Re: [openssl-users] Diffie-Hellman Questions
> NO, Rich is making a mistake, ADH is ephemeral of necessity, since without > long-term keys in certificates it is impossible to use long-term keys whose > disclosure might later compromise confidentiality. Except that your code can always use the same keypair if it screws up the callback. And that's what I meant. But Viktor's advice is spot-on. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
Yes, it's only required on the server.
Norm Green
On 5/25/16 14:10, Jeremy Farrell wrote:
Interesting; is this a server-side requirement? I ask because with
1.0.2g my client using "AECDH+AES:ADH+AES" makes a TLS 1.2 connection
with AECDH-AES256-SHA without calling this function or similar.
Regards,
jjf
On 25/05/2016 21:31, Norm Green wrote:
Yes! That was the problem. In order to use cipher "AECDH",
SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.
Thanks Michael!!
Norm
On 5/24/16 15:52, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
Behalf
Of Norm Green
Sent: Tuesday, May 24, 2016 13:40
I've tried both:
SSL_CTX_set_cipher_list("AECDH")
and:
SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
on both the client and server side, both of which result in the
dreaded
"no shared cipher" error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher:s3_srvr.c:1417:
You might run a wire trace to see what suites the client is actually
advertising.
And you are using TLS, right?
For AECDH* (or any ECC suite), don't you have to tell OpenSSL what
curve to use? I haven't implemented that bit myself in any
applications, but my understanding is that with OpenSSL 1.0.2 you
can just call SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to
specify a particular named curve with SSL_CTX_set_tmp_ecdh.
--
J. J. Farrell
Not speaking for Oracle
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
Interesting; is this a server-side requirement? I ask because with
1.0.2g my client using "AECDH+AES:ADH+AES" makes a TLS 1.2 connection
with AECDH-AES256-SHA without calling this function or similar.
Regards,
jjf
On 25/05/2016 21:31, Norm Green wrote:
Yes! That was the problem. In order to use cipher "AECDH",
SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.
Thanks Michael!!
Norm
On 5/24/16 15:52, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
Behalf
Of Norm Green
Sent: Tuesday, May 24, 2016 13:40
I've tried both:
SSL_CTX_set_cipher_list("AECDH")
and:
SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
on both the client and server side, both of which result in the dreaded
"no shared cipher" error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher:s3_srvr.c:1417:
You might run a wire trace to see what suites the client is actually
advertising.
And you are using TLS, right?
For AECDH* (or any ECC suite), don't you have to tell OpenSSL what
curve to use? I haven't implemented that bit myself in any
applications, but my understanding is that with OpenSSL 1.0.2 you can
just call SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to
specify a particular named curve with SSL_CTX_set_tmp_ecdh.
--
J. J. Farrell
Not speaking for Oracle
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
On Tue, May 24, 2016 at 05:45:56PM +, Salz, Rich wrote: > > >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None" > > AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 > > AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 > > AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 > > AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1 > > AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 > > > > 1) What arg to SSL_CTX_set_cipher_list() to I need to use to get these? > > I previously tried "kEECDH:kEDH" and that didn't work. > > Use one of the names in the first column. No. To avoid overly-specific settings: # To insist on anon ciphersuites: OpenSSL 1.0.x: ALL+aNULL OpenSSL 1.1.x: ALL+aNULL:@SECLEVEL=0 # To prefer anon ciphersuites: OpenSSL 1.0.x: aNULL:-aNULL:ALL OpenSSL 1.1.x: aNULL:-aNULL:ALL:@SECLEVEL=0 # To tolerate anon ciphersuites without explicit preference: OpenSSL 1.0.x: ALL OpenSSL 1.1.x: ALL:@SECLEVEL=0 In OpenSSL 1.1.0 I wanted to implement @AUTHLEVEL, to support @SECLEVEL=1 for ciphers, while allowing anon auth, but that did not make it into the code early enough: ssl/ssl_cert.c: /* * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some * point, for now a single @SECLEVEL sets the same policy for TLS crypto * and PKI authentication. */ X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); That is perhaps still technically possible for 1.1.0, but almost certainly too late, it is not a bug fix, and we're near the final release. I'd like to add that for the next release. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
On Tue, May 24, 2016 at 05:08:38PM +, Salz, Rich wrote: > > 2) Are the same encryption keys used every time with ADH? > > Yes. That's the other BIG reason :) You really want ephemeral, and > therefore ECDH NO, Rich is making a mistake, ADH is ephemeral of necessity, since without long-term keys in certificates it is impossible to use long-term keys whose disclosure might later compromise confidentiality. > > 3) Is it possible to use ephemeral DH without using certificates? I was not > > able to get that to work. > > Yes. This is "null" auth. Essentially: aNULL == (ADH || AECDH). -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
Yes! That was the problem. In order to use cipher "AECDH",
SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.
