[Ach] Issue with OpenSSL >0.9.8l <1.0.0

Aaron Zauner azet at azet.org
Fri Apr 25 19:59:48 CEST 2014


On 04/25/2014 05:49 PM, Torsten Gigler wrote:
> Hi Aaron,
>
> yes, I see, that was not intended, sorry. I do not have such old
> versions of openssl to check it...
> Are there any servers publically avilable where this could be checked?
I've compiled them from source. They are available on the OpenSSL
homepage: https://www.openssl.org/source/
>
> What happens if you restore the Deny-Rules and Add !ADH?
>
> openssl ciphers -v
> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH
>
>
> Does this work?
Nope. I think the issue is with the order in which the Ciphersuite is
built up from different algorithms.
```
azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl ciphers -v
EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH

zsh: event not found: aNULL
```

We need to get a proper recommendation that works also for old (and
still widely deployed) OpenSSL versions. I'd be nice if our contributors
that built up this Ciphersuite in autumn contribute again to that :)

>
> If not, you could make a list of all supported ciphers (if this does
> not get too long...)
> openssl ciphers -v openssl
> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA
>
> For 0.9.8 this could get something like this:
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
> ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
> ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
There's DHE-RSA-AES128-SHA missing.

> Performance:
> Yes, DHE needs much more CPU load than ECDHE (I read about 3 times),
> but it is more secure...
Why should DHE be more secure than ECDHE (curves?). That's not
necessarily true.

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140425/24c7dc31/attachment.sig>


More information about the Ach mailing list