Date: Fri, 6 Mar 2015 16:28:22 -0800 From: Charles Swiger <cswiger@mac.com> To: Doug Hardie <bc979@lafn.org> Cc: FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: OpenSSL Ciphers Message-ID: <DC459F71-D819-4BB9-AC1A-4E1D5EB6D4E8@mac.com> In-Reply-To: <B8A83AF6-B354-46E7-A736-64959C53CD66@lafn.org> References: <5347DC2D-AD6C-41A1-AEC7-A81C51F691B3@lafn.org> <B8A83AF6-B354-46E7-A736-64959C53CD66@lafn.org>
index | next in thread | previous in thread | raw e-mail
Hi-- > On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979@lafn.org> wrote: >> On 3 March 2015, at 23:21, Doug Hardie <bc979@lafn.org> wrote: >> The default list of ciphers is quite extensive and includes some that are apparently causing some potential security issues. I have a number of applications that use OpenSSL and many don’t have the code to restrict the list. Fixing all that would take quite a bit of work. However, looking into /usr/include/openssl/ssl.h I find a definition for the SSL_DEFAULT_CIPHER_LIST. The comments indicate that that list is the one used when the application doesn’t specify anything. I changed its definition to: >> >> #define SSL_DEFAULT_CIPHER_LIST "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH: >> >> However, s_connect will still create a connection with the export ciphers. I tried adding !EXPORT to that list and it had no effect. Is the definition actually used by openssl or is it just there for documentation? > > Not hearing anything on this, I suspect it’s not very well understood. I have started updating the various servers/clients that use SSL/TLS. The one that has me completely stumped is sendmail. There is a web page which provides instructions "http://novosial.org/sendmail/cipherlist/index.html”. However, when I follow them, I can still establish a connection and deliver mail using the export ciphers. > > Has anyone successfully restricted the sendmail ciphers? You can see which ciphers openssl will support via a statement like: % openssl ciphers -v 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT' DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 ...and you can experiment with TLS negotiation results via something like: % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect www.google.com:443 [ ... ] New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: [ ... ] Sendmail normally performs crypto via STARTTLS negotiation rather than via SMTPS; there's a CipherList option which can be defined via sendmail.mc / sendmail.cf. You might need to recompile sendmail with -D_FFR_TLS_1, which I think that novosial page mentions. Regards, -- -Chuckhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DC459F71-D819-4BB9-AC1A-4E1D5EB6D4E8>