[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Alain Wolf alain at alainwolf.ch
Sat May 17 16:10:31 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Am 16.05.2014 15:16, schrieb Pepi Zawodsky:
> On 16.05.2014, at 15:03, Hanno Böck <hanno at hboeck.de> wrote:
>> how to have a cipher string that's good
>> for old openssl versions, right?
>>
>> Well, I think this is rather pointless. Basically, if someone asks "How
>> can I get better crypto on openssl 0.9.x?" then the only reasonable
>> answer is "you don't".
> The problem is that many distros still don't have OpenSSL 1.0.1 or
some embedded systems/appliances/etc. can't be upgraded or just won't
get any vendor love anymore. It is unlikely that those boxes will just
get thrown out. So to cope with the terrible reality we really have to
support 0.9.8 and “get the most out of it” to do any good. Our
recommendation of course IS to upgrade to the latest and greatest [hmm…]
cryptostack available.
>
> Having a cipher string that will get the best out of 1.0.1 AND 0.9.8
has the added benefit for the admins that should they upgrade their
OpenSSL at some point (distro upgrade, etc.) they would automatically
benefit from the better ciphers available there even if they ignore to
update their cipher string.
> Best regards
> Pepi

Hello list

I downloaded every available draft since you started this and I started
following this list around the time when this topic started. As I would
not call myself a security or cryptography expert, you can think of me
as a consumer of your product.

I think what you want to achieve here is not pointless at all, but it is
impossible in the current form.

You are trying to write a book. Ivan Ristic and others are also writing
books. Many have been written already. I appreciate all of this work,
but on the other hand this world is in constant flux.

I'm quite sure Ivan doesn't get enough time to finish his book, as he
needs to push out a new version of his SSL Server Test every few weeks
at least. We hope and it looks like the next (post-Heartbleed) versions
of OpenSSL will get to us faster and will be again game-changer on many
levels. We have Google's HTTP with ChaCha-something coming up and
Bernsteins et al. "alternative" curves and so much more at the doorstep.
Its a good thing that there is (finally) so much more movement on this
topics, including betterCrypto.org.

But that puts a lot of todays efforts in to creating a "Bible" at peril,
since in this "new Age" we need "Gurus" who always have the right
answers to today problems. Not citing yesterdays rules and risking to
proliferate even more cargo cult.

So as a consumer I would rather be able to access a dynamic website who
guides me based on my current needs (Mail, Web, SSH) and environment
(Platform, OS, Version, Lib like OpenSSL, GnuTLS or PolarSSL) etc.
Something along the lines of https://prism-break.org/ (not that they
provide the best user expierence since their redesign, but you get the
idea).

But to get back to the point (sorry for the excursion):
I would definitely go for different strings for different versions. And
that OpenSSL version testing library sure will help with that. By the
way, another example of something nice to have online and interactive.

You did the same already in the book for different OpenSSH versions.

After following this discussion, on my servers I settled for a sweet and
short:
    'kEDH+aRSA+AES128:kEECDH+aRSA+AES128:+SSLv3'

Of course only with 1.0.1 and WinXP can go f*.

On a current OpenSSL version this gives exactly the same list in the
same order as your very long B string and adding:
    ":!CAMELLIA:!AES256:!kRSA"
to the end of it.

So why bother with the quest for the universally applicable string? I'm
sure you get a nice and safe short string for every version out there.
If you look at it, you immediately get the idea, as it is human
readable. How much effort would it take to a reasonably seasoned admin,
if he wants to drop curves go for 256-bit, or something between 192 and
196 ;)

Best regards and thanks for your work, I really do appreciate it.

Alain

- --
Zurich, Switzerland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJTd23XAAoJEPCNm90TCGETV4kH/j8kKf5Gy7t9hA+EDU80Ga/f
52EBh2cVjsPNchQ0YmXX40YsBkyPKQzKZjcZZR1/KHWCb+R9XV8HFooKy25EPpOk
ehPiTR02+Eh6cc9K5QvqzSXBeF+L03QN4u5CBQP/goRLUH+yLjmS27mqhaVUbLg/
YdcATAFfk7FYcFev4FJkaJjuPbt9Zz89g5Es0JhEOI9fpGgvL5Ac36szCRrgqVLF
7iSr1/5ec5qsY6M/YQdEdE68OwXxtySDnKUzmNm7Uzg/eUN2xTPue2c+zuoQx6ds
snJc9Mvqfn/smP4nUVTzvTFmbhqEI5/wnJBI4cH7P9PRBRCrmW2SqO7/kfmvDR0=
=UD1n
-----END PGP SIGNATURE-----




More information about the Ach mailing list