On Wed, 19 Apr 2023, Lemons, Terry wrote:
> I’m attempting to modify the TLS ciphers that are used in an
> openldap2-2.4.41-22.16.1.x86_64 environment in our lab, running on SLES
> 12 SP5. I’ve used the following command to set the cipher list value to
> the returned value of ‘openssl ciphers HIGH’:
>
> ldpdd041:/tmp # cat set-ciphersuite.ldif
> dn: cn=config
> changetype: modify
> add: olcTLSCipherSuite
> olcTLSCipherSuite: HIGH
> ldpdd041:/tmp # ldapmodify -H ldapi:// -Y EXTERNAL -f set-ciphersuite.ldif
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> modifying entry "cn=config"
>
> ldpdd041:/tmp # openssl ciphers HIGH
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA
> ldpdd041:/tmp #
>
> So I had expected to see that all of these ciphers were being offered
> for use by the OpenLDAP server; instead, I see that only a subset of the
> list is offered:
You're on the right trail for why the ciphers using the EDH/DHE and ECDHE
key-exchange methods are not being offered.
In addition, the authentication method of a cipher, as reported in the 4th
column of "openssl ciphers -v" output, may imply a requirement for a
specific type of certificate or other credential. In particular, the
au=RSA ciphers require a cert+key for an RSA keypair, while au=DSS
requires a DSS keypair and au=ECDSA reuqires an ECDSA cert, etc. I don't
believe slapd supports configuring multiple cert+key pairs; if that's
correct then you'll be limited to only supporting a subset of the ciphers
at any given time.
WARNING: you see those ADH-* ciphers in your list, like
ADH-AES256-GCM-SHA384? Be aware that those are _unauthenticated_ ciphers
suites. Since they don't authenticate the server (no cert used at all),
they are subject to Machine-in-the-Middle attack.
(In openssl-style cipher specs, 'HIGH' is only a requirement on the
symmeteric cipher strength and says nothing about other security
properties like authentication and forward-security. In practice, if any
sort of confidential data in on the server or non-anonymous binds are used
then you should almost certainly either
a) list the specific ciphers you want to permit, or
b) at the very least exclude unauthenticated ciphers, ala
olcTLSCipherSuite: HIGH!aNULL
If you believe you know what you're doing is safe then sure, go wild...)
Philip Guenther
