Re: openssl 1.0.1i ignores ciphers in cipherlist

Fri, 29 Aug 2014 08:17:50 -0700 

On Pá, 2014-08-29 at 16:19 +0200, Frank Meier wrote:
> While testing different ciphersuites I found a quite drastic change in 
> the behavior between openssl version 1.0.1h to 1.0.1i. While using a 
> cipherlist like "ECDHE-RSA-AES128-SHA256:RC4" with 1.0.1h the 
> "ECDHE-RSA-AES128-SHA256" cipher is used. With 1.0.1i uses "RC4-SHA".
> 
> example:
> $ openssl s_server -cert server.pem
> ....
> $ openssl s_client -cipher "ECDHE-RSA-AES128-SHA256:RC4" -connect 
> localhost:4443
> ....
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>      Protocol  : TLSv1.2
>      Cipher    : ECDHE-RSA-AES128-SHA256
> 
> I guess following patch is responsible for the change in behavior: 
> http://rt.openssl.org/Ticket/Display.html?id=3374. There it says the 
> SSLv2 client-hello does not include enough information to establish a 
> connection with ECDHE, so this ciphers are not included in the 
> cipherlist. But the test with 1.0.1i shows that it works at least 
> against my openssl s_server.
> 
> I think this behavior could force established applications to use 
> "lower-strength" ciphers with openssl 1.0.1i than before with 1.0.1h. 
> Without anyone noticing.

This happens because you use specification of cipherlist that does not
make sense - that is with the RC4 you add also SSLv2 ciphers to the
cipher list and simultaneously you add only EC based cipher in addition.
With SSLv2 client hello the supported curves extension cannot be sent
and thus the EC based ciphers must not be sent as well. If there was for
example DHE-RSA-AES128-GCM-SHA256 in the cipher list, it would be
correctly sent in the hello and chosen for the connection. I can't see
anyone using such specification in real world.

Basically what you specify is what you get.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to