Hi, Please see attached patch which changes the ordering of the cipher suites in openssl. It makes the mac algorithm the main criterion for the cipher sorting, with the intent to always prefer AEAD ciphersuites over non-AEAD ciphersuites.
The main reason for that is that right now in a lot of situations a cbc ciphersuite will be preferred over a gcm cipher suite. This is not good, because gcm ciphersuites are the only ones that haven't suffered from attacks in the past. It may be argued whether another cipher suite ordering is better, but I think this is definitely much better than the current state. These days the key size is only a very weak indicator of a cipher's strength. I just saw yesterday that 1.0.2 is about to be released. I had hoped we could get something like this patch in before. Is there a chance to do that? Or could it be considered for one of the follow-up versions (1.0.2a/b)? I would prefer not having to wait with that till 1.1.0. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
--- openssl-1.0.2-stable-SNAP-20150115/ssl/ssl_ciph.c 2014-12-17 15:01:30.000000000 +0100 +++ openssl-1.0.2-stable-SNAP-20150115-hash/ssl/ssl_ciph.c 2015-01-15 20:10:50.516124652 +0100 @@ -1508,9 +1508,6 @@ /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - /* Low priority for MD5 */ - ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); - /* Move anonymous ciphers to the end. Usually, these will remain disabled. * (For applications that allow them, they aren't too bad, but we prefer * authenticated ciphers.) */ @@ -1534,6 +1531,13 @@ return NULL; } + /* Prefer AEAD as main criterion */ + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_SHA384, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_SHA256, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_SHA1, 0, 0, CIPHER_ORD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); + /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
pgp8t2do2sbEK.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
