From owner-freebsd-questions@FreeBSD.ORG Sat Mar 7 16:49:15 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 110C6264; Sat, 7 Mar 2015 16:49:15 +0000 (UTC) Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com [24.240.198.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C8EE9827; Sat, 7 Mar 2015 16:49:14 +0000 (UTC) Received: from www.dweimer.net (webmail [192.168.5.2]) by webmail.dweimer.net (8.14.9/8.14.9) with ESMTP id t27GnCsi050579 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sat, 7 Mar 2015 10:49:12 -0600 (CST) (envelope-from dweimer@dweimer.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Sat, 07 Mar 2015 10:49:11 -0600 From: dweimer To: Doug Hardie Subject: Re: OpenSSL Ciphers Organization: dweimer.net Reply-To: dweimer@dweimer.net Mail-Reply-To: dweimer@dweimer.net In-Reply-To: References: <5347DC2D-AD6C-41A1-AEC7-A81C51F691B3@lafn.org> <031A70A3-C348-4E2A-8C30-79F85BA4B4A1@lafn.org> Message-ID: <4d416c9dfa4e2922174ff469313578a0@dweimer.net> X-Sender: dweimer@dweimer.net User-Agent: Roundcube Webmail/1.1.0 Cc: FreeBSD - , owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2015 16:49:15 -0000 On 03/07/2015 1:35 am, Doug Hardie wrote: >> On 6 March 2015, at 17:35, dweimer wrote: >> >> On 03/06/2015 6:36 pm, Doug Hardie wrote: >>>> On 6 March 2015, at 16:28, Charles Swiger wrote: >>>> Hi-- >>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie wrote: >>>>>> On 3 March 2015, at 23:21, Doug Hardie wrote: >>>>>> The default list of ciphers is quite extensive and includes some >>>>>> that are apparently causing some potential security issues. I >>>>>> have a number of applications that use OpenSSL and many don’t have >>>>>> the code to restrict the list. Fixing all that would take quite a >>>>>> bit of work. However, looking into /usr/include/openssl/ssl.h I >>>>>> find a definition for the SSL_DEFAULT_CIPHER_LIST. The comments >>>>>> indicate that that list is the one used when the application >>>>>> doesn’t specify anything. I changed its definition to: >>>>>> #define SSL_DEFAULT_CIPHER_LIST >>>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH: >>>>>> However, s_connect will still create a connection with the export >>>>>> ciphers. I tried adding !EXPORT to that list and it had no >>>>>> effect. Is the definition actually used by openssl or is it just >>>>>> there for documentation? >>>>> Not hearing anything on this, I suspect it’s not very well >>>>> understood. I have started updating the various servers/clients >>>>> that use SSL/TLS. The one that has me completely stumped is >>>>> sendmail. There is a web page which provides instructions >>>>> "http://novosial.org/sendmail/cipherlist/index.html”. However, >>>>> when I follow them, I can still establish a connection and deliver >>>>> mail using the export ciphers. >>>>> Has anyone successfully restricted the sendmail ciphers? >>>> You can see which ciphers openssl will support via a statement like: >>>> % openssl ciphers -v >>>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT' >>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) >>>> Mac=SHA1 >>>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) >>>> Mac=SHA1 >>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) >>>> Mac=SHA1 >>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) >>>> Mac=SHA1 >>>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) >>>> Mac=SHA1 >>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) >>>> Mac=SHA1 >>>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) >>>> Mac=SHA1 >>>> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) >>>> Mac=MD5 >>>> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) >>>> Mac=MD5 >>>> ...and you can experiment with TLS negotiation results via something >>>> like: >>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect >>>> www.google.com:443 >>>> [ ... ] >>>> New, TLSv1/SSLv3, Cipher is AES128-SHA >>>> Server public key is 2048 bit >>>> Secure Renegotiation IS supported >>>> Compression: NONE >>>> Expansion: NONE >>>> SSL-Session: >>>> Protocol : TLSv1 >>>> Cipher : AES128-SHA >>>> Session-ID: [ ... ] >>>> Sendmail normally performs crypto via STARTTLS negotiation rather >>>> than via SMTPS; there's a CipherList option which can be defined via >>>> sendmail.mc / sendmail.cf. You might need to recompile sendmail >>>> with -D_FFR_TLS_1, which I think that novosial page mentions. >>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page >>> mentioned above. The CipherList option doesn’t seem to work. I can >>> connect and send mail with that in place using the EXPORT ciphers. >> >> Doug, >> I have this added to my /etc/mail/{HOSTNAME}.mc file. >> >> LOCAL_CONFIG >> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM >> >> Of course you can use other options, this has been there for a while >> in mine, carried over from some time a few versions back. Probably >> should get around to testing it to make sure it actually is still >> working. It doesn't take long to add it in and run a quick test. > > > As I replied earlier, I have done that. I can still use: > > openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT > Strange, it seems to be working on mine. if I use the following, it connects: openssl s_client -connect 192.168.5.2:25 -starttls smtp CONNECTED(00000003) depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2 [snip] New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 [snip] if I use the cipher option specify aNULL it fails: openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher aNULL CONNECTED(00000003) 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 353 bytes and written 234 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- -- Thanks, Dean E. Weimer http://www.dweimer.net/