[openssl-users] Unexpected behaviors in TLS handshake
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jun 20 21:07:56 UTC 2018
> On Jun 20, 2018, at 3:44 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
>
> I believe there is a fundamental concern, impossible to handle sanely
> at the CA policy level, that a CA may reasonably have certificate
> hierarchies targeting people with different maximum security strength
> and/or living at different times within a root certificate lifespan
> (decades).
>
> Thus it is reasonable for a particular TLS participant to dynamically
> reject/ignore certificates weaker than it's own policies even if
> issued by a root CA that has both strong and weak subtrees.
For that we have a coarse filter in the form of the security
level. Thus MD5 is no longer accepted outside root CA self
signatures at the default security level 1 or higher.
One thing I forgot to mention is:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_callback.html
The callback interface is not yet documented, but it does allow
the application to bless or reject each algorithm for a particular
purpose:
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
int (*cb)(SSL *s, SSL_CTX *ctx, int op,
int bits, int nid,
void *other, void *ex));
When this is documented, users who really want low level
control would be able to accept or reject specific algorithms
for specific operations.
The "op" values of interest are:
SSL_SECOP_EE_KEY /* accept/reject an EE public key */
SSL_SECOP_CA_KEY /* accept/reject a CA public key */
SSL_SECOP_CA_MD /* accept/reject a CA hash algorithm */
If there is enough demand and contributor energy, this
interface could get documented, code examples provided, ...
--
--
Viktor.
More information about the openssl-users
mailing list