[Ach] Cipher-Order: AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE
azet at azet.org
Tue Nov 3 22:38:15 CET 2015
* Gunnar Haslinger <gh.bettercrypto at hitco.at> [03/11/2015 20:22:04] wrote:
> Is this true?
> I think the String just works syntactically correct as designed.
Unfortunately, yes. Also confirmed by the OpenSSL core team.
See for example:
> Let's keep in mind the syntax rules, especially the "+" rule which might
> be not very intuitive:
> If ! is used then the ciphers are permanently deleted from the list. The
> ciphers deleted can never reappear in the list even if they are
> explicitly stated.
> If - is used then the ciphers are deleted from the list, but some or all
> of the ciphers can be added again by later options.
> If + is used then the ciphers are moved to the end of the list. This
> option doesn't add any new ciphers it just moves matching existing ones.
Again; depending on the actual OpenSSL branch (e.g. 0.9.8 vs 1.0.1)
cipherstrings are parsed and interpreted differently. So finding a
universal solution was one of the reasons I wrote this set of
scripts to compare. This /used/ to work fine, no idea why that's not
the case currently. Hm. Maybe we should update that but a lot of
people still run 0.9.8 which will prefer AES128 over AES256 if you
add +AES128. Really. Interestingly enough - this worked for early
versions of 1.0.1 as well.
I just checked with OpenSSL master (1.1.0-dev). Not really
surprinsing, the cipherstrings is interpreted completely
> So for me I don't can see how Azet's information that AES128 should be
> preferred could be covered by that cipher string.
> Maybe you wanted to use "+AES256" and this was a typo?
> replacing "+AES128" by "+AES256" to push back AES256 and prefer AES128
> you get this list which looks better:
See above. We were actually warned by some of the OpenSSL core-team
members that this might happen due to frequent changes in how
OpenSLS interprets cipherstrings.
> $ openssl ciphers -v
FYI: On the upcoming 1.1.0 branch that cipherstring will enable DH-DSS
as well as 8-byte tag CCM mode (which is entirely useless). For
/some/ 0.9.8 versions this cipherstring will yield:
* tons of DSS ciphersuites
..and for some FIPS certified versions (yes they're actually used):
I recommend double-checking a cipherstring recommendation against
*all* 0.9.8 and 1.0.1 branches.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Digital signature
More information about the Ach