Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Paul Simmons <mbatranch@gmail.com>
To: development@lists.ipfire.org
Subject: Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value
Date: Sun, 21 Jan 2018 13:54:20 -0600	[thread overview]
Message-ID: <1516564460.2936.4.camel@gmail.com> (raw)
In-Reply-To: <1516561686.2373.5.camel@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 5781 bytes --]

On Sun, 2018-01-21 at 19:08 +0000, Michael Tremer wrote:
> Hello,
> 
> since there usually is a few people being opinionated about this sort
> of changes, I will wait a little until we get the comments in. Let's
> say a week.
> 
> Best,
> -Michael
> 
> On Sat, 2018-01-20 at 15:28 +0100, Peter Müller wrote:
> > Only use secure cipher list for the OpenSSL DEFAULT list:
> > * ECDSA is preferred over RSA since it is faster and more scalable
> > * TLS 1.2 suites are preferred over anything older
> > * weak ciphers such as RC4 and 3DES have been eliminated
> > * AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt"
> > problem)
> > * ciphers without PFS are moved to the end of the cipher list
> > 
> > The DEFAULT cipher list is now ("openssl ciphers -v"):
> > 
> > ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
> > Enc=AESGCM(256) Mac=AEAD
> > ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
> > Enc=AES(256)  Mac=SHA384
> > ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
> > Enc=AESGCM(128) Mac=AEAD
> > ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
> > Enc=AES(128)  Mac=SHA256
> > ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
> > Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
> > ECDHE-RSA-AES256-SHA384 TLSv1.2
> > Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
> > ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
> > Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
> > ECDHE-RSA-AES128-SHA256 TLSv1.2
> > Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
> > DHE-RSA-AES256-GCM-SHA384 TLSv1.2
> > Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
> > DHE-RSA-AES256-SHA256   TLSv1.2
> > Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
> > DHE-RSA-AES128-GCM-SHA256 TLSv1.2
> > Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
> > DHE-RSA-AES128-SHA256   TLSv1.2
> > Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
> > ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA
> > Enc=AES(256)  Mac=SHA1
> > ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA
> > Enc=AES(128)  Mac=SHA1
> > ECDHE-RSA-AES256-SHA    SSLv3
> > Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
> > ECDHE-RSA-AES128-SHA    SSLv3
> > Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
> > DHE-RSA-AES256-SHA      SSLv3
> > Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
> > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256)
> > Mac=SHA1
> > DHE-RSA-AES128-SHA      SSLv3
> > Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
> > DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128)
> > Mac=SHA1
> > AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256)
> > Mac=AEAD
> > AES256-SHA256           TLSv1.2
> > Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
> > AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128)
> > Mac=AEAD
> > AES128-SHA256           TLSv1.2
> > Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
> > AES256-SHA              SSLv3
> > Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> > CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256)
> > Mac=SHA1
> > AES128-SHA              SSLv3
> > Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
> > CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128)
> > Mac=SHA1
> > 
> > This has been discussed at 2017-12-04 (https://wiki.ipfire.org/deve
> > l/telco/2017-12-04).
> > 
> > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> > ---
> >  lfs/openssl                                   |  2 +-
> >  src/patches/openssl-1.0.2n-weak-ciphers.patch | 12 ++++++++++++
> >  2 files changed, 13 insertions(+), 1 deletion(-)
> >  create mode 100644 src/patches/openssl-1.0.2n-weak-ciphers.patch
> > 
> > diff --git a/lfs/openssl b/lfs/openssl
> > index 6050768ec..65d738d0f 100644
> > --- a/lfs/openssl
> > +++ b/lfs/openssl
> > @@ -126,7 +126,7 @@ $(TARGET) : $(patsubst
> > %,$(DIR_DL)/%,$(objects))
> >  	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf
> > $(DIR_DL)/$(DL_FILE)
> >  	cd $(DIR_APP) && patch -Np1 <
> > $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
> >  	cd $(DIR_APP) && patch -Np1 <
> > $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
> > -	cd $(DIR_APP) && patch -Np1 <
> > $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
> > +	cd $(DIR_APP) && patch -Np1 <
> > $(DIR_SRC)/src/patches/openssl-1.0.2n-weak-ciphers.patch
> >  	cd $(DIR_APP) && patch -Np1 <
> > $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
> >  
> >  	# i586 specific patches
> > diff --git a/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > b/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > new file mode 100644
> > index 000000000..9fb4051e3
> > --- /dev/null
> > +++ b/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > @@ -0,0 +1,12 @@
> > +diff -Naur openssl-1.0.2n-orig/ssl/ssl.h openssl-1.0.2n/ssl/ssl.h
> > +--- openssl-1.0.2n-orig/ssl/ssl.h	2017-12-07
> > 14:16:42.000000000 +0100
> > ++++ openssl-1.0.2n/ssl/ssl.h	2018-01-20 11:56:02.477927590
> > +0100
> > +@@ -338,7 +338,7 @@
> > +  * The following cipher list is used by default. It also is
> > substituted when
> > +  * an application-defined cipher list string starts with
> > 'DEFAULT'.
> > +  */
> > +-# define SSL_DEFAULT_CIPHER_LIST
> > "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
> > ++# define SSL_DEFAULT_CIPHER_LIST
> > "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:
> > !MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS"
> > + /*
> > +  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in
> > ssl/ssl_ciph.c always
> > +  * starts with a reasonable order, and all we have to do for
> > DEFAULT is

Since some IPFire users are ignorant of the latest and greatest security 
discussions, implementing this patch will help many of us to adhere to 
best practices.  Therefore, I support this patch.

Best,
Paul Simmons

next prev parent reply	other threads:[~2018-01-21 19:54 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-20 14:28 Peter Müller
2018-01-21 19:08 ` Michael Tremer
2018-01-21 19:54   ` Paul Simmons [this message]
2018-01-21 21:00     ` Tom Rymes
2018-01-22 12:55       ` Peter Müller
2018-01-22 13:43         ` Michael Tremer
2018-01-24 16:39           ` Peter Müller
2018-01-22 13:32     ` Michael Tremer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1516564460.2936.4.camel@gmail.com \
    --to=mbatranch@gmail.com \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox