> depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, 
>>>> Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy 
>>>> Secure Certificate Authority - G2
>>>> [snip]
>>>> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
>>>> Server public key is 4096 bit
>>>> Secure Renegotiation IS supported
>>>> Compression: NONE
>>>> Expansion: NONE
>>>> SSL-Session:
>>>>   Protocol  : TLSv1.2
>>>>   Cipher    : DHE-RSA-AES256-GCM-SHA384
>>>> [snip]
>>>> 
>>>> 
>>>> if I use the cipher option specify aNULL it fails:
>>>> 
>>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher 
>>>> aNULL
>>>> CONNECTED(00000003)
>>>> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 
>>>> alert handshake 
>>>> failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
>>>> ---
>>>> no peer certificate available
>>>> ---
>>>> No client certificate CA names sent
>>>> ---
>>>> SSL handshake has read 353 bytes and written 234 bytes
>>>> ---
>>>> New, (NONE), Cipher is (NONE)
>>>> Secure Renegotiation IS NOT supported
>>>> Compression: NONE
>>>> Expansion: NONE
>>> 
>>> Interesting.  That does seem to work for you.  I will have to do some 
>>> more digging into the code.  For some reason it doesn’t work for me.  
>>> Thanks for that assistance.
>> 
>> After more testing, I think you need to try:
>> 
>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP
>> 
>> I suspect it will give:
>> New, TLSv1/SSLv3, Cipher is EXP-DES-CBC-SHA
>> 
>> 
>> That is the export cipher which is the problem.
> 
> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP
> CONNECTED(00000003)
> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake
> failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 353 bytes and written 108 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
> 
> I did nothing special with the build, just put this in the
> configuration for sendmail .mc file
> 
> In my case the local hostname of the jail I am running sendmail in is
> webmail.dweimer.local
> 
> So /etc/mail/webmail.dweimer.local.mc
> 
> dnl Cert Options
> define(`confCACERT_PATH', `/common/GoDaddy.Cert/')dnl
> define(`confCACERT', `/common/GoDaddy.Cert/gd_bundle_g2_g1.pem')dnl
> define(`confSERVER_CERT', `/common/GoDaddy.Cert/dweimer.net.pem')dnl
> define(`confSERVER_KEY', `/common/GoDaddy.Cert/dweimer.net.key.pem')dnl
> 
> dnl DAEMON_OPTIONS
> dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
> 
> LOCAL_CONFIG
> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
> 
> define(`confDOMAIN_NAME', `webmail.dweimer.net')dnl
> 
> then from within /etc/mail
> run:
> make && make install && make restart
> 
> Then the test should run fine.
> 
> I guess I do have this in my make.conf
> SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
> SENDMAIL_LDFLAGS=-L/usr/local/lib
> SENDMAIL_LDADD=-lsasl2
> 
> However I believe this was put in there when adding the SMTP
> Authentication support, and isn't required for the SSL part.
> 
> This cipher list was pulled from an old Apache recommendation probably
> should update it, but this is just a server I use for my personal
> email and testing things.

You got me thinking, and I did a little more digging, I now have this in 
my configuration:
LOCAL_CONFIG
O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4
O ServerSSLOptions=+SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_NO_SSLv2 
+SSL_OP_NO_SSLv3
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

This was as close as I could figure out to mirror my current Apache 
configuration which gets an A rating on the Qualsys SSL Labs test 
(https://www.ssllabs.com/ssltest/index.html).

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/

More information about the freebsd-questions mailing list