Re: [PATCH] OpenSSL_update: Update to version 1.1.1a

13 Feb 2019

Hi,
I do not see any reason to use CCM if we can use GCM.
GCM is far better. I would explicitly disable CCM.
I think this sums it up okay:
https://crypto.stackexchange.com/questions/6842/how-to-choose-between-aes-cc...
-Michael
...
On 11 Feb 2019, at 08:52, ummeegge ummeegge@ipfire.org wrote:
Hi all,
On Fr, 2019-01-18 at 18:06 +0100, Peter Müller wrote:
...
Hello,
just for the records some explanations on this patch:
(a) Chacha/Poly is faster on devices without built-in AES
acceleration.
Since it provides the same strength as AES, I usually prefer it
except
for _very_ high bandwidth requirements.
(b) At the moment, there seems to be little support of AESCCM, so I
disabled it for now in order to keep our ciphersuite zoo smaller. :-)
If there is any need to enable it, I will update the patch
accordingly.
it seems that unbound uses AES-CCM. With version 1.9.0 which Matthias 
has already pushed, some new directives for DoT has been introduced. 
Please take a look to unbound example configurations -->
https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in
under "cipher setting for TLSv1.3" .
So it might be an idea to enable AESCCM !?
...
I am happy this made its way into IPFire. :-)
Updated add-on versions for Postfix and Tor will come soon, at the
moment, I am somewhat busy with libloc, Suricata and the ORANGE
default
firewall behaviour.
Thanks, and best regards,
Peter Müller
...
Even i use the old patch i am a happy tester with 64 bit since one
month + :-).
The difference between old and new patch (from Peter) are not that
vast
and they looks like this:

--- OpenSSL-1.1.1a_old_patch	2019-01-13 18:15:33.316651666
+0100
+++ OpenSSL-1.1.1a-new_patch	2019-01-13 18:16:22.008650232
+0100
@@ -1,31 +1,23 @@
-TLS_AES_256_GCM_SHA384  TLSv1.3
Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
+TLS_AES_256_GCM_SHA384  TLSv1.3
Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3
Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
-ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=CHACHA20/POLY1305(256) Mac=AEAD
-ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESCCM8(256) Mac=AEAD
-ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESCCM(256) Mac=AEAD
+ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESGCM(128) Mac=AEAD
-ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESCCM8(128) Mac=AEAD
-ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=Camellia(128) Mac=SHA256
-ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2
Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
+ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2
Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2
Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
-DHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2
Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
-DHE-RSA-AES256-CCM8     TLSv1.2
Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
-DHE-RSA-AES256-CCM      TLSv1.2
Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
+DHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2
Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
-DHE-RSA-AES128-CCM8     TLSv1.2
Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
-DHE-RSA-AES128-CCM      TLSv1.2
Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2
Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2
Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2
Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
@@ -37,14 +29,9 @@
DHE-RSA-AES256-SHA      SSLv3
Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3
Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3
Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
-DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128)
Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3
Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2
Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
-AES256-CCM8             TLSv1.2
Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
-AES256-CCM              TLSv1.2
Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2
Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
-AES128-CCM8             TLSv1.2
Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
-AES128-CCM              TLSv1.2
Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2
Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2
Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2
Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
So mostly changes are causing by the disabled AES-CCM.
Best,
Erik

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [PATCH] OpenSSL_update: Update to version 1.1.1a