From owner-freebsd-questions@FreeBSD.ORG Sat Mar 7 23:14:51 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1ED0D58D; Sat, 7 Mar 2015 23:14:51 +0000 (UTC) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id ED4A0257; Sat, 7 Mar 2015 23:14:50 +0000 (UTC) Received: from [10.0.1.2] (static-71-177-216-148.lsanca.fios.verizon.net [71.177.216.148]) (authenticated bits=0) by zoom.lafn.org (8.14.7/8.14.7) with ESMTP id t27NDUM5009584 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Mar 2015 15:13:31 -0800 (PST) (envelope-from bc979@lafn.org) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: Re: OpenSSL Ciphers From: Doug Hardie In-Reply-To: <4d416c9dfa4e2922174ff469313578a0@dweimer.net> Date: Sat, 7 Mar 2015 15:13:30 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <79CC9795-C5EF-451A-9A49-A2847E7C5974@lafn.org> References: <5347DC2D-AD6C-41A1-AEC7-A81C51F691B3@lafn.org> <031A70A3-C348-4E2A-8C30-79F85BA4B4A1@lafn.org> <4d416c9dfa4e2922174ff469313578a0@dweimer.net> To: dweimer@dweimer.net X-Mailer: Apple Mail (2.2070.6) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean Cc: FreeBSD - , owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2015 23:14:51 -0000 > On 7 March 2015, at 08:49, dweimer wrote: >=20 > On 03/07/2015 1:35 am, Doug Hardie wrote: >>> On 6 March 2015, at 17:35, dweimer wrote: >>> On 03/06/2015 6:36 pm, Doug Hardie wrote: >>>>> On 6 March 2015, at 16:28, Charles Swiger wrote: >>>>> Hi-- >>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie wrote: >>>>>>> On 3 March 2015, at 23:21, Doug Hardie wrote: >>>>>>> The default list of ciphers is quite extensive and includes some = that are apparently causing some potential security issues. I have a = number of applications that use OpenSSL and many don=E2=80=99t have the = code to restrict the list. Fixing all that would take quite a bit of = work. However, looking into /usr/include/openssl/ssl.h I find a = definition for the SSL_DEFAULT_CIPHER_LIST. The comments indicate that = that list is the one used when the application doesn=E2=80=99t specify = anything. I changed its definition to: >>>>>>> #define SSL_DEFAULT_CIPHER_LIST = "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH: >>>>>>> However, s_connect will still create a connection with the = export ciphers. I tried adding !EXPORT to that list and it had no = effect. Is the definition actually used by openssl or is it just there = for documentation? >>>>>> Not hearing anything on this, I suspect it=E2=80=99s not very = well understood. I have started updating the various servers/clients = that use SSL/TLS. The one that has me completely stumped is sendmail. = There is a web page which provides instructions = "http://novosial.org/sendmail/cipherlist/index.html=E2=80=9D. However, = when I follow them, I can still establish a connection and deliver mail = using the export ciphers. >>>>>> Has anyone successfully restricted the sendmail ciphers? >>>>> You can see which ciphers openssl will support via a statement = like: >>>>> % openssl ciphers -v = 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT' >>>>> DHE-RSA-AES256-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(256)= Mac=3DSHA1 >>>>> DHE-DSS-AES256-SHA SSLv3 Kx=3DDH Au=3DDSS Enc=3DAES(256)= Mac=3DSHA1 >>>>> AES256-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(256)= Mac=3DSHA1 >>>>> DHE-RSA-AES128-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(128)= Mac=3DSHA1 >>>>> DHE-DSS-AES128-SHA SSLv3 Kx=3DDH Au=3DDSS Enc=3DAES(128)= Mac=3DSHA1 >>>>> AES128-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(128)= Mac=3DSHA1 >>>>> RC4-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DRC4(128)= Mac=3DSHA1 >>>>> RC4-MD5 SSLv3 Kx=3DRSA Au=3DRSA Enc=3DRC4(128)= Mac=3DMD5 >>>>> RC4-MD5 SSLv2 Kx=3DRSA Au=3DRSA Enc=3DRC4(128)= Mac=3DMD5 >>>>> ...and you can experiment with TLS negotiation results via = something like: >>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect = www.google.com:443 >>>>> [ ... ] >>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA >>>>> Server public key is 2048 bit >>>>> Secure Renegotiation IS supported >>>>> Compression: NONE >>>>> Expansion: NONE >>>>> SSL-Session: >>>>> Protocol : TLSv1 >>>>> Cipher : AES128-SHA >>>>> Session-ID: [ ... ] >>>>> Sendmail normally performs crypto via STARTTLS negotiation rather = than via SMTPS; there's a CipherList option which can be defined via = sendmail.mc / sendmail.cf. You might need to recompile sendmail with = -D_FFR_TLS_1, which I think that novosial page mentions. >>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page >>>> mentioned above. The CipherList option doesn=E2=80=99t seem to = work. I can >>>> connect and send mail with that in place using the EXPORT ciphers. >>> Doug, >>> I have this added to my /etc/mail/{HOSTNAME}.mc file. >>> LOCAL_CONFIG >>> O CipherList=3DALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM >>> Of course you can use other options, this has been there for a while = in mine, carried over from some time a few versions back. Probably = should get around to testing it to make sure it actually is still = working. It doesn't take long to add it in and run a quick test. >> As I replied earlier, I have done that. I can still use: >> openssl s_client -connect localhost:25 -starttls smtp -cipher EXPORT >=20 > Strange, it seems to be working on mine. >=20 > if I use the following, it connects: > openssl s_client -connect 192.168.5.2:25 -starttls smtp > CONNECTED(00000003) > depth=3D1 C =3D US, ST =3D Arizona, L =3D Scottsdale, O =3D = "GoDaddy.com, Inc.", OU =3D http://certs.godaddy.com/repository/, CN =3D = Go Daddy Secure Certificate Authority - G2 > [snip] > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 > Server public key is 4096 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : DHE-RSA-AES256-GCM-SHA384 > [snip] >=20 >=20 > if I use the cipher option specify aNULL it fails: >=20 > openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher aNULL > CONNECTED(00000003) > 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 = alert handshake = failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openss= l/ssl/s23_clnt.c:770: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 353 bytes and written 234 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE Interesting. That does seem to work for you. I will have to do some = more digging into the code. For some reason it doesn=E2=80=99t work for = me. Thanks for that assistance. =20