From patchwork Wed Feb 28 04:35:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller_via_Development?= X-Patchwork-Id: 1678 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id EA01C60BF6 for ; Tue, 27 Feb 2018 18:35:42 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 6034110BA557; Tue, 27 Feb 2018 17:36:01 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.ipfire.org; s=201801; t=1519752961; x=1522344961; bh=fNOJa/W+tIDBDinRBIG349wM5ghkpx1DKOxdVlj02oY=; h=Date:To:Subject:Message-ID:Content-Type:From:Reply-To:Sender:From: To:Cc:Date:Content-Type:Message-ID:In-Reply-To:Subject:Reply-To: Sender; b=Q11B34iNplUt38kQRLIF1M+A1zVZ4upaQV3DtZft9iCNy2nB3nCuIRFvdUjaxOO9h Lf+apXHMJ7BX9eX2OyISphtMSbUL0n+ItPOYIkGTW//QBB7mvhMZoAMV7CAWluJg9M UaK3LxNSBEZAlX6e7H7mBZVRNhJfLDHvKSLQfV+w3lG7Ev3Nwe8KhQVw1ZMv2szxjp wjU4dI1q993toa5BZiU5ahUbhsChhJ1ZSlPbWiDWgENdP36iwNB9O7ZdWTrEEsow2q 1a59ZqpvSR1WpZhiY8xzKZ/5uSKBpIExwz5FWdoniMFUYs2MUfvTUIYwoNBJ7ql3pS MzqBKmoXyq3XQ== X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx-nbg.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 0776B111C516 for ; Tue, 27 Feb 2018 17:35:54 +0000 (GMT) Authentication-Results: mail01.ipfire.org; dmarc=pass (p=none dis=none) header.from=link38.eu Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=peter.mueller@link38.eu Authentication-Results: mail01.ipfire.org; dkim=pass (2048-bit key) header.d=link38.eu header.i=@link38.eu header.b="Y3I/G1Qt" X-Virus-Scanned: ClamAV at mx-nbg.link38.eu DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=link38.eu; s=201711; t=1519752923; x=1522344923; bh=fNOJa/W+tIDBDinRBIG349wM5ghkpx1DKOxdVlj02oY=; h=Date:From:To:Subject:Message-ID:Content-Type:From:To:Subject:Date: Cc; b=Y3I/G1QtdzaCaYUt+fWUepZkctr2iOy1PurfsZyBpuh/bmuqJrc2Of8Y6jSA3Fl6Z 5CPJrsvCCmJN9LKeCvGQryLqFE4fQUQ9UfR/EXho12OVipznznjEC+ETs7ZyfkFfSm VdXt4frYXkD5vAXDmHyMB7waSMhCvro3s8zGwAlmXmUIXyonuBuRo7SgZzVcvRlxq8 eoJKFoL5XzDlLeE6BAchqpHE271i8csC02+9l8UGGIKyv3ICmkliPhw64dtrkgj+UK wrWPbTkhXnup5z2+hv8ejAozj+x/7ZuyUA57QYWts9rMeon7lRBk+6DE4nwQeT//3r 60SAToZ8ZOb2g== Date: Tue, 27 Feb 2018 18:35:22 +0100 To: "development@lists.ipfire.org" Subject: [PATCH] set OpenSSL 1.1.0 DEFAULT cipher list to secure value Message-ID: <20180227183522.7f45d376.peter.mueller@link38.eu> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Peter =?utf-8?q?M=C3=BCller?= via Development From: =?utf-8?q?Peter_M=C3=BCller_via_Development?= Reply-To: Peter =?utf-8?q?M=C3=BCller?= Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Only use secure cipher list for the OpenSSL DEFAULT list: * ECDSA is preferred over RSA since it is faster and more scalable * TLS 1.2 suites are preferred over anything older * weak ciphers such as RC4 and 3DES have been eliminated * AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt" problem) * ciphers without PFS are moved to the end of the cipher list This patch leaves AES-CCM, AES-CCM8 and CHACHA20-POLY1305 suites where they are since they are considered secure and there is no need to change anything. The DEFAULT cipher list is now (output of "openssl ciphers -v"): ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 This has been discussed at 2017-12-04 (https://wiki.ipfire.org/devel/telco/2017-12-04) and for a similar patch written for OpenSSL 1.0.x. Signed-off-by: Peter Müller --- lfs/openssl | 3 +++ src/patches/openssl-1.1.0g-weak-ciphers.patch | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 src/patches/openssl-1.1.0g-weak-ciphers.patch diff --git a/lfs/openssl b/lfs/openssl index bd7098039..6e17e79e6 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -131,6 +131,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) \ $(CFLAGS) $(LDFLAGS) + # Apply patch for changing DEFAULT cipher list (needed after configure) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.0g-weak-ciphers.patch + cd $(DIR_APP) && make depend cd $(DIR_APP) && make diff --git a/src/patches/openssl-1.1.0g-weak-ciphers.patch b/src/patches/openssl-1.1.0g-weak-ciphers.patch new file mode 100644 index 000000000..66dad2bee --- /dev/null +++ b/src/patches/openssl-1.1.0g-weak-ciphers.patch @@ -0,0 +1,11 @@ +--- openssl-1.1.0g-orig/include/openssl/ssl.h 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/ssl.h 2018-02-27 18:23:43.522649728 +0100 +@@ -194,7 +194,7 @@ + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" ++# define SSL_DEFAULT_CIPHER_LIST "kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+kRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!kECDH:!IDEA:!SEED:!RC4:!kDH:!DSS" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is