Full_Name: Jan Bramkamp Version: 2.4.35 OS: FreeBSD 9.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (79.230.127.217) OpenLDAP supports PFS TLS cipher suites using DHE with the DH *tlso_tmp_dh_cb(SSL*,int,int) callback in libraries/libldap/tls_o.c. DHE-RSA/DSS cipher suites are very CPU intensive and noticeably increase latency on low-power hardware. While OpenLDAP supports ECDH-ECDSA cipher suites these lack the PFS offered by DHE-RSA/DSS cipher suites. From my initial search it looks like the correct API to register such a callback would be SSL_CTX_set_tmp_ecdh_callback(), but im not familiar the OpenLDAP code base so patching it my self could have unintended consequences. This how the CA was generated: CURVE=secp384r1 openssl ecparam -out private/ca-key.pem -name $CURVE -genkey && openssl req -new -x509 -days 365 -key private/ca-key.pem -out certs/ca-cert.pem openssl ecparam -out private/auth1-key.pem -name $CURVE -genkey && openssl req -new -key private/auth1-key.pem -out newcerts/auth1-csr.pem && openssl ca -config /usr/local/openssl/openssl.cnf -out certs/auth1-cert.pem -infiles newcerts/auth1-csr.pem The (EC)DH paramter file was generated with: openssl ecparam -name $CURVE This was tested with slapd linked against OpenSSL 1.0.1e from ports on FreeBSD 9.1/amd64.
crest@tzi.de wrote: > Full_Name: Jan Bramkamp > Version: 2.4.35 > OS: FreeBSD 9.1 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (79.230.127.217) > > > OpenLDAP supports PFS TLS cipher suites using DHE with the > DH *tlso_tmp_dh_cb(SSL*,int,int) callback in libraries/libldap/tls_o.c. > DHE-RSA/DSS cipher suites are very CPU intensive and noticeably increase latency > on low-power hardware. While OpenLDAP supports ECDH-ECDSA cipher suites these > lack the PFS offered by DHE-RSA/DSS cipher suites. > >>From my initial search it looks like the correct API to register such a callback > would be SSL_CTX_set_tmp_ecdh_callback(), but im not familiar the OpenLDAP code > base so patching it my self could have unintended consequences. > > This how the CA was generated: > CURVE=secp384r1 > > openssl ecparam -out private/ca-key.pem -name $CURVE -genkey && > openssl req -new -x509 -days 365 -key private/ca-key.pem -out > certs/ca-cert.pem > > openssl ecparam -out private/auth1-key.pem -name $CURVE -genkey && > openssl req -new -key private/auth1-key.pem -out newcerts/auth1-csr.pem && > openssl ca -config /usr/local/openssl/openssl.cnf -out certs/auth1-cert.pem > -infiles newcerts/auth1-csr.pem > > The (EC)DH paramter file was generated with: > openssl ecparam -name $CURVE > > This was tested with slapd linked against OpenSSL 1.0.1e from ports on FreeBSD > 9.1/amd64. > > Some background info in this thread http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
crest@tzi.de wrote: > Full_Name: Jan Bramkamp > Version: 2.4.35 > OS: FreeBSD 9.1 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (79.230.127.217) > > > OpenLDAP supports PFS TLS cipher suites using DHE with the > DH *tlso_tmp_dh_cb(SSL*,int,int) callback in libraries/libldap/tls_o.c. > DHE-RSA/DSS cipher suites are very CPU intensive and noticeably increase latency > on low-power hardware. While OpenLDAP supports ECDH-ECDSA cipher suites these > lack the PFS offered by DHE-RSA/DSS cipher suites. > >>From my initial search it looks like the correct API to register such a callback > would be SSL_CTX_set_tmp_ecdh_callback(), but im not familiar the OpenLDAP code > base so patching it my self could have unintended consequences. > > This how the CA was generated: > CURVE=secp384r1 > > openssl ecparam -out private/ca-key.pem -name $CURVE -genkey && > openssl req -new -x509 -days 365 -key private/ca-key.pem -out > certs/ca-cert.pem > > openssl ecparam -out private/auth1-key.pem -name $CURVE -genkey && > openssl req -new -key private/auth1-key.pem -out newcerts/auth1-csr.pem && > openssl ca -config /usr/local/openssl/openssl.cnf -out certs/auth1-cert.pem > -infiles newcerts/auth1-csr.pem > > The (EC)DH paramter file was generated with: > openssl ecparam -name $CURVE > > This was tested with slapd linked against OpenSSL 1.0.1e from ports on FreeBSD > 9.1/amd64. It seems that current events have focused more attention on Perfect Forward Secrecy, now that news about NSA eavesdropping is everywhere. It's worth noting Bruce Schneier's recommendation to avoid Elliptic Curve algorithms, since their design has been heavily influenced by the NSA. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance (Section 5.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Open to Test moved from Incoming to Software Enhancements
changed notes changed state Test to Release
added in master added in RE24 (2.4.48)
changed notes changed state Release to Closed
(In reply to Howard Chu from comment #1) > Some background info in this thread > http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA- > AES256-SHA384-td42229.html nabble.com seems to have reorganized their domains and the above URL is now broken. The same thread is available at https://www.mail-archive.com/openssl-users@openssl.org/msg69181.html > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/