<div dir="ltr"><div>Hi Aaron,<br><br></div>yes, I see, that was not intended, sorry. I do not have such old versions of openssl to check it...<br>Are there any servers publically avilable where this could be checked?<br><br>
What happens if you restore the Deny-Rules and Add !ADH?<br><br>openssl ciphers -v EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH<div class="gmail_extra">
<br></div><div class="gmail_extra">Does this work? <br><br></div><div class="gmail_extra">If not, you could make a list of all supported ciphers (if this does not get too long...)<br>openssl ciphers -v openssl DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA<br>
<br>For 0.9.8 this could get something like this:<br>DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1<br>ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1<br>ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1<br>
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1<br>AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Performance:<br>
</div><div class="gmail_extra">Yes, DHE needs much more CPU load than ECDHE (I read about 3 times), but it is more secure...<br><br></div><div class="gmail_extra">Kind regards<br></div><div class="gmail_extra">Torsten<br>
</div><div class="gmail_extra"><br><div class="gmail_quote">2014-04-25 16:58 GMT+02:00 Aaron Zauner <span dir="ltr"><<a href="mailto:azet@azet.org" target="_blank">azet@azet.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi Torsten,<div><br></div><div>I've checked with various oder versions of OpenSSL. As you have removed the trailing part of our Ciphersuite spec, export and crap ciphers would now be possible:</div><div>
<br></div><div>```</div><div><div>azet@orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl ciphers EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA -v</div>
<div>DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1</div><div>AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1</div><div>DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1</div>
<div>AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1</div><div>ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1</div><div>DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1</div>
<div>ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1</div><div>DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1</div><div>DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1</div>
<div>EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export</div><div>EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export</div><div>EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export</div>
<div>EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export</div><div>EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1</div><div>EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1</div>
<div>EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export</div><div>EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1</div><div>EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1</div>
<div>EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export</div><div>DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1</div><div>DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1</div>
<div>EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export</div><div>IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1</div><div>RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1</div>
<div>ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1</div><div>ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None Enc=DES(56) Mac=SHA1</div><div>EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export</div>
<div>NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1</div><div>azet@orpheus ~/openssl/openssl-0.9.7a/apps % ./openssl version</div><div>OpenSSL 0.9.7a Feb 19 2003</div></div><div>```</div><div>Preference is also screwed.</div>
<div><br></div><div>We're entirely missing this part here: "+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:" (Why is there +SSLv3 in there, btw?)</div>
<div><br></div><div>Aaron</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Apr 25, 2014 at 3:47 PM, Torsten Gigler <span dir="ltr"><<a href="mailto:torsten.gigler@owasp.org" target="_blank">torsten.gigler@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi,<br><br></div><div>Have you tried to add ':DHE-RSA-AES256-SHA' in the Cipher String?<br>
</div><div>Here my suggestion:<br></div> <br><div><div class="gmail_extra">openssl ciphers -V EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA<br>
0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD<br> 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD<br> 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256<br>
0x00,0x39 - DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1<br> 0x00,0x88 - DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1<br> 0x00,0x67 - DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256<br>
0x00,0x45 - DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1<br> 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD<br> 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD<br>
0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384<br> 0xC0,0x14 - ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1<br> 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256<br>
0xC0,0x13 - ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1<br> 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD<br> 0x00,0x9C - AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD<br>
0x00,0x35 - AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1<br> 0x00,0x84 - CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1<br> 0x00,0x2F - AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1<br>
0x00,0x41 - CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1<br><br></div><div class="gmail_extra">Remarks:<br>- I changed the order of the ciphers (= Priority of the ciphers a server chooses, if 'Server Order' is set), <br>
- excluded '0x00,0x33 - DHE-RSA-AES128-SHA' to protect aginst a possible incompatibility for JAVA6+7 & DH-Keys >1024bits<br></div><div class="gmail_extra">- added '0x00,0x9D - AES256-GCM-SHA384' and '0x00,0x9C - AES128-GCM-SHA256' (is there any reason why they weren't included before?)<br>
<br></div><div class="gmail_extra">Do you get the following Ciphers with OpenSSL 0.9.8? <br>openssl ciphers -v
EDH+aRSA+AESGCM:EDH+aRSA+AES256:DHE-RSA-AES256-SHA:EDH+aRSA+CAMELLIA256:DHE-RSA-AES128-SHA256:EDH+aRSA+CAMELLIA:EECDH+aRSA+AESGCM:EECDH+aRSA+AES:RSA+AESGCM:AES256-SHA:CAMELLIA256-SHA:RSA+AES+SHA:RSA+CAMELLIA+SHA<br>DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1<br>
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1<br>AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1<br><br></div><div class="gmail_extra">Kind regards <br>Torsten<br></div>
<div class="gmail_extra"><br><div class="gmail_quote">2014-04-25 11:15 GMT+02:00 Pepi Zawodsky <span dir="ltr"><<a href="mailto:pepi.zawodsky@maclemon.at" target="_blank">pepi.zawodsky@maclemon.at</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div>
<br>
On 25.04.2014, at 04:53, Aaron Zauner <<a href="mailto:azet@azet.org" target="_blank">azet@azet.org</a>> wrote:<br>
> as well as older versions of Mac OS X.<br>
<br>
ALL versions of OS X up to and including the current Mavericks are affected by this.<br>
$ /usr/bin/openssl version<br>
OpenSSL 0.9.8y 5 Feb 2013<br>
<br>
Expanding Ciphersuite B results in:<br>
<br>
$ /usr/bin/openssl ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'<br>
<br>
AES256-SHA:AES128-SHA<br>
<br>
Unexpectedly, DHE ciphers are missing.<br>
<br>
<br>
$ /opt/local/bin/openssl version<br>
OpenSSL 1.0.1g 7 Apr 2014<br>
<br>
$ /opt/local/bin/openssl ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'<br>
<br>
DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA<br>
<br>
Best regards<br>
<span><font color="#888888">Pepi<br>
</font></span><br></div></div><div>_______________________________________________<br>
Ach mailing list<br>
<a href="mailto:Ach@lists.cert.at" target="_blank">Ach@lists.cert.at</a><br>
<a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>
<br></div></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
Ach mailing list<br>
<a href="mailto:Ach@lists.cert.at" target="_blank">Ach@lists.cert.at</a><br>
<a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div></div>