From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value
Date: Sun, 21 Jan 2018 19:08:06 +0000
Message-ID: <1516561686.2373.5.camel@ipfire.org>
In-Reply-To: <20180120152857.538069c6.peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1747441448513141722=="
List-Id: <development.lists.ipfire.org>

--===============1747441448513141722==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

since there usually is a few people being opinionated about this sort
of changes, I will wait a little until we get the comments in. Let's
say a week.

Best,
-Michael

On Sat, 2018-01-20 at 15:28 +0100, Peter M=C3=BCller wrote:
> Only use secure cipher list for the OpenSSL DEFAULT list:
> * ECDSA is preferred over RSA since it is faster and more scalable
> * TLS 1.2 suites are preferred over anything older
> * weak ciphers such as RC4 and 3DES have been eliminated
> * AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt" problem)
> * ciphers without PFS are moved to the end of the cipher list
>=20
> The DEFAULT cipher list is now ("openssl ciphers -v"):
>=20
> ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAESGCM=
(256) Mac=3DAEAD
> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAES(256)  =
Mac=3DSHA384
> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAESGCM=
(128) Mac=3DAEAD
> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=3DECDH     Au=3DECDSA Enc=3DAES(128)  =
Mac=3DSHA256
> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAESGCM(25=
6) Mac=3DAEAD
> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA384
> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAESGCM(12=
8) Mac=3DAEAD
> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=3DECDH     Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA256
> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAESGCM(256)=
 Mac=3DAEAD
> DHE-RSA-AES256-SHA256   TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA256
> DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAESGCM(128)=
 Mac=3DAEAD
> DHE-RSA-AES128-SHA256   TLSv1.2 Kx=3DDH       Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA256
> ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=3DECDH     Au=3DECDSA Enc=3DAES(256)  Mac=
=3DSHA1
> ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=3DECDH     Au=3DECDSA Enc=3DAES(128)  Mac=
=3DSHA1
> ECDHE-RSA-AES256-SHA    SSLv3 Kx=3DECDH     Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA1
> ECDHE-RSA-AES128-SHA    SSLv3 Kx=3DECDH     Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA1
> DHE-RSA-AES256-SHA      SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA1
> DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DCamellia(256) M=
ac=3DSHA1
> DHE-RSA-AES128-SHA      SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA1
> DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=3DDH       Au=3DRSA  Enc=3DCamellia(128) M=
ac=3DSHA1
> AES256-GCM-SHA384       TLSv1.2 Kx=3DRSA      Au=3DRSA  Enc=3DAESGCM(256) M=
ac=3DAEAD
> AES256-SHA256           TLSv1.2 Kx=3DRSA      Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA256
> AES128-GCM-SHA256       TLSv1.2 Kx=3DRSA      Au=3DRSA  Enc=3DAESGCM(128) M=
ac=3DAEAD
> AES128-SHA256           TLSv1.2 Kx=3DRSA      Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA256
> AES256-SHA              SSLv3 Kx=3DRSA      Au=3DRSA  Enc=3DAES(256)  Mac=
=3DSHA1
> CAMELLIA256-SHA         SSLv3 Kx=3DRSA      Au=3DRSA  Enc=3DCamellia(256) M=
ac=3DSHA1
> AES128-SHA              SSLv3 Kx=3DRSA      Au=3DRSA  Enc=3DAES(128)  Mac=
=3DSHA1
> CAMELLIA128-SHA         SSLv3 Kx=3DRSA      Au=3DRSA  Enc=3DCamellia(128) M=
ac=3DSHA1
>=20
> This has been discussed at 2017-12-04 (https://wiki.ipfire.org/devel/telco/=
2017-12-04).
>=20
> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  lfs/openssl                                   |  2 +-
>  src/patches/openssl-1.0.2n-weak-ciphers.patch | 12 ++++++++++++
>  2 files changed, 13 insertions(+), 1 deletion(-)
>  create mode 100644 src/patches/openssl-1.0.2n-weak-ciphers.patch
>=20
> diff --git a/lfs/openssl b/lfs/openssl
> index 6050768ec..65d738d0f 100644
> --- a/lfs/openssl
> +++ b/lfs/openssl
> @@ -126,7 +126,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>  	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-=
enginesdir.patch
>  	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbu=
ild.patch
> -	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-=
ciphers.patch
> +	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2n-weak-=
ciphers.patch
>  	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disab=
le-sslv2v3.patch
> =20
>  	# i586 specific patches
> diff --git a/src/patches/openssl-1.0.2n-weak-ciphers.patch b/src/patches/op=
enssl-1.0.2n-weak-ciphers.patch
> new file mode 100644
> index 000000000..9fb4051e3
> --- /dev/null
> +++ b/src/patches/openssl-1.0.2n-weak-ciphers.patch
> @@ -0,0 +1,12 @@
> +diff -Naur openssl-1.0.2n-orig/ssl/ssl.h openssl-1.0.2n/ssl/ssl.h
> +--- openssl-1.0.2n-orig/ssl/ssl.h	2017-12-07 14:16:42.000000000 +0100
> ++++ openssl-1.0.2n/ssl/ssl.h	2018-01-20 11:56:02.477927590 +0100
> +@@ -338,7 +338,7 @@
> +  * The following cipher list is used by default. It also is substituted w=
hen
> +  * an application-defined cipher list string starts with 'DEFAULT'.
> +  */
> +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
> ++# define SSL_DEFAULT_CIPHER_LIST "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRS=
A:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!=
DSS"
> + /*
> +  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
> +  * starts with a reasonable order, and all we have to do for DEFAULT is

