[Ach] Issue with OpenSSL >0.9.8l <1.0.0

Sat Apr 26 14:57:21 CEST 2014

Hi Aaron,

I got some old versions of openssl here: http://sourceforge.net/projects/gnuwin32/files/openssl/
(Yes, it is Windows - but it was really easy ;-) )

Findings:
1) I figured out that most of the mess came from:
D:\tmp\openssl-0.9.7c-bin\bin>openssl ciphers -v "RSA+CAMELLIA+SHA"
ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=RC4(56)   Mac=SHA1 export
EXP1024-RC4-SHA         SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC4(56)   Mac=SHA1 export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=DES(56)   Mac=SHA1 export
EXP1024-DES-CBC-SHA     SSLv3 Kx=RSA(1024) Au=RSA  Enc=DES(56)   Mac=SHA1 export
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
ADH-DES-CBC-SHA         SSLv3 Kx=DH       Au=None Enc=DES(56)   Mac=SHA1
EXP-ADH-DES-CBC-SHA     SSLv3 Kx=DH(512)  Au=None Enc=DES(40)   Mac=SHA1 export
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1

-> A switch to openssl ciphers -v "CAMELLIA128-SHA" helped, openssl ciphers -v
"RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA", too

2) Unexpected result with EECDH:
D:\tmp\openssl-0.9.7c-bin\bin>openssl ciphers -v "EECDH+aRSA+AES"
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
-> I fixed this by adding ':-DHE-RSA-AES128-SHA' at the end (so 'DHE-RSA-AES128-SHA256' could be
shortened to 'EDH+aRSA+AES'), the other ciphers were welcomed anyway
(Perhaps this is unnecessary as this old version perhaps does not support DH-Keys >1024Bits...)

==> Result:
This Cipher String works here now for 1.0.1g/e, 0.9.8h, 0.9.7c (for Win32 Versions) as far as the
suggested Ciphers are available, including the Preference:
openssl ciphers -v
"EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA"
or:
openssl ciphers -v
"EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA"
with the same results:

OpenSSL 1.0.1g 7 Apr 2014 / OpenSSL 1.0.1e 11 Feb 2013: openssl ciphers -V ...
  0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
  0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
  0x00,0x6B - DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
  0x00,0x39 - DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
  0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
  0x00,0x67 - DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
  0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
  0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
  0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
  0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
  0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
  0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
  0xC0,0x13 - ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
  0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
  0x00,0x9C - AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
  0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
  0x00,0x84 - CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
  0x00,0x2F - AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
  0x00,0x41 - CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

OpenSSL 0.9.8h 28 May 2008:
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

OpenSSL 0.9.7c 30 Sep 2003:
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

Does this work for all your versions, too? Is there any difference using  quotation marks (",') at
the begin and end of the cipher string?