Thanks Michael!!
Norm
On 5/24/16 15:52, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Norm Green
Sent: Tuesday, May 24, 2016 13:40
I've tried both:
SSL_CTX_set_cipher_list("AECDH")
and:
SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
on both the client and server side, both of which result in the dreaded
"no shared cipher" error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher:s3_srvr.c:1417:
You might run a wire trace to see what suites the client is actually
advertising.
And you are using TLS, right?
For AECDH* (or any ECC suite), don't you have to tell OpenSSL what curve to
use? I haven't implemented that bit myself in any applications, but my
understanding is that with OpenSSL 1.0.2 you can just call
SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to specify a particular
named curve with SSL_CTX_set_tmp_ecdh.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Norm Green
> Sent: Tuesday, May 24, 2016 13:40
>
> I've tried both:
>
> SSL_CTX_set_cipher_list("AECDH")
>
> and:
>
> SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
>
> on both the client and server side, both of which result in the dreaded
> "no shared cipher" error:
>
> error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
> cipher:s3_srvr.c:1417:
You might run a wire trace to see what suites the client is actually
advertising.
And you are using TLS, right?
For AECDH* (or any ECC suite), don't you have to tell OpenSSL what curve to
use? I haven't implemented that bit myself in any applications, but my
understanding is that with OpenSSL 1.0.2 you can just call
SSL_CTX_set_ecdh_auto(ctx, 1). With 1.0.1 you have to specify a particular
named curve with SSL_CTX_set_tmp_ecdh.
--
Michael Wojcik
Technology Specialist, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
> Any suggestions on how to proceed? Sorry, no. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
I've tried both:
SSL_CTX_set_cipher_list("AECDH")
and:
SSL_CTX_set_cipher_list("AECDH-AES256-SHA")
on both the client and server side, both of which result in the dreaded
"no shared cipher" error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher:s3_srvr.c:1417:
The following works but is not what I want:
SSL_CTX_set_cipher_list("ADH")
Any suggestions on how to proceed?
Norm Green
On 5/24/16 10:45, Salz, Rich wrote:
>./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None"
AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1
AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168)
Mac=SHA1
AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1
1) What arg to SSL_CTX_set_cipher_list() to I need to use to get these?
I previously tried "kEECDH:kEDH" and that didn't work.
Use one of the names in the first column.
2) These ciphers all report as SSLv3.
That is the protocol version where they were first defined.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
> >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None" > AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 > AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 > AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 > AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) > Mac=SHA1 > AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 > > 1) What arg to SSL_CTX_set_cipher_list() to I need to use to get these? > I previously tried "kEECDH:kEDH" and that didn't work. Use one of the names in the first column. > 2) These ciphers all report as SSLv3. That is the protocol version where they were first defined. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
Thanks Rich. More newbie questions. Looking at the available ciphers I see this: >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None" AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None Enc=3DES(168) Mac=SHA1 AECDH-NULL-SHA SSLv3 Kx=ECDH Au=None Enc=None Mac=SHA1 1) What arg to SSL_CTX_set_cipher_list() to I need to use to get these? I previously tried "kEECDH:kEDH" and that didn't work. 2) These ciphers all report as SSLv3. Do I have to use SSLv3 client/server methods to get access to these ciphers? I was using TLS 1.2 (TLSv1_2_server_method()) methods. Norm Green On 5/24/16 10:08, Salz, Rich wrote: 1) The wiki says don't use ADH, presumably because ADH provides encryption but not authentication and is exposed to man in the middle attacks. Is that the only reason? Use ECDH, it's less expensive computationally. 2) Are the same encryption keys used every time with ADH? Yes. That's the other BIG reason :) You really want ephemeral, and therefore ECDH 3) Is it possible to use ephemeral DH without using certificates? I was not able to get that to work. Yes. This is "null" auth. 4) What is the best practice for establishing an anonymous encrypted channel using OpenSSL? Postfix does this kind of thing, as does other SMTP software. Look around for 'opportunistic encryption' perhaps. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Diffie-Hellman Questions
> 1) The wiki says don't use ADH, presumably because ADH provides > encryption but not authentication and is exposed to man in the middle > attacks. Is that the only reason? Use ECDH, it's less expensive computationally. > 2) Are the same encryption keys used every time with ADH? Yes. That's the other BIG reason :) You really want ephemeral, and therefore ECDH > 3) Is it possible to use ephemeral DH without using certificates? I was not > able to get that to work. Yes. This is "null" auth. > 4) What is the best practice for establishing an anonymous encrypted > channel using OpenSSL? Postfix does this kind of thing, as does other SMTP software. Look around for 'opportunistic encryption' perhaps. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
