From owner-freebsd-questions@FreeBSD.ORG Sun Mar 8 03:16:26 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A4DF362; Sun, 8 Mar 2015 03:16:26 +0000 (UTC) Received: from webmail.dweimer.net (24-240-198-187.static.stls.mo.charter.com [24.240.198.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2BE70E1C; Sun, 8 Mar 2015 03:16:25 +0000 (UTC) Received: from www.dweimer.net (webmail [192.168.5.2]) by webmail.dweimer.net (8.14.9/8.14.9) with ESMTP id t283GO2l073584 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 7 Mar 2015 21:16:24 -0600 (CST) (envelope-from dweimer@dweimer.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Sat, 07 Mar 2015 21:16:24 -0600 From: dweimer To: Doug Hardie Subject: Re: OpenSSL Ciphers Organization: dweimer.net Reply-To: dweimer@dweimer.net Mail-Reply-To: dweimer@dweimer.net In-Reply-To: References: <5347DC2D-AD6C-41A1-AEC7-A81C51F691B3@lafn.org> <031A70A3-C348-4E2A-8C30-79F85BA4B4A1@lafn.org> <4d416c9dfa4e2922174ff469313578a0@dweimer.net> <79CC9795-C5EF-451A-9A49-A2847E7C5974@lafn.org> <70654C1C-913A-4406-B904-697E153646E0@lafn.org> Message-ID: X-Sender: dweimer@dweimer.net User-Agent: Roundcube Webmail/1.1.0 Cc: FreeBSD - , owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2015 03:16:26 -0000 On 03/07/2015 8:58 pm, dweimer wrote: > On 03/07/2015 7:32 pm, Doug Hardie wrote: >>> On 7 March 2015, at 15:13, Doug Hardie wrote: >>> >>> >>>> On 7 March 2015, at 08:49, dweimer wrote: >>>> >>>> On 03/07/2015 1:35 am, Doug Hardie wrote: >>>>>> On 6 March 2015, at 17:35, dweimer wrote: >>>>>> On 03/06/2015 6:36 pm, Doug Hardie wrote: >>>>>>>> On 6 March 2015, at 16:28, Charles Swiger >>>>>>>> wrote: >>>>>>>> Hi-- >>>>>>>>> On Mar 6, 2015, at 3:58 PM, Doug Hardie wrote: >>>>>>>>>> On 3 March 2015, at 23:21, Doug Hardie wrote: >>>>>>>>>> The default list of ciphers is quite extensive and includes >>>>>>>>>> some that are apparently causing some potential security >>>>>>>>>> issues. I have a number of applications that use OpenSSL and >>>>>>>>>> many don’t have the code to restrict the list. Fixing all >>>>>>>>>> that would take quite a bit of work. However, looking into >>>>>>>>>> /usr/include/openssl/ssl.h I find a definition for the >>>>>>>>>> SSL_DEFAULT_CIPHER_LIST. The comments indicate that that list >>>>>>>>>> is the one used when the application doesn’t specify anything. >>>>>>>>>> I changed its definition to: >>>>>>>>>> #define SSL_DEFAULT_CIPHER_LIST >>>>>>>>>> "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH: >>>>>>>>>> However, s_connect will still create a connection with the >>>>>>>>>> export ciphers. I tried adding !EXPORT to that list and it >>>>>>>>>> had no effect. Is the definition actually used by openssl or >>>>>>>>>> is it just there for documentation? >>>>>>>>> Not hearing anything on this, I suspect it’s not very well >>>>>>>>> understood. I have started updating the various >>>>>>>>> servers/clients that use SSL/TLS. The one that has me >>>>>>>>> completely stumped is sendmail. There is a web page which >>>>>>>>> provides instructions >>>>>>>>> "http://novosial.org/sendmail/cipherlist/index.html”. However, >>>>>>>>> when I follow them, I can still establish a connection and >>>>>>>>> deliver mail using the export ciphers. >>>>>>>>> Has anyone successfully restricted the sendmail ciphers? >>>>>>>> You can see which ciphers openssl will support via a statement >>>>>>>> like: >>>>>>>> % openssl ciphers -v >>>>>>>> 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT' >>>>>>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) >>>>>>>> Mac=SHA1 >>>>>>>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) >>>>>>>> Mac=SHA1 >>>>>>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) >>>>>>>> Mac=SHA1 >>>>>>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) >>>>>>>> Mac=SHA1 >>>>>>>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) >>>>>>>> Mac=SHA1 >>>>>>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) >>>>>>>> Mac=SHA1 >>>>>>>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) >>>>>>>> Mac=SHA1 >>>>>>>> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) >>>>>>>> Mac=MD5 >>>>>>>> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) >>>>>>>> Mac=MD5 >>>>>>>> ...and you can experiment with TLS negotiation results via >>>>>>>> something like: >>>>>>>> % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect >>>>>>>> www.google.com:443 >>>>>>>> [ ... ] >>>>>>>> New, TLSv1/SSLv3, Cipher is AES128-SHA >>>>>>>> Server public key is 2048 bit >>>>>>>> Secure Renegotiation IS supported >>>>>>>> Compression: NONE >>>>>>>> Expansion: NONE >>>>>>>> SSL-Session: >>>>>>>> Protocol : TLSv1 >>>>>>>> Cipher : AES128-SHA >>>>>>>> Session-ID: [ ... ] >>>>>>>> Sendmail normally performs crypto via STARTTLS negotiation >>>>>>>> rather than via SMTPS; there's a CipherList option which can be >>>>>>>> defined via sendmail.mc / sendmail.cf. You might need to >>>>>>>> recompile sendmail with -D_FFR_TLS_1, which I think that >>>>>>>> novosial page mentions. >>>>>>> sendmail has _FFR_TLS_1 compiled in per th tests in the web page >>>>>>> mentioned above. The CipherList option doesn’t seem to work. I >>>>>>> can >>>>>>> connect and send mail with that in place using the EXPORT >>>>>>> ciphers. >>>>>> Doug, >>>>>> I have this added to my /etc/mail/{HOSTNAME}.mc file. >>>>>> LOCAL_CONFIG >>>>>> O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM >>>>>> Of course you can use other options, this has been there for a >>>>>> while in mine, carried over from some time a few versions back. >>>>>> Probably should get around to testing it to make sure it actually >>>>>> is still working. It doesn't take long to add it in and run a >>>>>> quick test. >>>>> As I replied earlier, I have done that. I can still use: >>>>> openssl s_client -connect localhost:25 -starttls smtp -cipher >>>>> EXPORT >>>> >>>> Strange, it seems to be working on mine. >>>> >>>> if I use the following, it connects: >>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp >>>> CONNECTED(00000003) >>>> depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, >>>> Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy >>>> Secure Certificate Authority - G2 >>>> [snip] >>>> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 >>>> Server public key is 4096 bit >>>> Secure Renegotiation IS supported >>>> Compression: NONE >>>> Expansion: NONE >>>> SSL-Session: >>>> Protocol : TLSv1.2 >>>> Cipher : DHE-RSA-AES256-GCM-SHA384 >>>> [snip] >>>> >>>> >>>> if I use the cipher option specify aNULL it fails: >>>> >>>> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher >>>> aNULL >>>> CONNECTED(00000003) >>>> 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 >>>> alert handshake >>>> failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770: >>>> --- >>>> no peer certificate available >>>> --- >>>> No client certificate CA names sent >>>> --- >>>> SSL handshake has read 353 bytes and written 234 bytes >>>> --- >>>> New, (NONE), Cipher is (NONE) >>>> Secure Renegotiation IS NOT supported >>>> Compression: NONE >>>> Expansion: NONE >>> >>> Interesting. That does seem to work for you. I will have to do some >>> more digging into the code. For some reason it doesn’t work for me. >>> Thanks for that assistance. >> >> After more testing, I think you need to try: >> >> openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP >> >> I suspect it will give: >> New, TLSv1/SSLv3, Cipher is EXP-DES-CBC-SHA >> >> >> That is the export cipher which is the problem. > > openssl s_client -connect 192.168.5.2:25 -starttls smtp -cipher EXP > CONNECTED(00000003) > 34379254472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake > failure:/jails/devel/ROOT/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:770: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 353 bytes and written 108 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- > > I did nothing special with the build, just put this in the > configuration for sendmail .mc file > > In my case the local hostname of the jail I am running sendmail in is > webmail.dweimer.local > > So /etc/mail/webmail.dweimer.local.mc > > dnl Cert Options > define(`confCACERT_PATH', `/common/GoDaddy.Cert/')dnl > define(`confCACERT', `/common/GoDaddy.Cert/gd_bundle_g2_g1.pem')dnl > define(`confSERVER_CERT', `/common/GoDaddy.Cert/dweimer.net.pem')dnl > define(`confSERVER_KEY', `/common/GoDaddy.Cert/dweimer.net.key.pem')dnl > > dnl DAEMON_OPTIONS > dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA') > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s') > > LOCAL_CONFIG > O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM > > define(`confDOMAIN_NAME', `webmail.dweimer.net')dnl > > then from within /etc/mail > run: > make && make install && make restart > > Then the test should run fine. > > I guess I do have this in my make.conf > SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL > SENDMAIL_LDFLAGS=-L/usr/local/lib > SENDMAIL_LDADD=-lsasl2 > > However I believe this was put in there when adding the SMTP > Authentication support, and isn't required for the SSL part. > > This cipher list was pulled from an old Apache recommendation probably > should update it, but this is just a server I use for my personal > email and testing things. You got me thinking, and I did a little more digging, I now have this in my configuration: LOCAL_CONFIG O CipherList=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4 O ServerSSLOptions=+SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 This was as close as I could figure out to mirror my current Apache configuration which gets an A rating on the Qualsys SSL Labs test (https://www.ssllabs.com/ssltest/index.html). -- Thanks, Dean E. Weimer http://www.dweimer.net/