[Ach] Issue with OpenSSL >0.9.8l

Pepi Zawodsky pepi.zawodsky at maclemon.at
Mon May 5 16:47:33 CEST 2014


Just as an addition, I've tried feeding an expanded Cipherstring B into OpenSSL 0.9.8y as provided by OS X:

This is this cipherstring:
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

expanded with OpenSSL 1.0.1g which I then fed into OpenSSL 0.9.8y.


$ /usr/bin/openssl ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'

This results in:
DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA

So OpenSSL clearly does support the DHE ciphers when explicitly specified.

Curiously enough there also appear to be ECDHE ciphers which should NOT be there imho.


Using that resulting cipherstring in postfix on OS X linked against 0.9.8 brings back working DHE ciphers! \o/

Anonymous TLS connection established from mail-ee0-f44.google.com[74.125.83.44]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)


Best regards
Pepi

PS: Yes, it is, again, easy to forge an evil plot of this bug to prevent the use of PFS ciphers with 0.9.8.

On 26.04.2014, at 16:00, Aaron Zauner <azet at azet.org> wrote:

> 
> On 04/26/2014 10:18 AM, Jan wrote:
>> Hi Aaron, which versions are affekted? As I could notice from the
>> mails, 0.9.7m was the first version and the 1.0.1 branch is not affekted.
>> 0.9.8 is also affektede since which version? And has the 1.0.0 branch
>> also the problem (until which version)?
>> regards Jan
> The whole 0.9.8 branch is affected (i.e. all versions). As far as I can
> tell 1.0.0 is not affected (but you should not be using 1.0.0 anyway -
> it's full of vulnerabilities).
> 
> Aaron
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140505/65dde5da/attachment.sig>


More information about the Ach mailing list