[openssl-users] Diffie-Hellman Questions

[Viktor Dukhovni]

On Tue, May 24, 2016 at 05:45:56PM +0000, Salz, Rich wrote:

> >  >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None"
> > AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
> > AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
> > AECDH-RC4-SHA           SSLv3 Kx=ECDH     Au=None Enc=RC4(128)  Mac=SHA1
> > AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
> > AECDH-NULL-SHA          SSLv3 Kx=ECDH     Au=None Enc=None      Mac=SHA1
> > 
> > 1) What arg to SSL_CTX_set_cipher_list() to I need to use to get these?
> > I previously tried "kEECDH:kEDH" and that didn't work.
> 
> Use one of the names in the first column.

No.  To avoid overly-specific settings:

    # To insist on anon ciphersuites:
    OpenSSL 1.0.x:	ALL+aNULL
    OpenSSL 1.1.x:	ALL+aNULL:@SECLEVEL=0

    # To prefer anon ciphersuites:
    OpenSSL 1.0.x:	aNULL:-aNULL:ALL
    OpenSSL 1.1.x:	aNULL:-aNULL:ALL:@SECLEVEL=0

    # To tolerate anon ciphersuites without explicit preference:
    OpenSSL 1.0.x:	ALL
    OpenSSL 1.1.x:	ALL:@SECLEVEL=0

In OpenSSL 1.1.0 I wanted to implement @AUTHLEVEL, to support
@SECLEVEL=1 for ciphers, while allowing anon auth, but that did
not make it into the code early enough:

    ssl/ssl_cert.c:
	/*
	 * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
	 * point, for now a single @SECLEVEL sets the same policy for TLS crypto
	 * and PKI authentication.
	 */
	X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));

That is perhaps still technically possible for 1.1.0, but almost
certainly too late, it is not a bug fix, and we're near the final
release.  I'd like to add that for the next release.

-- 
	Viktor.