From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value
Date: Mon, 22 Jan 2018 13:32:58 +0000 [thread overview]
Message-ID: <1516627978.3647.175.camel@ipfire.org> (raw)
In-Reply-To: <1516564460.2936.4.camel@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 6427 bytes --]
On Sun, 2018-01-21 at 13:54 -0600, Paul Simmons wrote:
> On Sun, 2018-01-21 at 19:08 +0000, Michael Tremer wrote:
> > Hello,
> >
> > since there usually is a few people being opinionated about this sort
> > of changes, I will wait a little until we get the comments in. Let's
> > say a week.
> >
> > Best,
> > -Michael
> >
> > On Sat, 2018-01-20 at 15:28 +0100, Peter Müller wrote:
> > > Only use secure cipher list for the OpenSSL DEFAULT list:
> > > * ECDSA is preferred over RSA since it is faster and more scalable
> > > * TLS 1.2 suites are preferred over anything older
> > > * weak ciphers such as RC4 and 3DES have been eliminated
> > > * AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt"
> > > problem)
> > > * ciphers without PFS are moved to the end of the cipher list
> > >
> > > The DEFAULT cipher list is now ("openssl ciphers -v"):
> > >
> > > ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
> > > Enc=AESGCM(256) Mac=AEAD
> > > ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
> > > Enc=AES(256) Mac=SHA384
> > > ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
> > > Enc=AESGCM(128) Mac=AEAD
> > > ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
> > > Enc=AES(128) Mac=SHA256
> > > ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
> > > Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
> > > ECDHE-RSA-AES256-SHA384 TLSv1.2
> > > Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
> > > ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
> > > Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
> > > ECDHE-RSA-AES128-SHA256 TLSv1.2
> > > Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
> > > DHE-RSA-AES256-GCM-SHA384 TLSv1.2
> > > Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
> > > DHE-RSA-AES256-SHA256 TLSv1.2
> > > Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
> > > DHE-RSA-AES128-GCM-SHA256 TLSv1.2
> > > Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
> > > DHE-RSA-AES128-SHA256 TLSv1.2
> > > Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
> > > ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA
> > > Enc=AES(256) Mac=SHA1
> > > ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA
> > > Enc=AES(128) Mac=SHA1
> > > ECDHE-RSA-AES256-SHA SSLv3
> > > Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
> > > ECDHE-RSA-AES128-SHA SSLv3
> > > Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
> > > DHE-RSA-AES256-SHA SSLv3
> > > Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> > > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256)
> > > Mac=SHA1
> > > DHE-RSA-AES128-SHA SSLv3
> > > Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
> > > DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128)
> > > Mac=SHA1
> > > AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256)
> > > Mac=AEAD
> > > AES256-SHA256 TLSv1.2
> > > Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
> > > AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128)
> > > Mac=AEAD
> > > AES128-SHA256 TLSv1.2
> > > Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
> > > AES256-SHA SSLv3
> > > Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> > > CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256)
> > > Mac=SHA1
> > > AES128-SHA SSLv3
> > > Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
> > > CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128)
> > > Mac=SHA1
> > >
> > > This has been discussed at 2017-12-04 (https://wiki.ipfire.org/deve
> > > l/telco/2017-12-04).
> > >
> > > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > > Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> > > ---
> > > lfs/openssl | 2 +-
> > > src/patches/openssl-1.0.2n-weak-ciphers.patch | 12 ++++++++++++
> > > 2 files changed, 13 insertions(+), 1 deletion(-)
> > > create mode 100644 src/patches/openssl-1.0.2n-weak-ciphers.patch
> > >
> > > diff --git a/lfs/openssl b/lfs/openssl
> > > index 6050768ec..65d738d0f 100644
> > > --- a/lfs/openssl
> > > +++ b/lfs/openssl
> > > @@ -126,7 +126,7 @@ $(TARGET) : $(patsubst
> > > %,$(DIR_DL)/%,$(objects))
> > > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf
> > > $(DIR_DL)/$(DL_FILE)
> > > cd $(DIR_APP) && patch -Np1 <
> > > $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
> > > cd $(DIR_APP) && patch -Np1 <
> > > $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
> > > - cd $(DIR_APP) && patch -Np1 <
> > > $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
> > > + cd $(DIR_APP) && patch -Np1 <
> > > $(DIR_SRC)/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > > cd $(DIR_APP) && patch -Np1 <
> > > $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
> > >
> > > # i586 specific patches
> > > diff --git a/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > > b/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > > new file mode 100644
> > > index 000000000..9fb4051e3
> > > --- /dev/null
> > > +++ b/src/patches/openssl-1.0.2n-weak-ciphers.patch
> > > @@ -0,0 +1,12 @@
> > > +diff -Naur openssl-1.0.2n-orig/ssl/ssl.h openssl-1.0.2n/ssl/ssl.h
> > > +--- openssl-1.0.2n-orig/ssl/ssl.h 2017-12-07
> > > 14:16:42.000000000 +0100
> > > ++++ openssl-1.0.2n/ssl/ssl.h 2018-01-20 11:56:02.477927590
> > > +0100
> > > +@@ -338,7 +338,7 @@
> > > + * The following cipher list is used by default. It also is
> > > substituted when
> > > + * an application-defined cipher list string starts with
> > > 'DEFAULT'.
> > > + */
> > > +-# define SSL_DEFAULT_CIPHER_LIST
> > > "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
> > > ++# define SSL_DEFAULT_CIPHER_LIST
> > > "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:
> > > !MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS"
> > > + /*
> > > + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in
> > > ssl/ssl_ciph.c always
> > > + * starts with a reasonable order, and all we have to do for
> > > DEFAULT is
>
> Since some IPFire users are ignorant of the latest and greatest security
> discussions, implementing this patch will help many of us to adhere to
> best practices. Therefore, I support this patch.
I suppose you are referring to some users who are still running outdated
machines with MS Exchange 2003 and things like that?
Certainly that is a huge problem. However, we need to make sure that IPFire
generally compatible with the rest of the world. There is no easy answer to
this.
Best,
-Michael
>
> Best,
> Paul Simmons
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2018-01-22 13:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-20 14:28 Peter Müller
2018-01-21 19:08 ` Michael Tremer
2018-01-21 19:54 ` Paul Simmons
2018-01-21 21:00 ` Tom Rymes
2018-01-22 12:55 ` Peter Müller
2018-01-22 13:43 ` Michael Tremer
2018-01-24 16:39 ` Peter Müller
2018-01-22 13:32 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516627978.3647.175.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox