[Ach] Issue with OpenSSL >0.9.8l <1.0.0
Torsten Gigler
torsten.gigler at owasp.org
Sat Apr 26 15:36:54 CEST 2014
Hi,
Amendment:
added ':ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA' for support of these Ciphers in 0.9.8:
D:\tmp\openssl-0.9.8h-1-bin\bin>openssl ciphers -v
"EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA"
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
No changes in the other versions :-)
Kind regards
Torsten
Am 26.04.2014 14:57, schrieb Torsten Gigler:
> Hi Aaron,
>
> I got some old versions of openssl here: http://sourceforge.net/projects/gnuwin32/files/openssl/
> (Yes, it is Windows - but it was really easy ;-) )
>
> Findings:
> 1) I figured out that most of the mess came from:
> D:\tmp\openssl-0.9.7c-bin\bin>openssl ciphers -v "RSA+CAMELLIA+SHA"
> ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
> DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
> EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
> EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
> EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export
> EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
> EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
> EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
> EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
> EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
> DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
> EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
> IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
> ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
> ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1
> EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
> NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
>
> -> A switch to openssl ciphers -v "CAMELLIA128-SHA" helped, openssl ciphers -v
> "RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA", too
>
> 2) Unexpected result with EECDH:
> D:\tmp\openssl-0.9.7c-bin\bin>openssl ciphers -v "EECDH+aRSA+AES"
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
> -> I fixed this by adding ':-DHE-RSA-AES128-SHA' at the end (so 'DHE-RSA-AES128-SHA256' could be
> shortened to 'EDH+aRSA+AES'), the other ciphers were welcomed anyway
> (Perhaps this is unnecessary as this old version perhaps does not support DH-Keys >1024Bits...)
>
> ==> Result:
> This Cipher String works here now for 1.0.1g/e, 0.9.8h, 0.9.7c (for Win32 Versions) as far as the
> suggested Ciphers are available, including the Preference:
> openssl ciphers -v
> "EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA"
> or:
> openssl ciphers -v
> "EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA"
> with the same results:
>
> OpenSSL 1.0.1g 7 Apr 2014 / OpenSSL 1.0.1e 11 Feb 2013: openssl ciphers -V ...
> 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
> 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
> 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
> 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
> 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
> 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
> 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
> 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
> 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
> 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
> 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
> 0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
> 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
> 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
> 0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
> 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
> 0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
>
> OpenSSL 0.9.8h 28 May 2008:
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
>
> OpenSSL 0.9.7c 30 Sep 2003:
> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
>
> Does this work for all your versions, too? Is there any difference using quotation marks (",') at
> the begin and end of the cipher string?
>
> Kind regards
> Torsten
>
> Am 25.04.2014 20:01, schrieb Aaron Zauner:
>> On 04/25/2014 06:29 PM, Torsten Gigler wrote:
>>> Aaron,
>>>
>>> Preference is also screwed:
>>> No idea, Is this already supported in 0.9.7a? You need at least ssl3
>>> for any preference.
>> It should be, yes.
>>> Kind regards
>>> Torsten
>>>
>>> PS: The second string should be (the 2nd openssl deleted):
>>> openssl ciphers -v
>>> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA
>> Hm. theres still our preference missing (+) and all of the blacklisted
>> ciphers (!).
>>
>>
>> Aaron
>>> 2014-04-25 17:49 GMT+02:00 Torsten Gigler <torsten.gigler at owasp.org
>>> <mailto:torsten.gigler at owasp.org>>:
>>>
>>> Hi Aaron,
>>>
>>> yes, I see, that was not intended, sorry. I do not have such old
>>> versions of openssl to check it...
>>> Are there any servers publically avilable where this could be checked?
>>>
>>> What happens if you restore the Deny-Rules and Add !ADH?
>>>
>>> openssl ciphers -v
>>> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH
>>>
>>>
>>> Does this work?
>>>
>>> If not, you could make a list of all supported ciphers (if this
>>> does not get too long...)
>>> openssl ciphers -v openssl
>>> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA
>>>
>>> For 0.9.8 this could get something like this:
>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
>>> Mac=SHA1
>>> ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256)
>>> Mac=SHA1
>>> ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128)
>>> Mac=SHA1
>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
>>> Mac=SHA1
>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
>>> Mac=SHA1
>>>
>>> Performance:
>>> Yes, DHE needs much more CPU load than ECDHE (I read about 3
>>> times), but it is more secure...
>>>
>>> Kind regards
>>> Torsten
>>>
>>> 2014-04-25 16:58 GMT+02:00 Aaron Zauner <azet at azet.org
>>> <mailto:azet at azet.org>>:
>>>
>>> Hi Torsten,
>>>
>>> I've checked with various oder versions of OpenSSL. As you
>>> have removed the trailing part of our Ciphersuite spec, export
>>> and crap ciphers would now be possible:
>>>
>>> ```
>>> azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl ciphers
>>> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
>>> -v
>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256)
>>> Mac=SHA1
>>> AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
>>> Mac=SHA1
>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128)
>>> Mac=SHA1
>>> AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
>>> Mac=SHA1
>>> ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256)
>>> Mac=SHA1
>>> DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256)
>>> Mac=SHA1
>>> ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128)
>>> Mac=SHA1
>>> DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128)
>>> Mac=SHA1
>>> DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128)
>>> Mac=SHA1
>>> EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56)
>>> Mac=SHA1 export
>>> EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56)
>>> Mac=SHA1 export
>>> EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS
>>> Enc=DES(56) Mac=SHA1 export
>>> EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56)
>>> Mac=SHA1 export
>>> EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA
>>> Enc=3DES(168) Mac=SHA1
>>> EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56)
>>> Mac=SHA1
>>> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40)
>>> Mac=SHA1 export
>>> EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS
>>> Enc=3DES(168) Mac=SHA1
>>> EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56)
>>> Mac=SHA1
>>> EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40)
>>> Mac=SHA1 export
>>> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA
>>> Enc=3DES(168) Mac=SHA1
>>> DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56)
>>> Mac=SHA1
>>> EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40)
>>> Mac=SHA1 export
>>> IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA
>>> Enc=IDEA(128) Mac=SHA1
>>> RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
>>> Mac=SHA1
>>> ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None
>>> Enc=3DES(168) Mac=SHA1
>>> ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56)
>>> Mac=SHA1
>>> EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40)
>>> Mac=SHA1 export
>>> NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None
>>> Mac=SHA1
>>> azet at orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl version
>>> OpenSSL 0.9.7a Feb 19 2003
>>> ```
>>> Preference is also screwed.
>>>
>>> We're entirely missing this part here:
>>> "+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:"
>>> (Why is there +SSLv3 in there, btw?)
>>>
>>> Aaron
>>>
>>>
>>> On Fri, Apr 25, 2014 at 3:47 PM, Torsten Gigler
>>> <torsten.gigler at owasp.org <mailto:torsten.gigler at owasp.org>>
>>> wrote:
>>>
>>> Hi,
>>>
>>> Have you tried to add ':DHE-RSA-AES256-SHA' in the Cipher
>>> String?
>>> Here my suggestion:
>>>
>>> openssl ciphers -V
>>> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
>>> 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
>>> 0x00,0x39 - DHE-RSA-AES256-SHA SSLv3
>>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
>>> 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3
>>> Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
>>> 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2
>>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
>>> 0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3
>>> Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
>>> 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
>>> 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3
>>> Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
>>> 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2
>>> Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
>>> 0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3
>>> Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
>>> 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
>>> 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2
>>> Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
>>> 0x00,0x35 - AES256-SHA SSLv3
>>> Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>>> 0x00,0x84 - CAMELLIA256-SHA SSLv3
>>> Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
>>> 0x00,0x2F - AES128-SHA SSLv3
>>> Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
>>> 0x00,0x41 - CAMELLIA128-SHA SSLv3
>>> Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
>>>
>>> Remarks:
>>> - I changed the order of the ciphers (= Priority of the
>>> ciphers a server chooses, if 'Server Order' is set),
>>> - excluded '0x00,0x33 - DHE-RSA-AES128-SHA' to protect
>>> aginst a possible incompatibility for JAVA6+7 & DH-Keys
>>> >1024bits
>>> - added '0x00,0x9D - AES256-GCM-SHA384' and '0x00,0x9C -
>>> AES128-GCM-SHA256' (is there any reason why they weren't
>>> included before?)
>>>
>>> Do you get the following Ciphers with OpenSSL 0.9.8?
>>> openssl ciphers -v
>>> EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA
>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA
>>> Enc=AES(256) Mac=SHA1
>>> AES256-SHA SSLv3 Kx=RSA Au=RSA
>>> Enc=AES(256) Mac=SHA1
>>> AES128-SHA SSLv3 Kx=RSA Au=RSA
>>> Enc=AES(128) Mac=SHA1
>>>
>>> Kind regards
>>> Torsten
>>>
>>> 2014-04-25 11:15 GMT+02:00 Pepi Zawodsky
>>> <pepi.zawodsky at maclemon.at
>>> <mailto:pepi.zawodsky at maclemon.at>>:
>>>
>>>
>>> On 25.04.2014, at 04:53, Aaron Zauner <azet at azet.org
>>> <mailto:azet at azet.org>> wrote:
>>> > as well as older versions of Mac OS X.
>>>
>>> ALL versions of OS X up to and including the current
>>> Mavericks are affected by this.
>>> $ /usr/bin/openssl version
>>> OpenSSL 0.9.8y 5 Feb 2013
>>>
>>> Expanding Ciphersuite B results in:
>>>
>>> $ /usr/bin/openssl ciphers
>>> 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>>>
>>> AES256-SHA:AES128-SHA
>>>
>>> Unexpectedly, DHE ciphers are missing.
>>>
>>>
>>> $ /opt/local/bin/openssl version
>>> OpenSSL 1.0.1g 7 Apr 2014
>>>
>>> $ /opt/local/bin/openssl ciphers
>>> 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>>>
>>> DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>>>
>>> Best regards
>>> Pepi
>>>
>>> _______________________________________________
>>> Ach mailing list
>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>>
>>>
>>>
>>> _______________________________________________
>>> Ach mailing list
>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>>
>>>
>>>
>>>
More information about the Ach
mailing list