Am 31.01.2014 17:24, schrieb Reindl Harald: >>> order of cipher-suite above ignored - actually bad >> CONFIG proxy.config.ssl.server.honor_cipher_order INT 1 >> >> Also see https://issues.apache.org/jira/browse/TS-2370, which fixes the >> setting logic in 4.2. > > cool, i give that a try and happily look forward to 4.2 > my configs are that simple and without plugins that i can upgrade without > issues
unverified - there was a hard restart between change and test *maybe* caused by the patch from yesterday, see message at bottom but even if, the patch makes things better because ome browsers using ECDHE with it (MSIE does not and rely on server-preferred) BTW: maybe someone is interested in my httpd-bugreport in context of httpd / TLS / mod_rewrite / mod_remoteip (part of my get a big picture about capabilities in complexer setups) https://issues.apache.org/bugzilla/show_bug.cgi?id=56094 _________________________________________________________ CONFIG proxy.config.ssl.server.honor_cipher_order INT 1 CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MEDIUM CONFIG proxy.config.ssl.server.honor_cipher_order INT 1:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MEDIUM Cipher Suites (sorted by strength; the server has no preference) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits RSA) FS 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256 _________________________________________________________ -------- Original-Nachricht -------- Betreff: Re: ssl termination again (and no support for DHE/ECDHE) Datum: Thu, 30 Jan 2014 16:59:34 +0100 Von: Thomas Berger <th.ber...@it.piratenpartei.de> Antwort an: users@trafficserver.apache.org Organisation: Piratenpartei IT An: users@trafficserver.apache.org Here is a working Patch against 4.1.2, should also work on 4.1.3. Backportet from the 4.2.0 tree. Am Donnerstag, 30. Januar 2014, 15:38:07 schrieb Reindl Harald: > Am 30.01.2014 15:19, schrieb Uri Shachar: > > On Thu, 30 Jan 2014 14:47:10 +0100 Reindl Harald wrote: > > snip... > > > >> one remaining issue currently is that DHE/ECDHE seems not to be supported > >> while httpd/openssl with the same environment do > > > > snip... > > > > Added in 4.2.0 - Check out https://issues.apache.org/jira/browse/TS-2372 > > cool - thanks! > > hopefully the same way as httpd starting with 2.4.7 > http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile > > > DH parameter interoperability with primes > 1024 bit > > Beginning with version 2.4.7, mod_ssl makes use of standardized DH > > parameters with prime lengths of 2048, 3072 and 4096 bits (from RFC > > 3526), and hands them out to clients based on the length of the > > certificate's RSA/DSA key. With Java-based clients in particular (Java 7 > > or earlier), this may lead to handshake failures - see this FAQ answer > > for working around such issues. > > means that if you have a RSA3072 DH-params are 3072, the same for 4096 etc. > and if someone want to control that he can add params to the used PEM file > and it could look like below containg all TSL relevant params/keys/certs -- Mit freundlichen Grüßen, Thomas Berger Piraten IT
diff -uarN trafficserver-4.1.2.orig/build/crypto.m4 trafficserver-4.1.2/build/crypto.m4
--- trafficserver-4.1.2.orig/build/crypto.m4 2013-12-05 23:07:48.000000000 +0100
+++ trafficserver-4.1.2/build/crypto.m4 2013-12-23 23:52:17.025503995 +0100
@@ -111,6 +111,19 @@
])
+AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [
+ _eckeys_saved_LIBS=$LIBS
+ TS_ADDTO(LIBS, [$LIBSSL])
+ AC_CHECK_HEADERS(openssl/ec.h)
+ AC_CHECK_FUNCS(EC_KEY_new_by_curve_name, [enable_tls_eckey=yes], [enable_tls_eckey=no])
+ LIBS=$_eckeys_saved_LIBS
+
+ AC_MSG_CHECKING(whether EC keys are supported)
+ AC_MSG_RESULT([$enable_tls_eckey])
+ TS_ARG_ENABLE_VAR([use], [tls-eckey])
+ AC_SUBST(use_tls_eckey)
+])
+
AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [
enable_tls_npn=yes
_npn_saved_LIBS=$LIBS
diff -uarN trafficserver-4.1.2.orig/configure.ac trafficserver-4.1.2/configure.ac
--- trafficserver-4.1.2.orig/configure.ac 2013-12-05 23:07:48.000000000 +0100
+++ trafficserver-4.1.2/configure.ac 2013-12-23 23:52:17.026503995 +0100
@@ -1088,6 +1088,10 @@
TS_CHECK_CRYPTO_NEXTPROTONEG
#
+# Check for EC key support.
