From: Tom Rymes <trymes@rymes.com>
To: development@lists.ipfire.org
Subject: Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value
Date: Sun, 21 Jan 2018 16:00:25 -0500 [thread overview]
Message-ID: <613C0B52-23BB-4FE1-81CD-DD4CAC6E8D27@rymes.com> (raw)
In-Reply-To: <1516564460.2936.4.camel@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 6162 bytes --]
What would be the negative implications of this patch? Would existing tunnels on production servers stop working?
> On Jan 21, 2018, at 2:55 PM, Paul Simmons <mbatranch(a)gmail.com> wrote:
>
>> On Sun, 2018-01-21 at 19:08 +0000, Michael Tremer wrote:
>> Hello,
>>
>> since there usually is a few people being opinionated about this sort
>> of changes, I will wait a little until we get the comments in. Let's
>> say a week.
>>
>> Best,
>> -Michael
>>
>>> On Sat, 2018-01-20 at 15:28 +0100, Peter Müller wrote:
>>> Only use secure cipher list for the OpenSSL DEFAULT list:
>>> * ECDSA is preferred over RSA since it is faster and more scalable
>>> * TLS 1.2 suites are preferred over anything older
>>> * weak ciphers such as RC4 and 3DES have been eliminated
>>> * AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt"
>>> problem)
>>> * ciphers without PFS are moved to the end of the cipher list
>>>
>>> The DEFAULT cipher list is now ("openssl ciphers -v"):
>>>
>>> ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESGCM(256) Mac=AEAD
>>> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AES(256) Mac=SHA384
>>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AESGCM(128) Mac=AEAD
>>> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA
>>> Enc=AES(128) Mac=SHA256
>>> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> ECDHE-RSA-AES256-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
>>> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> ECDHE-RSA-AES128-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
>>> DHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> DHE-RSA-AES256-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
>>> DHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> DHE-RSA-AES128-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
>>> ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA
>>> Enc=AES(256) Mac=SHA1
>>> ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA
>>> Enc=AES(128) Mac=SHA1
>>> ECDHE-RSA-AES256-SHA SSLv3
>>> Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
>>> ECDHE-RSA-AES128-SHA SSLv3
>>> Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
>>> DHE-RSA-AES256-SHA SSLv3
>>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
>>> DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256)
>>> Mac=SHA1
>>> DHE-RSA-AES128-SHA SSLv3
>>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
>>> DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128)
>>> Mac=SHA1
>>> AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256)
>>> Mac=AEAD
>>> AES256-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
>>> AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128)
>>> Mac=AEAD
>>> AES128-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
>>> AES256-SHA SSLv3
>>> Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>>> CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256)
>>> Mac=SHA1
>>> AES128-SHA SSLv3
>>> Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
>>> CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128)
>>> Mac=SHA1
>>>
>>> This has been discussed at 2017-12-04 (https://wiki.ipfire.org/deve
>>> l/telco/2017-12-04).
>>>
>>> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
>>> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
>>> ---
>>> lfs/openssl | 2 +-
>>> src/patches/openssl-1.0.2n-weak-ciphers.patch | 12 ++++++++++++
>>> 2 files changed, 13 insertions(+), 1 deletion(-)
>>> create mode 100644 src/patches/openssl-1.0.2n-weak-ciphers.patch
>>>
>>> diff --git a/lfs/openssl b/lfs/openssl
>>> index 6050768ec..65d738d0f 100644
>>> --- a/lfs/openssl
>>> +++ b/lfs/openssl
>>> @@ -126,7 +126,7 @@ $(TARGET) : $(patsubst
>>> %,$(DIR_DL)/%,$(objects))
>>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf
>>> $(DIR_DL)/$(DL_FILE)
>>> cd $(DIR_APP) && patch -Np1 <
>>> $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
>>> cd $(DIR_APP) && patch -Np1 <
>>> $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
>>> - cd $(DIR_APP) && patch -Np1 <
>>> $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
>>> + cd $(DIR_APP) && patch -Np1 <
>>> $(DIR_SRC)/src/patches/openssl-1.0.2n-weak-ciphers.patch
>>> cd $(DIR_APP) && patch -Np1 <
>>> $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
>>>
>>> # i586 specific patches
>>> diff --git a/src/patches/openssl-1.0.2n-weak-ciphers.patch
>>> b/src/patches/openssl-1.0.2n-weak-ciphers.patch
>>> new file mode 100644
>>> index 000000000..9fb4051e3
>>> --- /dev/null
>>> +++ b/src/patches/openssl-1.0.2n-weak-ciphers.patch
>>> @@ -0,0 +1,12 @@
>>> +diff -Naur openssl-1.0.2n-orig/ssl/ssl.h openssl-1.0.2n/ssl/ssl.h
>>> +--- openssl-1.0.2n-orig/ssl/ssl.h 2017-12-07
>>> 14:16:42.000000000 +0100
>>> ++++ openssl-1.0.2n/ssl/ssl.h 2018-01-20 11:56:02.477927590
>>> +0100
>>> +@@ -338,7 +338,7 @@
>>> + * The following cipher list is used by default. It also is
>>> substituted when
>>> + * an application-defined cipher list string starts with
>>> 'DEFAULT'.
>>> + */
>>> +-# define SSL_DEFAULT_CIPHER_LIST
>>> "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
>>> ++# define SSL_DEFAULT_CIPHER_LIST
>>> "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:
>>> !MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS"
>>> + /*
>>> + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in
>>> ssl/ssl_ciph.c always
>>> + * starts with a reasonable order, and all we have to do for
>>> DEFAULT is
>
> Since some IPFire users are ignorant of the latest and greatest security
> discussions, implementing this patch will help many of us to adhere to
> best practices. Therefore, I support this patch.
>
> Best,
> Paul Simmons
next prev parent reply other threads:[~2018-01-21 21:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-20 14:28 Peter Müller
2018-01-21 19:08 ` Michael Tremer
2018-01-21 19:54 ` Paul Simmons
2018-01-21 21:00 ` Tom Rymes [this message]
2018-01-22 12:55 ` Peter Müller
2018-01-22 13:43 ` Michael Tremer
2018-01-24 16:39 ` Peter Müller
2018-01-22 13:32 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=613C0B52-23BB-4FE1-81CD-DD4CAC6E8D27@rymes.com \
--to=trymes@rymes.com \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox