[openssl-dev] 1.1.0 pre5 seems to ignore CIPHER_SERVER_PREFERENCE

Viktor Dukhovni openssl-users at dukhovni.org
Fri May 27 03:41:59 UTC 2016 

> On May 26, 2016, at 9:44 AM, Angus Robertson - Magenta Systems Ltd <angus at magsys.co.uk> wrote:
> 
> I have two custom Windows web sites, running released and beta versions
> of OpenSSL.  The beta version only gets an A- score with SSL Labs,
> whereas the release version gets A+.  
> 
> https://www1.telecom-tariffs.co.uk/serverinfo.htm
> 
> shows server status, and that it's running OpenSSL 1.1.0-pre5 (beta) 19
> Apr 2016, SSL Labs says: 'Cipher Suites (sorted by strength as the
> server has no preference;)  The server does not support Forward Secrecy
> with the reference browsers. Grade reduced to A-.'
> 
> https://www.telecom-tariffs.co.uk/serverinfo.htm
> 
> is the main live server running OpenSSL 1.0.2h 3 May 2016, and gets a
> score A+ saying 'Cipher Suites (SSL 3+ suites in server-preferred
> order)'.

Sites like SSL Labs sometimes have bugs, and also your server configuration
may lack DHE or ECDHE parameters.  In any case, OpenSSL 1.1.0 beta does support
server preference, and I don't think any recent commits either broke or fixed
this.

Testing against with Postfix compiled against HEAD I see:

   # postconf -e "tls_preempt_cipherlist = no"
   # postfix reload
   postfix/postfix-script: refreshing the Postfix mail system

   # posttls-finger -Lsummary -lencrypt -c -o "tls_medium_cipherlist = AES128-SHA:AES256-SHA" "[localhost]:25"
   posttls-finger: Untrusted TLS connection established to localhost[127.0.0.1]:25: TLSv1.2 with cipher AES128-SHA (128/128 bits)

   # postconf -e "tls_preempt_cipherlist = yes"
   # postfix reload
   postfix/postfix-script: refreshing the Postfix mail system
   # posttls-finger -Lsummary -lencrypt -c -o "tls_medium_cipherlist = AES128-SHA:AES256-SHA" "[localhost]:25"
   posttls-finger: Untrusted TLS connection established to localhost[127.0.0.1]:25: TLSv1.2 with cipher AES256-SHA (256/256 bits)

Which shows the server preference in effect for the second connection (AES256 used despite client's preference for AES128).

-- 
	Viktor.

More information about the openssl-dev mailing list