Am 03.11.2015 um 12:39 schrieb Aaron Zauner: > The problem with these cipherstrings is that > they're interpreted differently depending on the OpenSSL branch and > version.
Is this true? I think the String just works syntactically correct as designed. Lets have a look at the current cipherString-B and split it up at the ":" https://git.bettercrypto.org/ach-master.git/blob/HEAD:/src/common/cipherStringB.tex EDH+CAMELLIA EDH+aRSA EECDH+aRSA+AESGCM EECDH+aRSA+SHA256 EECDH +CAMELLIA128 +AES128 +SSLv3 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !DSS !RC4 !SEED !IDEA !ECDSA kEDH CAMELLIA128-SHA AES128-SHA As I can see you push "+AES128 "to the end by using "+" prefix in line 7. This results in (as already pasted the mail before): DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-CAMELLIA256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA CAMELLIA128-SHA AES128-SHA Let's keep in mind the syntax rules, especially the "+" rule which might be not very intuitive: https://www.openssl.org/docs/manmaster/apps/ciphers.html If ! is used then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are explicitly stated. If - is used then the ciphers are deleted from the list, but some or all of the ciphers can be added again by later options. If + is used then the ciphers are moved to the end of the list. This option doesn't add any new ciphers it just moves matching existing ones. So for me I don't can see how Azet's information that AES128 should be preferred could be covered by that cipher string. Maybe you wanted to use "+AES256" and this was a typo? replacing "+AES128" by "+AES256" to push back AES256 and prefer AES128 you get this list which looks better: DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-CAMELLIA256-SHA DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA CAMELLIA128-SHA AES128-SHA Sorry - i didn't like to roll-up your Cipher-String-Discussion which I don't know as I joined the list this summer - but in my mind this cipher-string is long, complex and even doesn't include CipherStrings like AES256-SHA256, AES256-SHA, AES256-GCM-SHA384, AES128-GCM-SHA256, ... which are not so bad to my mind (expect not supporting forward secrecy, but AES128-SHA which you include at the end of your string even doesn't support PFS, it's one of thes last-hope cipherstrings for old Clients without DHE/ECDHE Support). so again, I used "my own" cipher-string and my goal was: 1) be as secure as BetterCrypto-Cipherstring-B, but: 2) Performance: prefer ECDHE over DHE 3) Performance: prefer AES128 over AES256 4) throw out Camellia - but if you like Camellia just replace the "!" before CAMELLIA by a "+" which keeps it in and pushes it to the back. $ openssl ciphers -v 'EECDH:EDH:AESGCM:AES:+AES256:SHA:aRSA:!aNULL:!eNULL:!LOW:!MEDIUM:!MD5:!PSK:!SRP:!DES!3DES:!ECDSA:!kECDH:!DSS:!CAMELLIA' ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 and optionally with "+CAMELLIA" at the End: DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 regards, Gunnar _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
