SSL Server setup DH/ECDH
Chitrang Srivastava
chitrang.srivastava at gmail.com
Wed Aug 7 11:19:38 UTC 2019
Hi Matt,
I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
s_ctx = SSL_CTX_new(TLS_method());
SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
SSL_CTX_set_ciphersuites(s_ctx,
"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384");
In the debugger I noticed
s_ctx :: cipher_list & cipher_list_by_id are both NULL
However tls13_ciphersuites is populated.
Further in update_cipher_list which is called by SSL_CTX_set_ciphersuites
tries to delete this cipher_list and hence crash ?
Any pointer what I am missing?
-Thanks
On Tue, Aug 6, 2019 at 7:48 PM Matt Caswell <matt at openssl.org> wrote:
>
>
> On 06/08/2019 14:58, Chitrang Srivastava wrote:
> > Yeah I mean TLS 1.3 cipher , sorry I haven't pasted exact names.
> > So after SSL_OP_CIPHER_SERVER_PREFERENCE, server uses
> > TLS_1_3_AES_256_SHA_384.
> > While without that it uses TLS_1_3_AES_128_SHA_256, which is better in
> terms of
> > performance.
>
> Ah! Right - now I understand.
>
> So the option SSL_OP_CIPHER_SERVER_PREFERENCE means that the server
> prefers the
> server's ordering of ciphersuites compared to the clients. With that
> option set
> it will use the first ciphersuite that is in the server's list that is
> also in
> the client's list. Without the set it will use the first ciphersuite that
> is in
> the client's list that is also in the server's list. Server operators often
> prefer this because it gives more control over which ciphersuite
> ultimately gets
> used. But that's only really useful if you also look at this list of
> configured
> ciphersuites and make sure they are in your preferred order! Otherwise the
> option is fairly pointless!
>
> For TLSv1.3 the default list is:
>
> # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
> "TLS_CHACHA20_POLY1305_SHA256:" \
> "TLS_AES_128_GCM_SHA256"
>
> If you want a different order you can use the functions
> SSL_CTX_set_ciphersuites() (or SSL_set_ciphersuites()) to amend it:
>
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html
>
> Matt
>
> >
> > Thanks very much,
> > Chitrang
> >
> > Tuesday, August 6, 2019, Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> > On 06/08/2019 12:20, Chitrang Srivastava wrote:
> > > Noticed that if I set SSL_OP_CIPHER_SERVER_PREFERENCE,
> > TLS_1_3_AES_256_SHA_384
> > > is being used while without that
> > > AES_128_SHA256 is being used and I see client(Chrome) send this as
> first
> > preference.
> > > Is there anyway where I can always prefer AES-128-SHA256 cipher
> suite of
> > TLS 1.3?
> >
> > Hmmm...are you sure?
> >
> > Those names don't look like OpenSSL names for those ciphersuites. I
> guess you
> > mean TLS_AES_256_GCM_SHA384 and AES128-SHA256. The former is a
> TLSv1.3
> > ciphersuite and the latter is for TLSv1.2 and below. They are
> mutually
> > exclusive. If you negotiate TLSv1.3 then you can't use TLSv1.2
> ciphersuites and
> > vice versa.
> >
> > SSL_OP_CIPHER_SERVER_PREFERENCE should not affect the protocol
> version
> > negotiated. OpenSSL negotiates the version *first* before deciding
> what
> > ciphersuite to use. So it should not be the case that
> > SSL_OP_CIPHER_SERVER_PREFERENCE suddenly causes a TLSv1.3
> ciphersuite to be used
> > when a TLSv1.2 ciphersuite was used without it.
> >
> > Matt
> >
> >
> > >
> > > On Tue, Aug 6, 2019 at 3:53 PM Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
> > >
> > >
> > >
> > > On 06/08/2019 11:21, Chitrang Srivastava wrote:
> > > > Yes , since in my case mostly browser will be used to access
> > webserver running
> > > > on embedded platform.
> > > > Another question, since my webserver is running on embedded
> platform and
> > > it has
> > > > limited memory , I have disabled
> > > > ARIA/CAMELLIA and few others, is that OK ? because I don't
> see any
> > ciphers
> > > > suites which is used in practice.
> > >
> > > Yes, that should be fine.
> > >
> > > Matt
> > >
> > > >
> > > >
> > > >
> > > > On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell <
> matt at openssl.org
> > <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>> wrote:
> > > >
> > > >
> > > >
> > > > On 06/08/2019 11:07, Chitrang Srivastava wrote:
> > > > > Thanks Matt,
> > > > >
> > > > > So now I have, which i believe is enough ?
> > > > >
> > > > > SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
> > > > > SSL_OP_CIPHER_SERVER_PREFERENCE);
> > > > > SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
> > > >
> > > > This is fine although it obviously prevents connections
> from
> > very old
> > > clients
> > > > that don't support TLSv1.2. This might not be a problem
> for you
> > > depending on
> > > > your situation.
> > > >
> > > > Matt
> > > >
> > > > >
> > > > > On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell <
> matt at openssl.org
> > <mailto:matt at openssl.org>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>
> > > > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>
> > > <mailto:matt at openssl.org <mailto:matt at openssl.org>
> > <mailto:matt at openssl.org <mailto:matt at openssl.org>>>>> wrote:
> > > > >
> > > > >
> > > > >
> > > > > On 06/08/2019 09:42, Chitrang Srivastava wrote:
> > > > > > Hi,
> > > > > >
> > > > > > I am implementing HTTPs server using openssl
> 1.1.1b.
> > > > > > Is it mandatory to setup these API's while
> creating ssl
> > context ?
> > > > > >
> > > > > > SSL_CTX_set_tmp_ecdh
> > > > > >
> > > > > > SSL_CTX_set_tmp_dh
> > > > >
> > > > > By default OpenSSL will automatically use ECDH if
> appropriate
> > > and choose a
> > > > > suitable group so there is no need to call
> > SSL_CTX_set_tmp_ecdh()
> > > > unless you
> > > > > want more control over which specific group is
> used.
> > > > >
> > > > > OpenSSL will not use DH unless you specifically
> configure
> > it. If you
> > > > want to
> > > > > make use of DH based ciphersuites then you must
> either call
> > > > SSL_CTX_set_tmp_dh()
> > > > > or SSL_CTX_set_dh_auto() (or the SSL_*
> equivalents).
> > Calling the
> > > > former enables
> > > > > you to configure any arbitrary DH group that you
> choose.
> > Calling the
> > > > latter will
> > > > > enable the built-in DH groups.
> > > > >
> > > > > It is not mandatory to call any of the above.
> > > > >
> > > > > >
> > > > > > Also any suggestion what all options one should
> set while
> > > setting up
> > > > > server like
> > > > > > SSL_CTX_set_options like SSL_OP_NO_SSLv2
> |SSL_OP_NO_SSLv3
> > > > >
> > > > > Don't use the protocol version specific options at
> all. Use
> > > > > SSL_CTX_set_min_proto_version() if you want to
> specify a
> > minimum
> > > protocol
> > > > > version. SSLv2 is no longer supported at all.
> SSLv3 is
> > compiled
> > > out by
> > > > default.
> > > > >
> > > > > Other options that are worth considering are
> > > SSL_OP_NO_RENEGOTIATION and
> > > > > (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE.
> Generally you
> > don't need
> > > > the others
> > > > > unless there is a specific problem you are trying
> to solve.
> > > > >
> > > > > Matt
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190807/de22ed5e/attachment-0001.html>
More information about the openssl-users
mailing list