From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] OpenSSL: remove ciphers without Forward Secrecy from default
 ciphersuite
Date: Sat, 01 Aug 2020 12:13:47 +0000
Message-ID: <108af439-2141-7525-f30a-652822eda6e5@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4405179180818121647=="
List-Id: <development.lists.ipfire.org>

--===============4405179180818121647==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous
since they allow content decryption in retrospect, if an attacker is
able to gain access to the servers' private key used for the
corresponding TLS session.

Since IPFire machines establish very few TLS connections by themselves, and
destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.)
provide support for Forward Secrecy ciphers - some are even enforcing
them -, it is safe to drop support for anything else.

This patch reduces the OpenSSL default cipher list to:
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=3Dany      Au=3Dany  Enc=3DAESGCM(256) Mac=
=3DAEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=3Dany      Au=3Dany  Enc=3DCHACHA20/P=
OLY1305(256) Mac=3DAEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=3Dany      Au=3Dany  Enc=3DAESGCM(128) Mac=
=3DAEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAESGCM(2=
56) Mac=3DAEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DCHACHA20=
/POLY1305(256) Mac=3DAEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAESGCM(1=
28) Mac=3DAEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAESGCM(256)=
 Mac=3DAEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DCHACHA20/PO=
LY1305(256) Mac=3DAEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAESGCM(128)=
 Mac=3DAEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAES(256)  Ma=
c=3DSHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DCamelli=
a(256) Mac=3DSHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DCamellia(2=
56) Mac=3DSHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAES(128)  Ma=
c=3DSHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DCamelli=
a(128) Mac=3DSHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DCamellia(1=
28) Mac=3DSHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAESGCM(256) M=
ac=3DAEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DCHACHA20/POLY=
1305(256) Mac=3DAEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAESGCM(128) M=
ac=3DAEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DCamellia(256=
) Mac=3DSHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DCamellia(128=
) Mac=3DSHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=3DECDH     Au=3DECDSA Enc=3DAES(256)  Mac=3D=
SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=3DECDH     Au=3DECDSA Enc=3DAES(128)  Mac=3D=
SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=3DECDH     Au=3DRSA  Enc=3DAES(256)  Mac=3DS=
HA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=3DECDH     Au=3DRSA  Enc=3DAES(128)  Mac=3DS=
HA1
DHE-RSA-AES256-SHA      SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DAES(256)  Mac=3DS=
HA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DCamellia(256) Mac=
=3DSHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DAES(128)  Mac=3DS=
HA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DCamellia(128) Mac=
=3DSHA1

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 src/patches/openssl-1.1.1d-default-cipherlist.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/patches/openssl-1.1.1d-default-cipherlist.patch b/src/patche=
s/openssl-1.1.1d-default-cipherlist.patch
index 5ad7829e7..a3a48933e 100644
--- a/src/patches/openssl-1.1.1d-default-cipherlist.patch
+++ b/src/patches/openssl-1.1.1d-default-cipherlist.patch
@@ -5,7 +5,7 @@
   * This applies to ciphersuites for TLSv1.2 and below.
   */
 -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA=
:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
++# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:!kRSA=
:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
  /* This is the default set of TLSv1.3 ciphersuites */
  # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
--=20
2.26.2

--===============4405179180818121647==--