Re: filtering the cipher list at negotiation time

Thu, 08 Feb 2001 15:57:10 -0800 

I realise this is an old thread but it has some interesting implications
wrt server security policies and the MS SGC bug...

Lutz Jaenicke wrote:
> 
> 
> - An OpenSSL server (and probably most other servers) will strictly follow the
>   clients preference and choose the first cipher in the CipherSuite it matches.
>   This is not actually enforced by the standard. The standard requires that
>   the servers makes its choice, nowhere is written that the server must follow
>   the clients preferences. OpenSSL however has no means to change this
>   behaviour.
>   * An OpenSSL server has its own list of ciphers with a preference.
>   * It should be possible (with a new option) to change the choosing strategy
>     from "client preference" to "server preference".

Yes I think this is a good idea. Maybe another special @SERVER option in
the cipherlist or something like that?

There are two reasons I have for this. Firstly a server might want to
prefer some ciphersuites over others based on some local policy and not
just blindly follow what the client suggests: which in the case of
browsers cannot be reordered just enabled or disabled and in some cases
not even that.

The MS SGC bug would be a useful application of this. Currently the
problem is that the client cipher preference list for the initial weak
connection has one digest (SHA1) as the preferred cipher and the second
strong list has a different digest (MD5). The different digests trigger
the bug. With the current "client preference" algorithm the only way to
resolve this is to disable some of the algorithms which can cause
problems with other browsers which end up having no ciphers in common.
If we have a "server preference" option we could force the initial and
final ciphersuites to have the same digest and hopefully avoiding the
problem without having to disable ciphersuites.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to