From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenSSL_update: Update to version 1.1.1a
Date: Wed, 13 Feb 2019 11:35:59 +0000 [thread overview]
Message-ID: <1B4E0ACB-2139-4670-8E5A-2F8657EF23C9@ipfire.org> (raw)
In-Reply-To: <161805aa58cc9c071780428082141dc699764640.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6573 bytes --]
Hi,
I do not see any reason to use CCM if we can use GCM.
GCM is far better. I would explicitly disable CCM.
I think this sums it up okay:
https://crypto.stackexchange.com/questions/6842/how-to-choose-between-aes-ccm-and-aes-gcm-for-storage-volume-encryption
-Michael
> On 11 Feb 2019, at 08:52, ummeegge <ummeegge(a)ipfire.org> wrote:
>
> Hi all,
>
> On Fr, 2019-01-18 at 18:06 +0100, Peter Müller wrote:
>> Hello,
>>
>> just for the records some explanations on this patch:
>> (a) Chacha/Poly is faster on devices without built-in AES
>> acceleration.
>> Since it provides the same strength as AES, I usually prefer it
>> except
>> for _very_ high bandwidth requirements.
>> (b) At the moment, there seems to be little support of AESCCM, so I
>> disabled it for now in order to keep our ciphersuite zoo smaller. :-)
>> If there is any need to enable it, I will update the patch
>> accordingly.
> it seems that unbound uses AES-CCM. With version 1.9.0 which Matthias
> has already pushed, some new directives for DoT has been introduced.
> Please take a look to unbound example configurations -->
> https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in
> under "cipher setting for TLSv1.3" .
>
> So it might be an idea to enable AESCCM !?
>
>
>>
>> I am happy this made its way into IPFire. :-)
>>
>> Updated add-on versions for Postfix and Tor will come soon, at the
>> moment, I am somewhat busy with libloc, Suricata and the ORANGE
>> default
>> firewall behaviour.
>>
>> Thanks, and best regards,
>> Peter Müller
>>
>>>
>>> Even i use the old patch i am a happy tester with 64 bit since one
>>> month + :-).
>>>
>>> The difference between old and new patch (from Peter) are not that
>>> vast
>>> and they looks like this:
>>>
>>> --- OpenSSL-1.1.1a_old_patch 2019-01-13 18:15:33.316651666
>>> +0100
>>> +++ OpenSSL-1.1.1a-new_patch 2019-01-13 18:16:22.008650232
>>> +0100
>>> @@ -1,31 +1,23 @@
>>> -TLS_AES_256_GCM_SHA384 TLSv1.3
>>> Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
>>> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
>>> Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
>>> +TLS_AES_256_GCM_SHA384 TLSv1.3
>>> Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
>>> TLS_AES_128_GCM_SHA256 TLSv1.3
>>> Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
>>> -ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESGCM(256) Mac=AEAD
>>> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=CHACHA20/POLY1305(256) Mac=AEAD
>>> -ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESCCM8(256) Mac=AEAD
>>> -ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESCCM(256) Mac=AEAD
>>> +ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESGCM(256) Mac=AEAD
>>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESGCM(128) Mac=AEAD
>>> -ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESCCM8(128) Mac=AEAD
>>> -ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESCCM(128) Mac=AEAD
>>> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AES(256) Mac=SHA384
>>> ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=Camellia(256) Mac=SHA384
>>> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AES(128) Mac=SHA256
>>> ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=Camellia(128) Mac=SHA256
>>> -ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
>>> +ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> ECDHE-RSA-AES256-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
>>> ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
>>> ECDHE-RSA-AES128-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
>>> ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
>>> -DHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> DHE-RSA-CHACHA20-POLY1305 TLSv1.2
>>> Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
>>> -DHE-RSA-AES256-CCM8 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
>>> -DHE-RSA-AES256-CCM TLSv1.2
>>> Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
>>> +DHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> DHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> -DHE-RSA-AES128-CCM8 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
>>> -DHE-RSA-AES128-CCM TLSv1.2
>>> Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
>>> DHE-RSA-AES256-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
>>> DHE-RSA-CAMELLIA256-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
>>> DHE-RSA-AES128-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
>>> @@ -37,14 +29,9 @@
>>> DHE-RSA-AES256-SHA SSLv3
>>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
>>> DHE-RSA-CAMELLIA256-SHA SSLv3
>>> Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
>>> DHE-RSA-AES128-SHA SSLv3
>>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
>>> -DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128)
>>> Mac=SHA1
>>> DHE-RSA-CAMELLIA128-SHA SSLv3
>>> Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
>>> AES256-GCM-SHA384 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> -AES256-CCM8 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
>>> -AES256-CCM TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
>>> AES128-GCM-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> -AES128-CCM8 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
>>> -AES128-CCM TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
>>> AES256-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
>>> CAMELLIA256-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
>>> AES128-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
>>>
>>> So mostly changes are causing by the disabled AES-CCM.
>>>
>
> Best,
>
> Erik
>
next prev parent reply other threads:[~2019-02-13 11:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-09 14:21 Erik Kapfer
2019-01-09 16:39 ` Michael Tremer
2019-01-09 16:59 ` ummeegge
2019-01-09 17:18 ` Michael Tremer
2019-01-09 18:33 ` ummeegge
2019-01-14 18:03 ` Peter Müller
2019-01-15 14:48 ` ummeegge
2019-01-18 15:09 ` Michael Tremer
2019-01-18 16:45 ` ummeegge
2019-01-18 17:06 ` Peter Müller
2019-01-18 17:35 ` ummeegge
2019-01-22 14:19 ` Michael Tremer
2019-02-11 8:52 ` ummeegge
2019-02-13 11:35 ` Michael Tremer [this message]
2019-01-13 17:44 ` [PATCH v2] OpenSSL: " Erik Kapfer
2019-01-15 14:43 ` [PATCH v3] openssl: " Erik Kapfer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1B4E0ACB-2139-4670-8E5A-2F8657EF23C9@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox