Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value

22 Jan 2018

On Sun, 2018-01-21 at 13:54 -0600, Paul Simmons wrote:
...
On Sun, 2018-01-21 at 19:08 +0000, Michael Tremer wrote:
...
Hello,
since there usually is a few people being opinionated about this sort
of changes, I will wait a little until we get the comments in. Let's
say a week.
Best,
-Michael
On Sat, 2018-01-20 at 15:28 +0100, Peter Müller wrote:
...
Only use secure cipher list for the OpenSSL DEFAULT list:

ECDSA is preferred over RSA since it is faster and more scalable
TLS 1.2 suites are preferred over anything older
weak ciphers such as RC4 and 3DES have been eliminated
AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt"

problem)

ciphers without PFS are moved to the end of the cipher list

The DEFAULT cipher list is now ("openssl ciphers -v"):
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2
Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2
Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2
Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES128-GCM-SHA256 TLSv1.2
Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2
Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA
Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA
Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    SSLv3
Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    SSLv3
Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3
Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256)
Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3
Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128)
Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256)
Mac=AEAD
AES256-SHA256           TLSv1.2
Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128)
Mac=AEAD
AES128-SHA256           TLSv1.2
Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES256-SHA              SSLv3
Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256)
Mac=SHA1
AES128-SHA              SSLv3
Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128)
Mac=SHA1
This has been discussed at 2017-12-04 (https://wiki.ipfire.org/deve
l/telco/2017-12-04).
Signed-off-by: Peter Müller peter.mueller@link38.eu
Cc: Michael Tremer michael.tremer@ipfire.org

lfs/openssl                                   |  2 +-
 src/patches/openssl-1.0.2n-weak-ciphers.patch | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 src/patches/openssl-1.0.2n-weak-ciphers.patch

diff --git a/lfs/openssl b/lfs/openssl
index 6050768ec..65d738d0f 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -126,7 +126,7 @@ $(TARGET) : $(patsubst
%,$(DIR_DL)/%,$(objects))
   @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf
$(DIR_DL)/$(DL_FILE)
   cd $(DIR_APP) && patch -Np1 <
$(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
   cd $(DIR_APP) && patch -Np1 <
$(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch

cd $(DIR_APP) && patch -Np1 <

$(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch

cd $(DIR_APP) && patch -Np1 <

$(DIR_SRC)/src/patches/openssl-1.0.2n-weak-ciphers.patch
   cd $(DIR_APP) && patch -Np1 <
$(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
diff --git a/src/patches/openssl-1.0.2n-weak-ciphers.patch
b/src/patches/openssl-1.0.2n-weak-ciphers.patch
new file mode 100644
index 000000000..9fb4051e3
--- /dev/null
+++ b/src/patches/openssl-1.0.2n-weak-ciphers.patch
@@ -0,0 +1,12 @@
+diff -Naur openssl-1.0.2n-orig/ssl/ssl.h openssl-1.0.2n/ssl/ssl.h
+--- openssl-1.0.2n-orig/ssl/ssl.h	2017-12-07
14:16:42.000000000 +0100
++++ openssl-1.0.2n/ssl/ssl.h	2018-01-20 11:56:02.477927590
+0100
+@@ -338,7 +338,7 @@


The following cipher list is used by default. It also is



substituted when


an application-defined cipher list string starts with



'DEFAULT'.

*/

+-# define SSL_DEFAULT_CIPHER_LIST
"ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
++# define SSL_DEFAULT_CIPHER_LIST
"kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:
!MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS"

/*

As of OpenSSL 1.0.0, ssl_create_cipher_list() in



ssl/ssl_ciph.c always


starts with a reasonable order, and all we have to do for



DEFAULT is
Since some IPFire users are ignorant of the latest and greatest security 
discussions, implementing this patch will help many of us to adhere to 
best practices.  Therefore, I support this patch.
I suppose you are referring to some users who are still running outdated
machines with MS Exchange 2003 and things like that?
Certainly that is a huge problem. However, we need to make sure that IPFire
generally compatible with the rest of the world. There is no easy answer to
this.
Best,
-Michael
...
Best,
Paul Simmons

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [PATCH] set OpenSSL DEFAULT cipher list to secure value