[Ach] Issue with OpenSSL >0.9.8l <1.0.0
Aaron Zauner
azet at azet.org
Fri Apr 25 16:58:30 CEST 2014
Hi Torsten,
I've checked with various oder versions of OpenSSL. As you have removed the
trailing part of our Ciphersuite spec, export and crap ciphers would now be
possible:
```
azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl ciphers
EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
-v
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1
export
EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1
export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56)
Mac=SHA1 export
EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1
export
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1
export
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1
export
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1
export
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1
EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1
export
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl version
OpenSSL 0.9.7a Feb 19 2003
```
Preference is also screwed.
We're entirely missing this part here:
"+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:"
(Why is there +SSLv3 in there, btw?)
Aaron
On Fri, Apr 25, 2014 at 3:47 PM, Torsten Gigler <torsten.gigler at owasp.org>wrote:
> Hi,
>
> Have you tried to add ':DHE-RSA-AES256-SHA' in the Cipher String?
> Here my suggestion:
>
> openssl ciphers -V
> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
> 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH
> Au=RSA Enc=AESGCM(256) Mac=AEAD
> 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH
> Au=RSA Enc=AESGCM(128) Mac=AEAD
> 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA
> Enc=AES(256) Mac=SHA256
> 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA
> Enc=AES(256) Mac=SHA1
> 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA
> Enc=Camellia(256) Mac=SHA1
> 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA
> Enc=AES(128) Mac=SHA256
> 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA
> Enc=Camellia(128) Mac=SHA1
> 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH
> Au=RSA Enc=AESGCM(256) Mac=AEAD
> 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH
> Au=RSA Enc=AESGCM(128) Mac=AEAD
> 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA
> Enc=AES(256) Mac=SHA384
> 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA
> Enc=AES(256) Mac=SHA1
> 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA
> Enc=AES(128) Mac=SHA256
> 0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA
> Enc=AES(128) Mac=SHA1
> 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA
> Enc=AESGCM(256) Mac=AEAD
> 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA
> Enc=AESGCM(128) Mac=AEAD
> 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA
> Enc=AES(256) Mac=SHA1
> 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA
> Enc=Camellia(256) Mac=SHA1
> 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA
> Enc=AES(128) Mac=SHA1
> 0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA
> Enc=Camellia(128) Mac=SHA1
>
> Remarks:
> - I changed the order of the ciphers (= Priority of the ciphers a server
> chooses, if 'Server Order' is set),
> - excluded '0x00,0x33 - DHE-RSA-AES128-SHA' to protect aginst a possible
> incompatibility for JAVA6+7 & DH-Keys >1024bits
> - added '0x00,0x9D - AES256-GCM-SHA384' and '0x00,0x9C -
> AES128-GCM-SHA256' (is there any reason why they weren't included before?)
>
> Do you get the following Ciphers with OpenSSL 0.9.8?
> openssl ciphers -v
> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
>
> Kind regards
> Torsten
>
> 2014-04-25 11:15 GMT+02:00 Pepi Zawodsky <pepi.zawodsky at maclemon.at>:
>
>>
>> On 25.04.2014, at 04:53, Aaron Zauner <azet at azet.org> wrote:
>> > as well as older versions of Mac OS X.
>>
>> ALL versions of OS X up to and including the current Mavericks are
>> affected by this.
>> $ /usr/bin/openssl version
>> OpenSSL 0.9.8y 5 Feb 2013
>>
>> Expanding Ciphersuite B results in:
>>
>> $ /usr/bin/openssl ciphers
>> 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>>
>> AES256-SHA:AES128-SHA
>>
>> Unexpectedly, DHE ciphers are missing.
>>
>>
>> $ /opt/local/bin/openssl version
>> OpenSSL 1.0.1g 7 Apr 2014
>>
>> $ /opt/local/bin/openssl ciphers
>> 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>>
>>
>> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>>
>> Best regards
>> Pepi
>>
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140425/63972cee/attachment.html>
More information about the Ach
mailing list