[openssl-users] Cipher preference, openssl vs browsers

Jakob Bohm jb-openssl at wisemo.com
Tue Jul 19 09:29:51 UTC 2016


On 19/07/2016 11:16, Bogdan Harjoc wrote:
> When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key,
> I noticed that browsers select
>
>    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>    (chrome, firefox)
>
> and openssl due to the ciphers list selects
>
>    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
>
> openssl s_client -connect 112.175.90.160:443 -cipher
> DEFAULT
> :!EDH-RSA-DES-CBC3-SHA
> :!DHE-RSA-AES128-GCM-SHA256
> :!DHE-RSA-AES256-GCM-SHA384
> :!DHE-RSA-AES128-SHA256
> :!DHE-RSA-AES128-SHA
> :!DHE-RSA-AES256-SHA256
> :!DHE-RSA-AES256-SHA
> :-ECDH
> :-EXPORT:-DES:-SEED:-RC4:-PSK:-IDEA
> :ECDHE-RSA-AES128-SHA
>
> The error is: dh key too small:.\ssl\s3_clnt.c:3424.
>
>  From a client that uses openssl libs, what would the correct
> workaround be ? Try to figure out that the DH key is too small and
> retry with the DHE ciphers disabled ? Or reorder the ciphers ? Given
> that cipher order can lead to failed handshakes, is there a correct
> order for https clients ?
I am not sure, but I guess those browsers default to listing ECDHE
before EDHE, thus never notices the weak DH group parameters (not
key, OpenSSL error message is misleading).

You could try testing those particular versions of chrome and firefox
against https://www.ssllabs.com/ssltest/viewMyClient.html to see what
their cipher list is.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list