OpenSSL Ciphers
dweimer
dweimer at dweimer.net
Sun Mar 8 03:16:26 UTC 2015
On 03/07/2015 8:58 pm, dweimer wrote:
> On 03/07/2015 7:32 pm, Doug Hardie wrote:
>>> On 7 March 2015, at 15:13, Doug Hardie <bc979 at lafn.org> wrote:
>>>
>>>
>>>> On 7 March 2015, at 08:49, dweimer <dweimer at dweimer.net> wrote:
>>>>
>>>> On 03/07/2015 1:35 am, Doug Hardie wrote:
>>>>>> On 6 March 2015, at 17:35, dweimer <dweimer at dweimer.net> wrote:
>>>>>> On 03/06/2015 6:36 pm, Doug Hardie wrote:
>>>>>>>> On 6 March 2015, at 16:28, Charles Swiger <cswiger at mac.com>
>>>>>>>> wrote:
>>>>>>>> Hi--
>>>>>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>>>> On 3 March 2015, at 23:21, Doug Hardie <bc979 at lafn.org> wrote:
>>>>>>>>>> The default list of ciphers is quite extensive and includes
>>>>>>>>>> some that are apparently causing some potential security
>>>>>>>>>> issues. I have a number of applications that use OpenSSL and
>>>>>>>>>> many don’t have the code to restrict the list. Fixing all
>>>>>>>>>> that would take quite a bit of work. However, looking into
>>>>>>>>>> /usr/include/openssl/ssl.h I find a definition for the
>>>>>>>>>> SSL_DEFAULT_CIPHER_LIST. The comments indicate that that list
>>>>>>>>>> is the one used when the application doesn’t specify anything.
>>>>>>>>>> I changed its definition to:
>>>>>>>>>> #define SSL_DEFAULT_CIPHER_LIST
>>>>>>>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:
>>>>>>>>>> However, s_connect will still create a connection with the
>>>>>>>>>> export ciphers. I tried adding !EXPORT to that list and it
>>>>>>>>>> had no effect. Is the definition actually used by openssl or
>>>>>>>>>> is it just there for documentation?
>>>>>>>>> Not hearing anything on this, I suspect it’s not very well
>>>>>>>>> understood. I have started updating the various
>>>>>>>>> servers/clients that use SSL/TLS. The one that has me
>>>>>>>>> completely stumped is sendmail. There is a web page which
>>>>>>>>> provides instructions
>>>>>>>>> "http://novosial.org/sendmail/cipherlist/index.html”. However,
>>>>>>>>> when I follow them, I can still establish a connection and
>>>>>>>>> deliver mail using the export ciphers.
>>>>>>>>> Has anyone successfully restricted the sendmail ciphers?
>>>>>>>> You can see which ciphers openssl will support via a statement
>>>>>>>> like:
>>>>>>>> % openssl ciphers -v
>>>>>>>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT'
>>>>>>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
>>>>>>>> Mac=SHA1
>>>>>>>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256)
>>>>>>>> Mac=SHA1
>>>>>>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
>>>>>>>> Mac=SHA1
>>>>>>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128)
>>>>>>>> Mac=SHA1
>>>>>>>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128)
>>>>>>>> Mac=SHA1
>>>>>>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
>>>>>>>> Mac=SHA1
>>>>>>>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>>>>>>> Mac=SHA1
>>>>>>>> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>>>>>>> Mac=MD5
>>>>>>>> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128)
>>>>>>>> Mac=MD5
>>>>>>>> ...and you can experiment with TLS negotiation results via
>>>>>>>> something like:
>>>>>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect
>>>>>>>> www.google.com:443
>>>>>>>> [ ... ]
>>>>>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA
>>>>>>>> Server public key is 2048 bit
>>>>>>>> Secure Renegotiation IS supported
>>>>>>>> Compression: NONE
>>>>>>>> Expansion: NONE
>>>>>>>> SSL-Session:
>>>>>>>> Protocol : TLSv1
>>>>>>>> Cipher : AES128-SHA
>>>>>>>> Session-ID: [ ... ]
>>>>>>>> Sendmail normally performs crypto via STARTTLS negotiation
>>>>>>>> rather than via SMTPS; there's a CipherList option which can be
>>>>>>>> defined via sendmail.mc / sendmail.cf. You might need to
>>>>>>>> recompile sendmail with -D_FFR_TLS_1, which I think that
>>>>>>>> novosial page mentions.
