On Tue, May 13, 2014 at 01:28:55AM +0200, Aaron Zauner wrote:
> I am somewhat involved with the BetterCrypto(.org) project that tries to
> provide the operations community with a BCP for daemon settings,
> references and other recommendations.
Be careful what you advise, sometimes seemingly more secure settings
result in substantially reduced security if the result is a failed
handshake and fallback to even weaker protection (possibly cleartext).
In particular, anything that radically restricts cipherlists for
SMTP (e.g. by disabling RC4) may well substantially reduce security.
> We've discovered an inconsistency
> that could be called a flaw starting with OpenSSL 0.9.7m ending at
> 1.0.0a. My best guess is this is already known, but since I could not
> find an appropriate post to this ML I figured I should send notice anyway.
The cipher-suite ordering in OpenSSL 0.9.8 is rather fragile. It
was overhauled for 1.0.0 and later, but the improvements required
an ABI change since the bitmask holding various cipher properties
had to be split into multiple structure elements (more bits and
better organization).
Also the order of DEFAULT in 1.0.0 is correctly inherited from the
ordering of ALL, while in 0.9.8, any ordering of ALL is accidental.
Finally 1.0.0 makes it easier to fine-tune the order by introducing
"FOO:-FOO:ALL" as a mechanism to tweak the cipher order. This is
not available in 0.9.8.
Can you describe in words what you believe to be the nature of the
"inconsistency" you found? The semantics of OpenSSL cipherlist
strings definitely changed for the better in 1.0.0, were you
expecting identical results?
> In particular, given our cipherstring recommendation we encounter that
> DHE and ECDHE based ciphersuites and their preference are neglected by
> these OpenSSL versions [0] - we are currently discussing updating our
> recommendation to an augmented version of this ciphersuite [1].
EC is "experimental" in 0.9.8 and not enabled by default. You
should not enable EC with 0.9.8, so ECDHE should be out of scope.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