Kind regards
Torsten

Am 25.04.2014 20:01, schrieb Aaron Zauner:
> On 04/25/2014 06:29 PM, Torsten Gigler wrote:
>> Aaron,
>>
>> Preference is also screwed:
>> No idea, Is this already supported in 0.9.7a? You need at least ssl3
>> for any preference.
> It should be, yes.
>> Kind regards
>> Torsten
>>
>> PS: The second string should be (the 2nd openssl deleted):
>> openssl ciphers -v
>> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA
> Hm. theres still our preference missing (+) and all of the blacklisted
> ciphers (!).
>
>
> Aaron
>> 2014-04-25 17:49 GMT+02:00 Torsten Gigler <torsten.gigler at owasp.org
>> <mailto:torsten.gigler at owasp.org>>:
>>
>>     Hi Aaron,
>>
>>     yes, I see, that was not intended, sorry. I do not have such old
>>     versions of openssl to check it...
>>     Are there any servers publically avilable where this could be checked?
>>
>>     What happens if you restore the Deny-Rules and Add !ADH?
>>
>>     openssl ciphers -v
>>     EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH
>>
>>
>>     Does this work?
>>
>>     If not, you could make a list of all supported ciphers (if this
>>     does not get too long...)
>>     openssl ciphers -v openssl
>>     DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA
>>
>>     For 0.9.8 this could get something like this:
>>     DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256) 
>>     Mac=SHA1
>>     ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256) 
>>     Mac=SHA1
>>     ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128) 
>>     Mac=SHA1
>>     AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256) 
>>     Mac=SHA1
>>     AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128) 
>>     Mac=SHA1
>>
>>     Performance:
>>     Yes, DHE needs much more CPU load than ECDHE (I read about 3
>>     times), but it is more secure...
>>
>>     Kind regards
>>     Torsten
>>
>>     2014-04-25 16:58 GMT+02:00 Aaron Zauner <azet at azet.org
>>     <mailto:azet at azet.org>>:
>>
>>         Hi Torsten,
>>
>>         I've checked with various oder versions of OpenSSL. As you
>>         have removed the trailing part of our Ciphersuite spec, export
>>         and crap ciphers would now be possible:
>>
>>         ```
>>         azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl ciphers
>>         EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
>>         -v
>>         DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)
>>          Mac=SHA1
>>         AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)
>>          Mac=SHA1
>>         DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)
>>          Mac=SHA1
>>         AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)
>>          Mac=SHA1
>>         ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)
>>          Mac=SHA1
>>         DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)
>>          Mac=SHA1
>>         ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)
>>          Mac=SHA1
>>         DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)
>>          Mac=SHA1
>>         DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)
>>          Mac=SHA1
>>         EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=RC4(56)
>>           Mac=SHA1 export
>>         EXP1024-RC4-SHA         SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC4(56)
>>           Mac=SHA1 export
>>         EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS
>>          Enc=DES(56)   Mac=SHA1 export
>>         EXP1024-DES-CBC-SHA     SSLv3 Kx=RSA(1024) Au=RSA  Enc=DES(56)
>>           Mac=SHA1 export
>>         EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA
>>          Enc=3DES(168) Mac=SHA1
>>         EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)
>>           Mac=SHA1
>>         EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)
>>           Mac=SHA1 export
>>         EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS
>>          Enc=3DES(168) Mac=SHA1
>>         EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)
>>           Mac=SHA1
>>         EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)
>>           Mac=SHA1 export
>>         DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA
>>          Enc=3DES(168) Mac=SHA1
>>         DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)
>>           Mac=SHA1
>>         EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)
>>           Mac=SHA1 export
>>         IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA
>>          Enc=IDEA(128) Mac=SHA1
>>         RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)
>>          Mac=SHA1
>>         ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None
>>         Enc=3DES(168) Mac=SHA1
>>         ADH-DES-CBC-SHA         SSLv3 Kx=DH       Au=None Enc=DES(56)
>>           Mac=SHA1
>>         EXP-ADH-DES-CBC-SHA     SSLv3 Kx=DH(512)  Au=None Enc=DES(40)
>>           Mac=SHA1 export
>>         NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None    
>>          Mac=SHA1
>>         azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl version
>>         OpenSSL 0.9.7a Feb 19 2003
>>         ```
>>         Preference is also screwed.
>>
>>         We're entirely missing this part here:
>>         "+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:"
>>         (Why is there +SSLv3 in there, btw?)
>>
>>         Aaron
>>
>>
>>         On Fri, Apr 25, 2014 at 3:47 PM, Torsten Gigler
>>         <torsten.gigler at owasp.org <mailto:torsten.gigler at owasp.org>>
>>         wrote:
>>
>>             Hi,
>>
>>             Have you tried to add ':DHE-RSA-AES256-SHA' in the Cipher
>>             String?
>>             Here my suggestion:
>>
>>             openssl ciphers -V
>>             EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
>>                       0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>             Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
>>                       0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>             Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
>>                       0x00,0x6B - DHE-RSA-AES256-SHA256   TLSv1.2
>>             Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
>>                       0x00,0x39 - DHE-RSA-AES256-SHA      SSLv3
>>             Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>>                       0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3
>>             Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
>>                       0x00,0x67 - DHE-RSA-AES128-SHA256   TLSv1.2
>>             Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
>>                       0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3
>>             Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
>>                       0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>             Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
>>                       0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>             Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
>>                       0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2
>>             Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
>>                       0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3
>>             Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
>>                       0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2
>>             Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
>>                       0xC0,0x13 - ECDHE-RSA-AES128-SHA    SSLv3
>>             Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>>                       0x00,0x9D - AES256-GCM-SHA384       TLSv1.2
>>             Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
>>                       0x00,0x9C - AES128-GCM-SHA256       TLSv1.2
>>             Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
>>                       0x00,0x35 - AES256-SHA              SSLv3
>>             Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>>                       0x00,0x84 - CAMELLIA256-SHA         SSLv3
>>             Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
>>                       0x00,0x2F - AES128-SHA              SSLv3
>>             Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>>                       0x00,0x41 - CAMELLIA128-SHA         SSLv3
>>             Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
>>
>>             Remarks:
>>             - I changed the order of the ciphers (= Priority of the
>>             ciphers a server chooses, if 'Server Order' is set),
>>             - excluded '0x00,0x33 - DHE-RSA-AES128-SHA' to protect
>>             aginst a possible incompatibility for JAVA6+7 & DH-Keys
>>             >1024bits
>>             - added '0x00,0x9D - AES256-GCM-SHA384' and '0x00,0x9C -
>>             AES128-GCM-SHA256' (is there any reason why they weren't
>>             included before?)
>>
>>             Do you get the following Ciphers with OpenSSL 0.9.8?
>>             openssl ciphers -v
>>             EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
>>             DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA 
>>             Enc=AES(256)  Mac=SHA1
>>             AES256-SHA              SSLv3 Kx=RSA      Au=RSA 
>>             Enc=AES(256)  Mac=SHA1
>>             AES128-SHA              SSLv3 Kx=RSA      Au=RSA 
>>             Enc=AES(128)  Mac=SHA1
>>
>>             Kind regards
>>             Torsten
>>
>>             2014-04-25 11:15 GMT+02:00 Pepi Zawodsky
>>             <pepi.zawodsky at maclemon.at
>>             <mailto:pepi.zawodsky at maclemon.at>>:
>>
>>
>>                 On 25.04.2014, at 04:53, Aaron Zauner <azet at azet.org
>>                 <mailto:azet at azet.org>> wrote:
>>                 > as well as older versions of Mac OS X.
>>
>>                 ALL versions of OS X up to and including the current
>>                 Mavericks are affected by this.
>>                 $ /usr/bin/openssl version
>>                 OpenSSL 0.9.8y 5 Feb 2013
>>
>>                 Expanding Ciphersuite B results in:
>>
>>                 $ /usr/bin/openssl ciphers
>>                 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>>
>>                 AES256-SHA:AES128-SHA
>>
>>                 Unexpectedly, DHE ciphers are missing.
>>
>>
>>                 $ /opt/local/bin/openssl version
>>                 OpenSSL 1.0.1g 7 Apr 2014
>>
>>                 $ /opt/local/bin/openssl ciphers
>>                 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>>
>>                 DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>>
>>                 Best regards
>>                 Pepi
>>
>>                 _______________________________________________
>>                 Ach mailing list
>>                 Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>>                 http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>>
>>
>>             _______________________________________________
>>             Ach mailing list
>>             Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>>             http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>>
>>
>>