Re: [openssl.org #3374] Do not advertise ECC ciphersuites in SSLv2 client hello
On Út, 2014-06-03 at 16:41 +, Viktor Dukhovni wrote: On Tue, Jun 03, 2014 at 06:01:03PM +0200, Tomas Mraz via RT wrote: openssl advertises ECC ciphersuites in SSLv2 client hello if ssl23 method is used. This is incorrect because the TLS extensions that indicate supported curves and point formats cannot be sent in SSLv2 client hello. The attached patch ensures that no ECC ciphersuites are sent in SSLv2 client hello. This looks about right, where do you still use SSLv2? Nowadays, you should probably have SSLv2 disabled. SSLv2 is disabled by default, however when you use the ALL cipher list which is of course something you should not do but it happened in perl LDAP module the SSLv2 ciphers are added to the cipherlist and SSLv2 client hello is used. I agree that once we break API/ABI compatibility we should remove SSLv2 support altogether. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3374] Do not advertise ECC ciphersuites in SSLv2 client hello
On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote: SSLv2 is disabled by default, however when you use the ALL cipher list which is of course something you should not do but it happened in perl LDAP module the SSLv2 ciphers are added to the cipherlist and SSLv2 client hello is used. In Postfix, I use the ALL cipherlist, but I also pass SSL_OP_NO_SSLv2 to SSL_CTX_set_options(). If you can append exclusions to the cipherlist, you can use 'ALL:...:!SSLv2'. -- Viktor. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3374] Do not advertise ECC ciphersuites in SSLv2 client hello
On St, 2014-06-04 at 13:03 +, Viktor Dukhovni wrote: On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote: SSLv2 is disabled by default, however when you use the ALL cipher list which is of course something you should not do but it happened in perl LDAP module the SSLv2 ciphers are added to the cipherlist and SSLv2 client hello is used. In Postfix, I use the ALL cipherlist, but I also pass SSL_OP_NO_SSLv2 to SSL_CTX_set_options(). If you can append exclusions to the cipherlist, you can use 'ALL:...:!SSLv2'. I know that. We are fixing perl-LDAP to not use ALL at all and stick with the default. However we will be patching openssl anyway for any other 3rd party cases where they intentionally or not enable SSLv2 client hello. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3374] Do not advertise ECC ciphersuites in SSLv2 client hello
On Tue, Jun 03, 2014 at 06:01:03PM +0200, Tomas Mraz via RT wrote: openssl advertises ECC ciphersuites in SSLv2 client hello if ssl23 method is used. This is incorrect because the TLS extensions that indicate supported curves and point formats cannot be sent in SSLv2 client hello. The attached patch ensures that no ECC ciphersuites are sent in SSLv2 client hello. This looks about right, where do you still use SSLv2? Nowadays, you should probably have SSLv2 disabled. diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c --- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.0 +0100 +++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200 @@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C long l; /* We can write SSLv2 and SSLv3 ciphers */ + /* but no ECC ciphers */ + if (c-algorithm_mkey == SSL_kECDHr || + c-algorithm_mkey == SSL_kECDHe || + c-algorithm_mkey == SSL_kEECDH || + c-algorithm_auth == SSL_aECDH || + c-algorithm_auth == SSL_aECDSA) + return 0; if (p != NULL) { l=c-id; -- Viktor. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org