[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Selecting TLS Cipher problem

On Mon, 24 Mar 2008, Pat Riehecky wrote:
I am trying to disable all the ciphers and then only enable the ciphers
captured by the HIGH, SSLv3, TLSv1, MEDIUM, and SSLv2 list

Umm, a cipher's inclusion in a HIGH/MEDIUM/EXPORT/LOW list is orthogonal to its inclusion in a TLSv1/SSLv3/SSLv2 list. For example, if you said "all HIGH ciphers and all SSLv3 ciphers", then you would get some MEDIUM strength ciphers (that are for SSLv3) and some SSLv2 ciphers (that are HIGH strength).

Furthermore, saying "all of SSLv3, TLSv1, and SSLv2" is the same as saying you want all ciphers, as every cipher is in one of those lists!

Explicitly turning off
the NULL ciphers.  Whenever possible I want to try and use SHA digests
instead of MD5 since MD5 is no longer the approved digest, but those are
preferred above non-digested ciphers (which are not present in SSLv2 and
later, but...).

After poking about the net a bit more (thanks to the Ah Ha of the ! that you listed below) I have revised this to HIGH:+SSLv3:+TLSv1:MEDIUM: +SSLv2:!aNULL:!NULL:@STRENGTH:+SHA:+MD5

I would suggest removing the ":+SSLv3:+TLSv1" and ":+SSLv2", as they have no effect for your list.

You're concerned about MD5 and yet you permit SSLv2?!? I think your risk assessment is a bit...odd.

If a cipher w/o a digest actually existed, you cipher list expression would actually prefer it over ciphers w/digest, as ":+SHA:+MD5" shuffles ciphers with SHA and MD5 to the end of the list. I think it's a pointless concern, because no one is stupid enough to specify a cipher w/o digest unless it's secure that way. Indeed, the TLS version 1.2 internet-draft say the following when describing the signature_hash_algorithms extension:
This field indicates the hash algorithm which may be used. The
values indicate support for undigested data, MD5 [MD5], SHA-1,
SHA-256, SHA-384, and SHA-512 [SHA] respectively. The "none"
value is provided for future extensibility, in case of a
signature algorithm which does not require hashing before

I.e., while none exist, they can imagine it.

I would just use ":+MD5" to shuffle those to the end of the list and stop there.

This tells me that now I am actually selecting a valid cipher list, but
the start-up problem remains.

TLS: could not set cipher list HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.

OpenLDAP 2.4.7-5 on Debian x86 installed from apt

If that uses GnuTLS like Quanah, then you'll have to figure out how ciphers are expresses there and adjust your expression to fit. Good luck!

Philip Guenther