>>>>>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page
>>>>>>> mentioned above. The CipherList option doesn’t seem to work. I
>>>>>>> can
>>>>>>> connect and send mail with that in place using the EXPORT
>>>>>>> ciphers.
>>>>>> Doug,
>>>>>> I have this added to my /etc/mail/{HOSTNAME}.mc file.
>>>>>> LOCAL_CONFIG
>>>>>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>>>>>> Of course you can use other options, this has been there for a
>>>>>> while in mine, carried over from some time a few versions back.
>>>>>> Probably should get around to testing it to make sure it actually
>>>>>> is still working. It doesn't take long to add it in and run a
>>>>>> quick test.
>>>>> As I replied earlier, I have done that. I can still use:
>>>>> openssl s_client -connect localhost:25 -starttls smtp -cipher
>>>>> EXPORT
>>>>
>>>> Strange, it seems to be working on mine.
>>>>
>>>> if I use the following, it connects:
>>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp
>>>> CONNECTED(00000003)
>>>> depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com,
>>>> Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy
>>>> Secure Certificate Authority - G2
>>>> [snip]
>>>> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
>>>> Server public key is 4096 bit
>>>> Secure Renegotiation IS supported
>>>> Compression: NONE
>>>> Expansion: NONE
>>>> SSL-Session:
>>>> Protocol : TLSv1.2
>>>> Cipher : DHE-RSA-AES256-GCM-SHA384
>>>> [snip]
>>>>
>>>>
>>>> if I use the cipher option specify aNULL it fails:
>>>>
>>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher
>>>> aNULL
>>>> CONNECTED(00000003)
>>>> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
>>>> alert handshake
>>>> failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
>>>> ---
>>>> no peer certificate available
>>>> ---
>>>> No client certificate CA names sent
>>>> ---
>>>> SSL handshake has read 353 bytes and written 234 bytes
>>>> ---
>>>> New, (NONE), Cipher is (NONE)
>>>> Secure Renegotiation IS NOT supported
>>>> Compression: NONE
>>>> Expansion: NONE
>>>
>>> Interesting. That does seem to work for you. I will have to do some
>>> more digging into the code. For some reason it doesn’t work for me.
>>> Thanks for that assistance.
>>
>> After more testing, I think you need to try:
>>
>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP
>>
>> I suspect it will give:
>> New, TLSv1/SSLv3, Cipher is EXP-DES-CBC-SHA
>>
>>
>> That is the export cipher which is the problem.
>
> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP
> CONNECTED(00000003)
> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake
> failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 353 bytes and written 108 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
>
> I did nothing special with the build, just put this in the
> configuration for sendmail .mc file
>
> In my case the local hostname of the jail I am running sendmail in is
> webmail.dweimer.local
>
> So /etc/mail/webmail.dweimer.local.mc
>
> dnl Cert Options
> define(`confCACERT_PATH', `/common/GoDaddy.Cert/')dnl
> define(`confCACERT', `/common/GoDaddy.Cert/gd_bundle_g2_g1.pem')dnl
> define(`confSERVER_CERT', `/common/GoDaddy.Cert/dweimer.net.pem')dnl
> define(`confSERVER_KEY', `/common/GoDaddy.Cert/dweimer.net.key.pem')dnl
>
> dnl DAEMON_OPTIONS
> dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
>
> LOCAL_CONFIG
> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>
> define(`confDOMAIN_NAME', `webmail.dweimer.net')dnl
>
> then from within /etc/mail
> run:
> make && make install && make restart
>
> Then the test should run fine.
>
> I guess I do have this in my make.conf
> SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
> SENDMAIL_LDFLAGS=-L/usr/local/lib
> SENDMAIL_LDADD=-lsasl2
>
> However I believe this was put in there when adding the SMTP
> Authentication support, and isn't required for the SSL part.
>
> This cipher list was pulled from an old Apache recommendation probably
> should update it, but this is just a server I use for my personal
> email and testing things.
You got me thinking, and I did a little more digging, I now have this in
my configuration:
LOCAL_CONFIG
O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4
O ServerSSLOptions=+SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_NO_SSLv2
+SSL_OP_NO_SSLv3
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
This was as close as I could figure out to mirror my current Apache
configuration which gets an A rating on the Qualsys SSL Labs test
(https://www.ssllabs.com/ssltest/index.html).
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the freebsd-questions
mailing list