[openssl-users] How to disable all EXPORT Ciphers?

Christian Georg christian.georg at cologne-intelligence.de
Tue Mar 10 08:44:57 UTC 2015 

Hi Viktor,

please help me to understand your sentence:

	"Note that doing so does not address the FREAK CVE in SSL clients.  Even with EXPORT ciphers disabled they are still vulnerable, unless patched!"

I understand that the downgrading of the ciphersuites is a bug in the library that should be patched. Doing this can however be dificult when talking about mobile apps that use OS Libraries. 
>From my understanding the bug only works within the limit of chipersuites permitted by both the client and the server.

Therefore my asumption is if the server side does only offer strong ciphers I do not have to worry too much about the ability to exploit the FREAK vulnerability e.g. in android clients.
I am very aware that on older Androids there are other things to worry about like missing TLS 1.2 support,... but with regards to freak SSL a quick fix to secure the communication between a mobile app and the server side webservice should be disabeling weak ciphers on the server.

Is this assumption wrong ?

Thanks for your help

Chris


-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: openssl-users [mailto:openssl-users-bounces at openssl.org] Im Auftrag von Viktor Dukhovni
Gesendet: Montag, 9. März 2015 17:47
An: openssl-users at openssl.org
Betreff: Re: [openssl-users] How to disable all EXPORT Ciphers?

On Mon, Mar 09, 2015 at 02:23:53PM +0530, Deepak wrote:

> How to I disable all EXPORT Ciphers from OpenSSL?
> 
> Will the use of string "kEDH:ALL:!ADH:!DES:!LOW:!EXPORT:+SSLv2:@STRENGTH"
> with SSL_CTX_set_cipher_list() be good enough to disable EXPORT40, 56 and 1024?

Note that doing so does not address the FREAK CVE in SSL clients.  Even with EXPORT ciphers disabled they are still vulnerable, unless patched!

As for your proposed cipherlist it is too exotic.

    * ALL:!ADH is simply DEFAULT.  DEFAULT already prefers PFS (including
      ECDHE) and is sorted by strength.

    * DES is a subset of LOW 

    * I would also disable SSLv2, which is a subset of MD5, so I generally
      disable that instead which also drops the SSLv3's RC4-MD5 leaving RC4-SHA
      for interop.  Note for many applications RC4 is no longer supposed to be
      used, consider whether disabling RC4 is appropriate for you.

Therefore, I'd suggest:

	DEFAULT:!EXPORT:!LOW:!MD5

Which keeps things simple by starting with DEFAULT and removing what you want to disable.

-- 
	Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list