From owner-freebsd-questions@FreeBSD.ORG Sat Mar 7 00:28:24 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 537B3A6A for ; Sat, 7 Mar 2015 00:28:24 +0000 (UTC) Received: from mail-in4.apple.com (mail-out4.apple.com [17.151.62.26]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 26799BEF for ; Sat, 7 Mar 2015 00:28:23 +0000 (UTC) Received: from relay5.apple.com (relay5.apple.com [17.128.113.88]) by mail-in4.apple.com (Apple Secure Mail Relay) with SMTP id 41.5A.12706.7264AF45; Fri, 6 Mar 2015 16:28:23 -0800 (PST) X-AuditID: 11973e12-f79d66d0000031a2-33-54fa46276d20 Received: from [17.149.231.242] (Unknown_Domain [17.149.231.242]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by relay5.apple.com (Apple SCV relay) with SMTP id 55.B5.16346.9264AF45; Fri, 6 Mar 2015 16:28:25 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: Re: OpenSSL Ciphers From: Charles Swiger In-Reply-To: Date: Fri, 6 Mar 2015 16:28:22 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5347DC2D-AD6C-41A1-AEC7-A81C51F691B3@lafn.org> To: Doug Hardie X-Mailer: Apple Mail (2.2070.6) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHLMWRmVeSWpSXmKPExsUi2FAYoavu9ivEYOcidou3P56wWbz8uonF gcljxqf5LB4tV2eyBjBFcdmkpOZklqUW6dslcGX8mHGBteC3RMXupibGBsaTwl2MnBwSAiYS 1xc9Y4OwxSQu3FsPZHNxCAnsZZSYcKaTFaZoX/dcqMR0Jomt13+DJZgF1CX+zLvEDGLzChhI zD31hQnEFhaQkfj6+hVQAwcHm4CaxISJPCBhTgEbiaPbr4G1sgioSEzfPYEZYoyuRNONt4wQ trbEsoWvoUZaSbw4cgzMFhLIljh3ayGYLSKgIHFr8wZGkPESAvISPZvSQU6TEPjIKrF17g/m CYxCs5BcNwvJdbOQrFjAyLyKUSg3MTNHNzPPRC+xoCAnVS85P3cTIyiAp9sJ7WA8tcrqEKMA B6MSD2+H1M8QIdbEsuLK3EOM0hwsSuK8ti+AQgLpiSWp2ampBalF8UWlOanFhxiZODilGhjn zzNVne94cevNNdWPaw3eWHqkhyS/LpbO58rQPVj8oT/1p/icqLr5J0LDXkmXTi6b4Fe0rXn1 x2nveD7sj7yhVlN6iX+GtPnNrTO3bkrb5e289aVhl4u2l4/ZoYiatCtZ92uXB30vnMGxOORC yhT/mk8VnRNLjZvWLhHo3q1e/S65pM8gq1CJpTgj0VCLuag4EQCgl2jjQQIAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrILMWRmVeSWpSXmKPExsUiOPX5J11Nt18hBrP3a1i8/fGEzeLl100s DkweMz7NZ/FouTqTNYApissmJTUnsyy1SN8ugSvjx4wLrAW/JSp2NzUxNjCeFO5i5OSQEDCR 2Nc9lw3CFpO4cG89kM3FISQwnUli6/XfrCAJZgF1iT/zLjGD2LwCBhJzT31hArGFBWQkvr5+ BdTAwcEmoCYxYSIPSJhTwEbi6PZrYK0sAioS03dPYIYYoyvRdOMtI4StLbFs4WuokVYSL44c A7OFBLIlzt1aCGaLCChI3Nq8gRFkvISAvETPpvQJjPyzkBw0C8lBs5BMXcDIvIpRoCg1J7HS VC+xoCAnVS85P3cTIyjgGgojdjD+X2Z1iFGAg1GJh9dA4meIEGtiWXFl7iFGCQ5mJRHeqcq/ QoR4UxIrq1KL8uOLSnNSiw8xSnOwKInzbrv4I0RIID2xJDU7NbUgtQgmy8TBKdXAGFwSvyP+ 1P9urgU/M/6ujm8QVPbx7njbcOLJstrwiCV+15I9vV7yr70/hfvXOm8lt0ye68rXfK8u2d1+ Rc3z+OP17659O3Ofo3a9j+W1xY/ucb/K3ZI2uXv937/GjCsuxfJqebs51dzz75PmVzvou07/ eHq9U+CRB31rpLPVnwZs7pAOXSzUp8RSnJFoqMVcVJwIAF93Tm40AgAA Cc: FreeBSD - X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2015 00:28:24 -0000 Hi-- > On Mar 6, 2015, at 3:58 PM, Doug Hardie wrote: >> On 3 March 2015, at 23:21, Doug Hardie wrote: >> The default list of ciphers is quite extensive and includes some that = are apparently causing some potential security issues. I have a number = of applications that use OpenSSL and many don=E2=80=99t have the code to = restrict the list. Fixing all that would take quite a bit of work. = However, looking into /usr/include/openssl/ssl.h I find a definition for = the SSL_DEFAULT_CIPHER_LIST. The comments indicate that that list is = the one used when the application doesn=E2=80=99t specify anything. I = changed its definition to: >>=20 >> #define SSL_DEFAULT_CIPHER_LIST = "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH: >>=20 >> However, s_connect will still create a connection with the export = ciphers. I tried adding !EXPORT to that list and it had no effect. Is = the definition actually used by openssl or is it just there for = documentation? >=20 > Not hearing anything on this, I suspect it=E2=80=99s not very well = understood. I have started updating the various servers/clients that = use SSL/TLS. The one that has me completely stumped is sendmail. There = is a web page which provides instructions = "http://novosial.org/sendmail/cipherlist/index.html=E2=80=9D. However, = when I follow them, I can still establish a connection and deliver mail = using the export ciphers. =20 >=20 > Has anyone successfully restricted the sendmail ciphers? You can see which ciphers openssl will support via a statement like: % openssl ciphers -v = 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT' DHE-RSA-AES256-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(256) = Mac=3DSHA1 DHE-DSS-AES256-SHA SSLv3 Kx=3DDH Au=3DDSS Enc=3DAES(256) = Mac=3DSHA1 AES256-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(256) = Mac=3DSHA1 DHE-RSA-AES128-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(128) = Mac=3DSHA1 DHE-DSS-AES128-SHA SSLv3 Kx=3DDH Au=3DDSS Enc=3DAES(128) = Mac=3DSHA1 AES128-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(128) = Mac=3DSHA1 RC4-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DRC4(128) = Mac=3DSHA1 RC4-MD5 SSLv3 Kx=3DRSA Au=3DRSA Enc=3DRC4(128) = Mac=3DMD5=20 RC4-MD5 SSLv2 Kx=3DRSA Au=3DRSA Enc=3DRC4(128) = Mac=3DMD5=20 ...and you can experiment with TLS negotiation results via something = like: % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect = www.google.com:443 [ ... ] New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: [ ... ] Sendmail normally performs crypto via STARTTLS negotiation rather than = via SMTPS; there's a CipherList option which can be defined via = sendmail.mc / sendmail.cf. You might need to recompile sendmail with = -D_FFR_TLS_1, which I think that novosial page mentions. Regards, --=20 -Chuck