--===============1747441448513141722==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl
Mnlwa3R4Z0hudy8yK1FDUWNGQWxwazVSWUFDZ2tRZ0hudy8yK1EKQ1FlKzFBLzlFbzlJQjRFb0xC
WjAxMjREWitjbHB2bUpINUhDWWdaZFZ3alNGSFF3cFhMVFNjUmN4MHRWamxGTApHTnI5TG5waXk4
emJmeXgyNGhCaEY1R083VWVDRmxEMGJZS1dVQ0kySVdWNTNrR0kvUGRXeCtQbXZKUHpic2FlCkdH
ajhGU0dwSys1YVAwU0NONm9TKzQ0YTBwMXpuN2JxdUFGTUYxLzJwM2J0SVYwenZPU0Jmc2wwNHJ0
WkRQdEEKMlNPZGRqNk9PUDlEOVVoTVBJUXY3cXBnY1ZwT2p0TlhxRjJERlFHT25IOENET1Y4NDNZ
bjhwL0s1TlNxSHlGNwp2Q21JL2EwV3VGSTYrNnFUR3hlamtFd2NwSXd2QndnUEp3VmJ4QnhIRTF1
bXYyaisvV3hya0duUC9VbGZhRmxWCjdrdU1pbThwa05QZ0ZxZUZXU25GTXMrNnd2UFFXMFRjV1U3
aDR3NmlteFdVUXZ0bmtENnZGR2lncExvazhwSnYKRVJhTkFBYk14RWdsYURZWnQwNnJXTTF5c0tI
cXpiY3FvclRWZE13NXJ2c09iTXp4M3BzOXpMaVhLOFJIN2l4bQpabnZYd2l1QWxxVmx1Mk0zN0FQ
NStvS1BaZXZyblVkamFLclFBbVZrRDZuYU8wS05TTjhzTG80VDdRUW1XNGszCkhHRHlCRFhOSUpj
TmZRY25kVjh5dmVpOW9USzZhZ1dLZklRNXVqdVg1M1hBdWJXSmhiZjM3TVZ3Q0laWVpsR3YKUExl
SWNuZEFHOHNHTXZzMWdLWS84aEp5RHVqamw3QXBDQ3JLWS96VXJVMmZPMHM5LzQ1R3FiTGF6RE1v
ZUNucAo4c2c4YTZjNTltaHZzbHlNSjl5OFNpeCszajZ3czl2djd0ZEZHOE9OY1hYY2d0WlY0Nlk9
Cj13SHRhCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=

--===============1747441448513141722==--