[Ach] Issue with OpenSSL >0.9.8l <1.0.0

Aaron Zauner azet at azet.org
Sat Apr 26 16:07:34 CEST 2014 

Hi Torsten,
On 04/26/2014 02:57 PM, Torsten Gigler wrote:
> Hi Aaron,
>
> I got some old versions of openssl here: http://sourceforge.net/projects/gnuwin32/files/openssl/
> (Yes, it is Windows - but it was really easy ;-) )
>
> Findings:
> 1) I figured out that most of the mess came from:
> D:\tmp\openssl-0.9.7c-bin\bin>openssl ciphers -v "RSA+CAMELLIA+SHA"
> ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
> DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1
> EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=RC4(56)   Mac=SHA1 export
> EXP1024-RC4-SHA         SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC4(56)   Mac=SHA1 export
> EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=DES(56)   Mac=SHA1 export
> EXP1024-DES-CBC-SHA     SSLv3 Kx=RSA(1024) Au=RSA  Enc=DES(56)   Mac=SHA1 export
> EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
> EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
> EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
> EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
> DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
> DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
> EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
> IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
> ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
> ADH-DES-CBC-SHA         SSLv3 Kx=DH       Au=None Enc=DES(56)   Mac=SHA1
> EXP-ADH-DES-CBC-SHA     SSLv3 Kx=DH(512)  Au=None Enc=DES(40)   Mac=SHA1 export
> NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
>
> -> A switch to openssl ciphers -v "CAMELLIA128-SHA" helped, openssl ciphers -v
> "RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA", too
>  
> 2) Unexpected result with EECDH:
> D:\tmp\openssl-0.9.7c-bin\bin>openssl ciphers -v "EECDH+aRSA+AES"
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
> -> I fixed this by adding ':-DHE-RSA-AES128-SHA' at the end (so 'DHE-RSA-AES128-SHA256' could be
> shortened to 'EDH+aRSA+AES'), the other ciphers were welcomed anyway
> (Perhaps this is unnecessary as this old version perhaps does not support DH-Keys >1024Bits...)
DHE/ECDHE should always be prefered to plain AES.
So both DHE-RSA-AES256 and DHE-RSA-AES128 should be ordered next to each
other.
>
> ==> Result:
> This Cipher String works here now for 1.0.1g/e, 0.9.8h, 0.9.7c (for Win32 Versions) as far as the
> suggested Ciphers are available, including the Preference:
> openssl ciphers -v
> "EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA"
> or:
> openssl ciphers -v
> "EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA"
> with the same results:
>
> OpenSSL 1.0.1g 7 Apr 2014 / OpenSSL 1.0.1e 11 Feb 2013: openssl ciphers -V ...
>   0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
>   0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
>   0x00,0x6B - DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
>   0x00,0x39 - DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>   0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
>   0x00,0x67 - DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
>   0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
>   0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
>   0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
>   0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
>   0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
>   0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
>   0xC0,0x13 - ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>   0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
>   0x00,0x9C - AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
>   0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>   0x00,0x84 - CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
>   0x00,0x2F - AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>   0x00,0x41 - CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
>
> OpenSSL 0.9.8h 28 May 2008:
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>
> OpenSSL 0.9.7c 30 Sep 2003:
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
Again. DHE-RSA-AES128 missing.
> Does this work for all your versions, too? Is there any difference using  quotation marks (",') at
> the begin and end of the cipher string?
No.

```
1 azet at orpheus ~/openssl/openssl-0.9.7a % ./apps/openssl
version                                     :(
OpenSSL 0.9.7a Feb 19 2003
azet at orpheus ~/openssl/openssl-0.9.7a % cd ../openssl-0.9.7m
azet at orpheus ~/openssl/openssl-0.9.7m % ./apps/openssl ciphers
"EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:EDH+aRSA+AES:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA:-DHE-RSA-AES128-SHA:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA"
-v
zsh: event not found: eNULL
1 azet at orpheus ~/openssl/openssl-0.9.7m % ./apps/openssl
version                                     :(
OpenSSL 0.9.7m 23 Feb 2007
azet at orpheus ~/openssl/openssl-0.9.7m %
```

Sorry I'm at the moment very busy so I did not yet have time to try
creating a suiteable ciphersuite my self. I'd really appreciate more
input from my co-authors as well ;)

Aaron

More information about the Ach mailing list