[Ach] Issue with OpenSSL >0.9.8l
pepi.zawodsky at maclemon.at
Mon May 5 16:47:33 CEST 2014
Just as an addition, I've tried feeding an expanded Cipherstring B into OpenSSL 0.9.8y as provided by OS X:
This is this cipherstring:
expanded with OpenSSL 1.0.1g which I then fed into OpenSSL 0.9.8y.
$ /usr/bin/openssl ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
This results in:
So OpenSSL clearly does support the DHE ciphers when explicitly specified.
Curiously enough there also appear to be ECDHE ciphers which should NOT be there imho.
Using that resulting cipherstring in postfix on OS X linked against 0.9.8 brings back working DHE ciphers! \o/
Anonymous TLS connection established from mail-ee0-f44.google.com[18.104.22.168]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
PS: Yes, it is, again, easy to forge an evil plot of this bug to prevent the use of PFS ciphers with 0.9.8.
On 26.04.2014, at 16:00, Aaron Zauner <azet at azet.org> wrote:
> On 04/26/2014 10:18 AM, Jan wrote:
>> Hi Aaron, which versions are affekted? As I could notice from the
>> mails, 0.9.7m was the first version and the 1.0.1 branch is not affekted.
>> 0.9.8 is also affektede since which version? And has the 1.0.0 branch
>> also the problem (until which version)?
>> regards Jan
> The whole 0.9.8 branch is affected (i.e. all versions). As far as I can
> tell 1.0.0 is not affected (but you should not be using 1.0.0 anyway -
> it's full of vulnerabilities).
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Ach