On Sun, 2018-01-21 at 13:54 -0600, Paul Simmons wrote: > On Sun, 2018-01-21 at 19:08 +0000, Michael Tremer wrote: > > Hello, > > > > since there usually is a few people being opinionated about this sort > > of changes, I will wait a little until we get the comments in. Let's > > say a week. > > > > Best, > > -Michael > > > > On Sat, 2018-01-20 at 15:28 +0100, Peter Müller wrote: > > > Only use secure cipher list for the OpenSSL DEFAULT list: > > > * ECDSA is preferred over RSA since it is faster and more scalable > > > * TLS 1.2 suites are preferred over anything older > > > * weak ciphers such as RC4 and 3DES have been eliminated > > > * AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt" > > > problem) > > > * ciphers without PFS are moved to the end of the cipher list > > > > > > The DEFAULT cipher list is now ("openssl ciphers -v"): > > > > > > ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA > > > Enc=AESGCM(256) Mac=AEAD > > > ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA > > > Enc=AES(256) Mac=SHA384 > > > ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA > > > Enc=AESGCM(128) Mac=AEAD > > > ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA > > > Enc=AES(128) Mac=SHA256 > > > ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 > > > Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD > > > ECDHE-RSA-AES256-SHA384 TLSv1.2 > > > Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 > > > ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 > > > Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD > > > ECDHE-RSA-AES128-SHA256 TLSv1.2 > > > Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 > > > DHE-RSA-AES256-GCM-SHA384 TLSv1.2 > > > Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD > > > DHE-RSA-AES256-SHA256 TLSv1.2 > > > Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 > > > DHE-RSA-AES128-GCM-SHA256 TLSv1.2 > > > Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD > > > DHE-RSA-AES128-SHA256 TLSv1.2 > > > Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 > > > ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA > > > Enc=AES(256) Mac=SHA1 > > > ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA > > > Enc=AES(128) Mac=SHA1 > > > ECDHE-RSA-AES256-SHA SSLv3 > > > Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 > > > ECDHE-RSA-AES128-SHA SSLv3 > > > Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 > > > DHE-RSA-AES256-SHA SSLv3 > > > Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 > > > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) > > > Mac=SHA1 > > > DHE-RSA-AES128-SHA SSLv3 > > > Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 > > > DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) > > > Mac=SHA1 > > > AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) > > > Mac=AEAD > > > AES256-SHA256 TLSv1.2 > > > Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 > > > AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) > > > Mac=AEAD > > > AES128-SHA256 TLSv1.2 > > > Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 > > > AES256-SHA SSLv3 > > > Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 > > > CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) > > > Mac=SHA1 > > > AES128-SHA SSLv3 > > > Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 > > > CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) > > > Mac=SHA1 > > > > > > This has been discussed at 2017-12-04 (https://wiki.ipfire.org/deve > > > l/telco/2017-12-04). > > > > > > Signed-off-by: Peter Müller > > > Cc: Michael Tremer > > > --- > > > lfs/openssl | 2 +- > > > src/patches/openssl-1.0.2n-weak-ciphers.patch | 12 ++++++++++++ > > > 2 files changed, 13 insertions(+), 1 deletion(-) > > > create mode 100644 src/patches/openssl-1.0.2n-weak-ciphers.patch > > > > > > diff --git a/lfs/openssl b/lfs/openssl > > > index 6050768ec..65d738d0f 100644 > > > --- a/lfs/openssl > > > +++ b/lfs/openssl > > > @@ -126,7 +126,7 @@ $(TARGET) : $(patsubst > > > %,$(DIR_DL)/%,$(objects)) > > > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf > > > $(DIR_DL)/$(DL_FILE) > > > cd $(DIR_APP) && patch -Np1 < > > > $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch > > > cd $(DIR_APP) && patch -Np1 < > > > $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch > > > - cd $(DIR_APP) && patch -Np1 < > > > $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch > > > + cd $(DIR_APP) && patch -Np1 < > > > $(DIR_SRC)/src/patches/openssl-1.0.2n-weak-ciphers.patch > > > cd $(DIR_APP) && patch -Np1 < > > > $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch > > > > > > # i586 specific patches > > > diff --git a/src/patches/openssl-1.0.2n-weak-ciphers.patch > > > b/src/patches/openssl-1.0.2n-weak-ciphers.patch > > > new file mode 100644 > > > index 000000000..9fb4051e3 > > > --- /dev/null > > > +++ b/src/patches/openssl-1.0.2n-weak-ciphers.patch > > > @@ -0,0 +1,12 @@ > > > +diff -Naur openssl-1.0.2n-orig/ssl/ssl.h openssl-1.0.2n/ssl/ssl.h > > > +--- openssl-1.0.2n-orig/ssl/ssl.h 2017-12-07 > > > 14:16:42.000000000 +0100 > > > ++++ openssl-1.0.2n/ssl/ssl.h 2018-01-20 11:56:02.477927590 > > > +0100 > > > +@@ -338,7 +338,7 @@ > > > + * The following cipher list is used by default. It also is > > > substituted when > > > + * an application-defined cipher list string starts with > > > 'DEFAULT'. > > > + */ > > > +-# define SSL_DEFAULT_CIPHER_LIST > > > "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" > > > ++# define SSL_DEFAULT_CIPHER_LIST > > > "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES: > > > !MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS" > > > + /* > > > + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in > > > ssl/ssl_ciph.c always > > > + * starts with a reasonable order, and all we have to do for > > > DEFAULT is > > Since some IPFire users are ignorant of the latest and greatest security > discussions, implementing this patch will help many of us to adhere to > best practices. Therefore, I support this patch. I suppose you are referring to some users who are still running outdated machines with MS Exchange 2003 and things like that? Certainly that is a huge problem. However, we need to make sure that IPFire generally compatible with the rest of the world. There is no easy answer to this. Best, -Michael > > Best, > Paul Simmons