Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
On Thu, Mar 12, 2020 at 1:01 AM Kyle Hamilton wrote:
> ssl_prefer_server_ciphers on;
>
> On Wed, Mar 11, 2020, 11:58 Kaushal Shriyan
> wrote:
>
>>
>>
>> On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <
>> michael.woj...@microfocus.com> wrote:
>>
>>> To enforce the server's cipher order, use SSL_CTX_set_options(*ctx*,
>>> SSL_CTX_get_options(*ctx*) | SSL_OP_CIPHER_SERVER_PREFERENCE).
>>>
>>> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
>>>
>>> --
>>>
>>>
>>> Testing server preferences
>>> Has server cipher order? no (NOT ok)
>>> ...
>>> No further cipher order check has been done as order is determined by
>>> the client
>>>
>>>
>>>
>> Hi Michael,
>>
>> Thanks for the email. I am not sure if i understand it completely. what
>> does the server's cipher order mean in layman's terms? Any example
>> regarding To enforce the server's cipher order, use
>> SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) |
>> SSL_OP_CIPHER_SERVER_PREFERENCE) to set it in /etc/nginx/nginx.conf. I am
>> running Nginx web server.
>>
>> I have the below settings in /etc/nginx/nginx.conf
>>
>> server {
>> listen 443 ssl;
>> ssl_protocols TLSv1.2;
>> ssl_ciphers
>> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
>> ssl_prefer_server_ciphers off;
>> }
>>
>> Please suggest. I look forward to hearing from you and thanks in advance.
>>
>> Best Regards,
>>
>> Kaushal
>>
>
Thanks Michael for the explanation and much appreciated. Thanks a lot, Kyle
for the reply.
Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
ssl_prefer_server_ciphers on;
On Wed, Mar 11, 2020, 11:58 Kaushal Shriyan
wrote:
>
>
> On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <
> michael.woj...@microfocus.com> wrote:
>
>> To enforce the server's cipher order, use SSL_CTX_set_options(*ctx*,
>> SSL_CTX_get_options(*ctx*) | SSL_OP_CIPHER_SERVER_PREFERENCE).
>>
>> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
>>
>> --
>>
>>
>> Testing server preferences
>> Has server cipher order? no (NOT ok)
>> ...
>> No further cipher order check has been done as order is determined by the
>> client
>>
>>
>>
> Hi Michael,
>
> Thanks for the email. I am not sure if i understand it completely. what
> does the server's cipher order mean in layman's terms? Any example
> regarding To enforce the server's cipher order, use
> SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) |
> SSL_OP_CIPHER_SERVER_PREFERENCE) to set it in /etc/nginx/nginx.conf. I am
> running Nginx web server.
>
> I have the below settings in /etc/nginx/nginx.conf
>
> server {
> listen 443 ssl;
> ssl_protocols TLSv1.2;
> ssl_ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
> ssl_prefer_server_ciphers off;
> }
>
> Please suggest. I look forward to hearing from you and thanks in advance.
>
> Best Regards,
>
> Kaushal
>
Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
(Please send messages to the list, not to me directly.) In TLS, the client and server negotiate the cipher suite to use. The server makes the final decision. It can pick the client's most-preferred suite from among the ones they share, or it can pick the one it prefers. The current consensus seems to be that the best practice is to pick the suite the server most prefers. You can consult other references such as Ivan Ristic's /Bulletproof SSL and TLS/ book if you want more details. Having the server pick the suite it prefers is known as enforcing the server's cipher-suite order. The test you ran is complaining that the server does not enforce its cipher-suite order. I explained how to do that in OpenSSL. How to do it in nginx is a question for the nginx project, not an OpenSSL problem.
Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> To enforce the server's cipher order, use SSL_CTX_set_options(*ctx*,
> SSL_CTX_get_options(*ctx*) | SSL_OP_CIPHER_SERVER_PREFERENCE).
>
> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
>
> --
>
>
> Testing server preferences
> Has server cipher order? no (NOT ok)
> ...
> No further cipher order check has been done as order is determined by the
> client
>
>
>
Hi Michael,
Thanks for the email. I am not sure if i understand it completely. what
does the server's cipher order mean in layman's terms? Any example
regarding To enforce the server's cipher order, use
SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) |
SSL_OP_CIPHER_SERVER_PREFERENCE) to set it in /etc/nginx/nginx.conf. I am
running Nginx web server.
I have the below settings in /etc/nginx/nginx.conf
server {
listen 443 ssl;
ssl_protocols TLSv1.2;
ssl_ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
}
Please suggest. I look forward to hearing from you and thanks in advance.
