From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] OpenSSL_update: Update to version 1.1.1a Date: Tue, 22 Jan 2019 14:19:51 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0759141659355401509==" List-Id: --===============0759141659355401509== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 18 Jan 2019, at 17:35, ummeegge wrote: >=20 > Hi all, >=20 > Am Freitag, den 18.01.2019, 18:06 +0100 schrieb Peter M=C3=BCller: >> Hello, >>=20 >> just for the records some explanations on this patch: >> (a) Chacha/Poly is faster on devices without built-in AES >> acceleration. >> Since it provides the same strength as AES, I usually prefer it >> except >> for _very_ high bandwidth requirements. >> (b) At the moment, there seems to be little support of AESCCM, so I >> disabled it for now in order to keep our ciphersuite zoo smaller. :-) >> If there is any need to enable it, I will update the patch >> accordingly. > the new OpenSSL has implemented support for five new TLSv1.3 > ciphersuites. We have already three activated (which is the default) > and the other two are CCM mode ciphers -->=20 > https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites=20 > . Am currently not sure about a concrete use case for this but it > appears that e.g. 'TLS_AES_128_CCM_8_SHA256' have a shorter > authentication tag and in combination with a short plaintext the > ciphertext are less than 16 bytes. > --> https://datatracker.ietf.org/meeting/102/agenda/tls-drafts.pdf > which can be in rare use cases (?) nice. >=20 >=20 >>=20 >> I am happy this made its way into IPFire. :-) > Me too :-) . >=20 >>=20 >> Updated add-on versions for Postfix and Tor will come soon, at the >> moment, I am somewhat busy with libloc, Suricata and the ORANGE >> default >> firewall behaviour. > There are some more OpenSSL patches for=20 >=20 > elinks-0.12pre6-openssl11.patch > net-snmp-5.7.3-openssl.patch > openssh-7.8p1-openssl-1.1.0-1.patch > openssl-1.0.0-beta5-enginesdir.patch > openssl-1.0.2a-rpmbuild.patch > openssl-1.0.2a_disable_ssse3_for_amd.patch > openssl-1.0.2g-disable-sslv2v3.patch > ppp-2.4.7-openssl.patch >=20 > as far as i can see openssl-compat has been dropped ? Please send a patch that cleans them up. I suppose we need to keep the patches in delinks, net-snap and ppp so that th= ose packages compile against the new versions of OpenSSL. -Michael >=20 >=20 > Best, >=20 > Erik >=20 >>=20 >> Thanks, and best regards, >> Peter M=C3=BCller=20 >>=20 >>>=20 >>> Even i use the old patch i am a happy tester with 64 bit since one >>> month + :-). >>>=20 >>> The difference between old and new patch (from Peter) are not that >>> vast >>> and they looks like this: >>>=20 >>> --- OpenSSL-1.1.1a_old_patch 2019-01-13 18:15:33.316651666 >>> +0100 >>> +++ OpenSSL-1.1.1a-new_patch 2019-01-13 18:16:22.008650232 >>> +0100 >>> @@ -1,31 +1,23 @@ >>> -TLS_AES_256_GCM_SHA384 TLSv1.3 >>> Kx=3Dany Au=3Dany Enc=3DAESGCM(256) Mac=3DAEAD >>> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 >>> Kx=3Dany Au=3Dany Enc=3DCHACHA20/POLY1305(256) Mac=3DAEAD >>> +TLS_AES_256_GCM_SHA384 TLSv1.3 >>> Kx=3Dany Au=3Dany Enc=3DAESGCM(256) Mac=3DAEAD >>> TLS_AES_128_GCM_SHA256 TLSv1.3 >>> Kx=3Dany Au=3Dany Enc=3DAESGCM(128) Mac=3DAEAD >>> -ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESGCM(256) Mac=3DAEAD >>> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DCHACHA20/POLY1305(256) Mac=3DAEAD >>> -ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESCCM8(256) Mac=3DAEAD >>> -ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESCCM(256) Mac=3DAEAD >>> +ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESGCM(256) Mac=3DAEAD >>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESGCM(128) Mac=3DAEAD >>> -ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESCCM8(128) Mac=3DAEAD >>> -ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAESCCM(128) Mac=3DAEAD >>> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAES(256) Mac=3DSHA384 >>> ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DCamellia(256) Mac=3DSHA384 >>> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DAES(128) Mac=3DSHA256 >>> ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DECDH Au=3DECDSA >>> Enc=3DCamellia(128) Mac=3DSHA256 >>> -ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DAESGCM(256) Mac=3DAEAD >>> ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DCHACHA20/POLY1305(256) Mac=3DAEAD >>> +ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DAESGCM(256) Mac=3DAEAD >>> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DAESGCM(128) Mac=3DAEAD >>> ECDHE-RSA-AES256-SHA384 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DAES(256) Mac=3DSHA384 >>> ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DCamellia(256) Mac=3DSHA384 >>> ECDHE-RSA-AES128-SHA256 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DAES(128) Mac=3DSHA256 >>> ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 >>> Kx=3DECDH Au=3DRSA Enc=3DCamellia(128) Mac=3DSHA256 >>> -DHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESGCM(256) Mac=3DAEAD >>> DHE-RSA-CHACHA20-POLY1305 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DCHACHA20/POLY1305(256) Mac=3DAEAD >>> -DHE-RSA-AES256-CCM8 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESCCM8(256) Mac=3DAEAD >>> -DHE-RSA-AES256-CCM TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESCCM(256) Mac=3DAEAD >>> +DHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESGCM(256) Mac=3DAEAD >>> DHE-RSA-AES128-GCM-SHA256 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESGCM(128) Mac=3DAEAD >>> -DHE-RSA-AES128-CCM8 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESCCM8(128) Mac=3DAEAD >>> -DHE-RSA-AES128-CCM TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAESCCM(128) Mac=3DAEAD >>> DHE-RSA-AES256-SHA256 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAES(256) Mac=3DSHA256 >>> DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DCamellia(256) Mac=3DSHA256 >>> DHE-RSA-AES128-SHA256 TLSv1.2 >>> Kx=3DDH Au=3DRSA Enc=3DAES(128) Mac=3DSHA256 >>> @@ -37,14 +29,9 @@ >>> DHE-RSA-AES256-SHA SSLv3 >>> Kx=3DDH Au=3DRSA Enc=3DAES(256) Mac=3DSHA1 >>> DHE-RSA-CAMELLIA256-SHA SSLv3 >>> Kx=3DDH Au=3DRSA Enc=3DCamellia(256) Mac=3DSHA1 >>> DHE-RSA-AES128-SHA SSLv3 >>> Kx=3DDH Au=3DRSA Enc=3DAES(128) Mac=3DSHA1 >>> -DHE-RSA-SEED-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DSEED(128) >>> Mac=3DSHA1 >>> DHE-RSA-CAMELLIA128-SHA SSLv3 >>> Kx=3DDH Au=3DRSA Enc=3DCamellia(128) Mac=3DSHA1 >>> AES256-GCM-SHA384 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAESGCM(256) Mac=3DAEAD >>> -AES256-CCM8 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAESCCM8(256) Mac=3DAEAD >>> -AES256-CCM TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAESCCM(256) Mac=3DAEAD >>> AES128-GCM-SHA256 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAESGCM(128) Mac=3DAEAD >>> -AES128-CCM8 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAESCCM8(128) Mac=3DAEAD >>> -AES128-CCM TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAESCCM(128) Mac=3DAEAD >>> AES256-SHA256 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAES(256) Mac=3DSHA256 >>> CAMELLIA256-SHA256 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DCamellia(256) Mac=3DSHA256 >>> AES128-SHA256 TLSv1.2 >>> Kx=3DRSA Au=3DRSA Enc=3DAES(128) Mac=3DSHA256=20 >>>=20 >>> So mostly changes are causing by the disabled AES-CCM. >>>=20 >>> Best, >>>=20 >>> Erik >>=20 >>=20 >=20 --===============0759141659355401509==--