+TS_CHECK_CRYPTO_EC_KEYS
+
+#
# Check for ServerNameIndication TLS extension support.
TS_CHECK_CRYPTO_SNI
diff -uarN trafficserver-4.1.2.orig/iocore/net/SSLConfig.cc trafficserver-4.1.2/iocore/net/SSLConfig.cc
--- trafficserver-4.1.2.orig/iocore/net/SSLConfig.cc 2013-12-05 23:07:48.000000000 +0100
+++ trafficserver-4.1.2/iocore/net/SSLConfig.cc 2013-12-23 23:50:18.832503995 +0100
@@ -162,6 +162,24 @@
#endif
}
+ // Enable ephemeral DH parameters for the case where we use a cipher with DH forward security.
+#ifdef SSL_OP_SINGLE_DH_USE
+ ssl_ctx_options |= SSL_OP_SINGLE_DH_USE;
+#endif
+
+#ifdef SSL_OP_SINGLE_ECDH_USE
+ ssl_ctx_options |= SSL_OP_SINGLE_ECDH_USE;
+#endif
+
+ // Enable all SSL compatibility workarounds.
+ ssl_ctx_options |= SSL_OP_ALL;
+
+ // According to OpenSSL source, applications must enable this if they support the Server Name extension. Since
+ // we do, then we ought to enable this. Httpd also enables this unconditionally.
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ ssl_ctx_options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
+#endif
+
REC_ReadConfigStringAlloc(serverCertChainFilename, "proxy.config.ssl.server.cert_chain.filename");
REC_ReadConfigStringAlloc(serverCertRelativePath, "proxy.config.ssl.server.cert.path");
set_paths_helper(serverCertRelativePath, NULL, &serverCertPathOnly, NULL);
diff -uarN trafficserver-4.1.2.orig/iocore/net/SSLNetVConnection.cc trafficserver-4.1.2/iocore/net/SSLNetVConnection.cc
--- trafficserver-4.1.2.orig/iocore/net/SSLNetVConnection.cc 2013-12-05 23:07:48.000000000 +0100
+++ trafficserver-4.1.2/iocore/net/SSLNetVConnection.cc 2013-12-23 23:51:25.440503995 +0100
@@ -448,6 +448,7 @@
sslHandShakeComplete = false;
sslClientConnection = false;
npnSet = NULL;
+ npnEndpoint= NULL;
if (from_accept_thread) {
sslNetVCAllocator.free(this);
diff -uarN trafficserver-4.1.2.orig/iocore/net/SSLUtils.cc trafficserver-4.1.2/iocore/net/SSLUtils.cc
--- trafficserver-4.1.2.orig/iocore/net/SSLUtils.cc 2013-12-05 23:07:48.000000000 +0100
+++ trafficserver-4.1.2/iocore/net/SSLUtils.cc 2013-12-23 23:52:31.379503995 +0100
@@ -34,6 +34,10 @@
#include <openssl/ts.h>
#endif
+#if HAVE_OPENSSL_EC_H
+#include <openssl/ec.h>
+#endif
+
// ssl_multicert.config field names:
#define SSL_IP_TAG "dest_ip"
#define SSL_CERT_TAG "ssl_cert_name"
@@ -178,13 +182,32 @@
SSL_CTX_set_tlsext_servername_arg(ctx, lookup);
}
#else
- (void)ctx;
(void)lookup;
#endif /* TS_USE_TLS_SNI */
return ctx;
}
+static SSL_CTX *
+ssl_context_enable_ecdh(SSL_CTX * ctx)
+{
+#if TS_USE_TLS_ECKEY
+
+#if defined(SSL_CTRL_SET_ECDH_AUTO)
+ SSL_CTX_set_ecdh_auto(ctx, 1);
+#elif defined(HAVE_EC_KEY_NEW_BY_CURVE_NAME) && defined(NID_X9_62_prime256v1)
+ EC_KEY * ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+ if (ecdh) {
+ SSL_CTX_set_tmp_ecdh(ctx, ecdh);
+ EC_KEY_free(ecdh);
+ }
+#endif
+#endif
+
+ return ctx;
+}
+
void
SSLInitializeLibrary()
{
@@ -401,7 +424,7 @@
}
}
- return ctx;
+ return ssl_context_enable_ecdh(ctx);
fail:
SSL_CTX_free(ctx);
diff -uarN trafficserver-4.1.2.orig/lib/ts/ink_config.h.in trafficserver-4.1.2/lib/ts/ink_config.h.in
--- trafficserver-4.1.2.orig/lib/ts/ink_config.h.in 2013-12-05 23:07:48.000000000 +0100
+++ trafficserver-4.1.2/lib/ts/ink_config.h.in 2013-12-23 23:52:17.027503995 +0100
@@ -67,6 +67,7 @@
#define TS_USE_RECLAIMABLE_FREELIST @use_reclaimable_freelist@
#define TS_USE_TLS_NPN @use_tls_npn@
#define TS_USE_TLS_SNI @use_tls_sni@
+#define TS_USE_TLS_ECKEY @use_tls_eckey@
#define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@
#define TS_USE_COP_DEBUG @use_cop_debug@
#define TS_USE_INTERIM_CACHE @has_interim_cache@
signature.asc
Description: OpenPGP digital signature
