Date: Fri, 6 Mar 2015 16:36:24 -0800 From: Doug Hardie <bc979@lafn.org> To: Charles Swiger <cswiger@mac.com> Cc: FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: OpenSSL Ciphers Message-ID: <031A70A3-C348-4E2A-8C30-79F85BA4B4A1@lafn.org> In-Reply-To: <DC459F71-D819-4BB9-AC1A-4E1D5EB6D4E8@mac.com> References: <5347DC2D-AD6C-41A1-AEC7-A81C51F691B3@lafn.org> <B8A83AF6-B354-46E7-A736-64959C53CD66@lafn.org> <DC459F71-D819-4BB9-AC1A-4E1D5EB6D4E8@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 6 March 2015, at 16:28, Charles Swiger <cswiger@mac.com> wrote: >=20 > Hi-- >=20 >> On Mar 6, 2015, at 3:58 PM, Doug Hardie <bc979@lafn.org> wrote: >>> On 3 March 2015, at 23:21, Doug Hardie <bc979@lafn.org> wrote: >>> The default list of ciphers is quite extensive and includes some = that are apparently causing some potential security issues. I have a = number of applications that use OpenSSL and many don=E2=80=99t have the = code to restrict the list. Fixing all that would take quite a bit of = work. However, looking into /usr/include/openssl/ssl.h I find a = definition for the SSL_DEFAULT_CIPHER_LIST. The comments indicate that = that list is the one used when the application doesn=E2=80=99t specify = anything. I changed its definition to: >>>=20 >>> #define SSL_DEFAULT_CIPHER_LIST = "TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH: >>>=20 >>> However, s_connect will still create a connection with the export = ciphers. I tried adding !EXPORT to that list and it had no effect. Is = the definition actually used by openssl or is it just there for = documentation? >>=20 >> Not hearing anything on this, I suspect it=E2=80=99s not very well = understood. I have started updating the various servers/clients that = use SSL/TLS. The one that has me completely stumped is sendmail. There = is a web page which provides instructions = "http://novosial.org/sendmail/cipherlist/index.html=E2=80=9D. However, = when I follow them, I can still establish a connection and deliver mail = using the export ciphers. =20 >>=20 >> Has anyone successfully restricted the sendmail ciphers? >=20 > You can see which ciphers openssl will support via a statement like: >=20 > % openssl ciphers -v = 'TLSv1+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH:!EXPORT' > DHE-RSA-AES256-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(256) = Mac=3DSHA1 > DHE-DSS-AES256-SHA SSLv3 Kx=3DDH Au=3DDSS Enc=3DAES(256) = Mac=3DSHA1 > AES256-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(256) = Mac=3DSHA1 > DHE-RSA-AES128-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(128) = Mac=3DSHA1 > DHE-DSS-AES128-SHA SSLv3 Kx=3DDH Au=3DDSS Enc=3DAES(128) = Mac=3DSHA1 > AES128-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(128) = Mac=3DSHA1 > RC4-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DRC4(128) = Mac=3DSHA1 > RC4-MD5 SSLv3 Kx=3DRSA Au=3DRSA Enc=3DRC4(128) = Mac=3DMD5=20 > RC4-MD5 SSLv2 Kx=3DRSA Au=3DRSA Enc=3DRC4(128) = Mac=3DMD5=20 >=20 > ...and you can experiment with TLS negotiation results via something = like: >=20 > % openssl s_client -cipher 'AES256-SHA:AES128-SHA' -connect = www.google.com:443 > [ ... ] > New, TLSv1/SSLv3, Cipher is AES128-SHA > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : AES128-SHA > Session-ID: [ ... ] >=20 > Sendmail normally performs crypto via STARTTLS negotiation rather than = via SMTPS; there's a CipherList option which can be defined via = sendmail.mc / sendmail.cf. You might need to recompile sendmail with = -D_FFR_TLS_1, which I think that novosial page mentions. sendmail has _FFR_TLS_1 compiled in per th tests in the web page = mentioned above. The CipherList option doesn=E2=80=99t seem to work. I = can connect and send mail with that in place using the EXPORT ciphers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?031A70A3-C348-4E2A-8C30-79F85BA4B4A1>