Best Regards,
Kaushal
Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE). https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html Testing server preferences Has server cipher order? no (NOT ok) ... No further cipher order check has been done as order is determined by the client
Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
On Tue, Mar 10, 2020 at 9:56 PM Kaushal Shriyan wrote: > Hi, > > I have run the below tests > > ./testssl.sh gsmasslciphers.digitalapicraft.com >> ### >> testssl.sh 3.1dev from https://testssl.sh/dev/ >> (e0c83b2 2020-02-24 14:21:28 -- ) >> This program is free software. Distribution and >> modification under GPLv2 permitted. >> USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! >>Please file bugs @ https://testssl.sh/bugs/ >> ### >> Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers] >> on Kaushals-MacBook-Pro:./bin/openssl.Darwin.x86_64 >> (built: "Feb 22 09:55:43 2019", platform: "darwin64-x86_64-cc") >> >> Start 2020-03-10 21:50:25-->> 13.234.216.57:443 ( >> gsmasslciphers.digitalapicraft.com) <<-- >> rDNS (13.234.216.57): -- >> Service detected: HTTP >> >> Testing protocols via sockets except NPN+ALPN >> SSLv2 not offered (OK) >> SSLv3 not offered (OK) >> TLS 1 not offered >> TLS 1.1not offered >> TLS 1.2offered (OK) >> TLS 1.3not offered and downgraded to a weaker protocol >> NPN/SPDY h2, http/1.1 (advertised) >> ALPN/HTTP2 h2, http/1.1 (offered) >> Testing cipher categories >> NULL ciphers (no encryption) not offered (OK) >> Anonymous NULL Ciphers (no authentication)not offered (OK) >> Export ciphers (w/o ADH+NULL) not offered (OK) >> LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) >> Triple DES Ciphers / IDEA not offered >> Obsolete: SEED + 128+256 Bit CBC cipher not offered >> Strong encryption (AEAD ciphers) offered (OK) >> >> Testing robust (perfect) forward secrecy, (P)FS -- omitting Null >> Authentication/Encryption, 3DES, RC4 >> PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 >> ECDHE-RSA-AES128-GCM-SHA256 >> Elliptic curves offered: secp256k1 prime256v1 secp384r1 secp521r1 >> >> Testing server preferences >> Has server cipher order? no (NOT ok) >> Negotiated protocol TLSv1.2 >> Negotiated cipherECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH >> (P-521) -- inconclusive test, matching cipher in list missing, better see >> below >> Negotiated cipher per proto (matching cipher in list missing) >> ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2 >> No further cipher order check has been done as order is determined by >> the client >> >> Testing server defaults (Server Hello) >> TLS extensions (standard)"server name/#0" "renegotiation >> info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" >> "next protocol/#13172" "application layer protocol negotiation/#16" >> Session Ticket RFC 5077 hint 86400 seconds, session tickets keys seems >> to be rotated < daily >> SSL Session ID support yes >> Session Resumption Tickets: yes, ID: yes >> TLS clock skew Random values, no fingerprinting possible >> Signature Algorithm SHA256 with RSA >> Server key size RSA 2048 bits >> Server key usage Digital Signature, Key Encipherment >> Server extended key usageTLS Web Server Authentication, TLS Web >> Client Authentication >> Serial / Fingerprints03C871BF68E569B4330E4AFCFA7752AAB5D7 / SHA1 >> 8874D965CB96F4A4B8B4CCAE149B6F1999399BF8 >> SHA256 >> BB56659442E2ED18778F7BB210823F3A81DA88F3AF79D0EE2104CE82DBB03C65 >> Common Name (CN) gsmasslciphers.digitalapicraft.com >> subjectAltName (SAN) gsmasslciphers.digitalapicraft.com >> Issuer Let's Encrypt Authority X3 (Let's Encrypt >> from US) >> Trust (hostname) Ok via SAN (same w/o SNI) >> Chain of trust Ok >> EV cert (experimental) no >> ETS/"eTLS", visibility info not present >> Certificate Validity (UTC) 89 >= 30 days (2020-03-10 09:40 --> >> 2020-06-08 09:40) >> # of certificates provided 2 >> Certificate Revocation List -- >> OCSP URI http://ocsp.int-x3.letsencrypt.org >> OCSP staplingnot offered >> OCSP must staple extension -- >> DNS CAA RR (experimental)not offered >> Certificate Transparency yes (certificate extension) >> >> Testing HTTP header response @ "/" >> HTTP Status Code 200 OK >> HTTP clock skew 0 sec from localtime >> Strict Transport Security730 days=63072000 s, just this domain >> Public Key Pinning -- >> Server bannernginx/1.16.1 >> Application banner -- >> Cookie(s)(none issued at "/") >> Security headers -- >> Reverse Proxy banner -- >> >> Testing vulnerabilities >> Heartbleed (CVE-2014-0160)not vulnerable (OK), timed out >> CCS (CVE-2014-0224) not vulnerable (OK) >>
Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client
Hi, I have run the below tests ./testssl.sh gsmasslciphers.digitalapicraft.com > ### > testssl.sh 3.1dev from https://testssl.sh/dev/ > (e0c83b2 2020-02-24 14:21:28 -- ) > This program is free software. Distribution and > modification under GPLv2 permitted. > USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! >Please file bugs @ https://testssl.sh/bugs/ > ### > Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers] > on Kaushals-MacBook-Pro:./bin/openssl.Darwin.x86_64 > (built: "Feb 22 09:55:43 2019", platform: "darwin64-x86_64-cc") > > Start 2020-03-10 21:50:25-->> 13.234.216.57:443 ( > gsmasslciphers.digitalapicraft.com) <<-- > rDNS (13.234.216.57): -- > Service detected: HTTP > > Testing protocols via sockets except NPN+ALPN > SSLv2 not offered (OK) > SSLv3 not offered (OK) > TLS 1 not offered > TLS 1.1not offered > TLS 1.2offered (OK) > TLS 1.3not offered and downgraded to a weaker protocol > NPN/SPDY h2, http/1.1 (advertised) > ALPN/HTTP2 h2, http/1.1 (offered) > Testing cipher categories > NULL ciphers (no encryption) not offered (OK) > Anonymous NULL Ciphers (no authentication)not offered (OK) > Export ciphers (w/o ADH+NULL) not offered (OK) > LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) > Triple DES Ciphers / IDEA not offered > Obsolete: SEED + 128+256 Bit CBC cipher not offered > Strong encryption (AEAD ciphers) offered (OK) > > Testing robust (perfect) forward secrecy, (P)FS -- omitting Null > Authentication/Encryption, 3DES, RC4 > PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 > ECDHE-RSA-AES128-GCM-SHA256 > Elliptic curves offered: secp256k1 prime256v1 secp384r1 secp521r1 > > Testing server preferences > Has server cipher order? no (NOT ok) > Negotiated protocol TLSv1.2 > Negotiated cipherECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH > (P-521) -- inconclusive test, matching cipher in list missing, better see > below > Negotiated cipher per proto (matching cipher in list missing) > ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2 > No further cipher order check has been done as order is determined by the > client > > Testing server defaults (Server Hello) > TLS extensions (standard)"server name/#0" "renegotiation info/#65281" > "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next > protocol/#13172" "application layer protocol negotiation/#16" > Session Ticket RFC 5077 hint 86400 seconds, session tickets keys seems to > be rotated < daily > SSL Session ID support yes > Session Resumption Tickets: yes, ID: yes > TLS clock skew Random values, no fingerprinting possible > Signature Algorithm SHA256 with RSA > Server key size RSA 2048 bits > Server key usage Digital Signature, Key Encipherment > Server extended key usageTLS Web Server Authentication, TLS Web > Client Authentication > Serial / Fingerprints03C871BF68E569B4330E4AFCFA7752AAB5D7 / SHA1 > 8874D965CB96F4A4B8B4CCAE149B6F1999399BF8 > SHA256 > BB56659442E2ED18778F7BB210823F3A81DA88F3AF79D0EE2104CE82DBB03C65 > Common Name (CN) gsmasslciphers.digitalapicraft.com > subjectAltName (SAN) gsmasslciphers.digitalapicraft.com > Issuer Let's Encrypt Authority X3 (Let's Encrypt > from US) > Trust (hostname) Ok via SAN (same w/o SNI) > Chain of trust Ok > EV cert (experimental) no > ETS/"eTLS", visibility info not present > Certificate Validity (UTC) 89 >= 30 days (2020-03-10 09:40 --> > 2020-06-08 09:40) > # of certificates provided 2 > Certificate Revocation List -- > OCSP URI http://ocsp.int-x3.letsencrypt.org > OCSP staplingnot offered > OCSP must staple extension -- > DNS CAA RR (experimental)not offered > Certificate Transparency yes (certificate extension) > > Testing HTTP header response @ "/" > HTTP Status Code 200 OK > HTTP clock skew 0 sec from localtime > Strict Transport Security730 days=63072000 s, just this domain > Public Key Pinning -- > Server bannernginx/1.16.1 > Application banner -- > Cookie(s)(none issued at "/") > Security headers -- > Reverse Proxy banner -- > > Testing vulnerabilities > Heartbleed (CVE-2014-0160)not vulnerable (OK), timed out > CCS (CVE-2014-0224) not vulnerable (OK) > Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) > ROBOT Server does not support any > cipher suites that use RSA key
