----- Original Message ----- > From: "Matt Caswell via RT" <r...@openssl.org> > To: hka...@redhat.com > Cc: openssl-dev@openssl.org > Sent: Monday, June 9, 2014 1:01:05 AM > Subject: [openssl.org #3384] Patch: add ECC strings to ciphers(1), point out > difference between DH and ECDH > > * aNULL also includes some SRP based ciphersuites > SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(256) Mac=SHA1 > SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=None Enc=3DES(168) Mac=SHA1 > SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(128) Mac=SHA1
Thanks, I've missed that. I've added a patch to my branch, but I'd rather not see it merged in master: Inclusion of them in aNULL is quite surprising. SRP cipher suites that do not use certificates are not vulnerable to MitM attack, see section 2.5.2, section 3.1 and 3.3 of rfc5054. In particular: The server MUST send a certificate if it agrees to an SRP cipher suite that requires the server to provide additional authentication in the form of a digital signature. note the phrase "additional authentication" and: If an attacker learns a user's SRP verifier (e.g., by gaining access to a server's password file), the attacker can masquerade as the real server to that user, and can also attempt a dictionary attack to recover that user's password. That makes it no worse than the PSK key exchange, which is not in the aNULL group. As such, it looks to me as incorrect categorisation of SRP cipher suites. Doubly so, considering that "kSRP" and "SRP" return the same set of cipher suites (see the difference between "DH" and "kDH" or "ECDH" and "kECDH"). > * The patch as it is at the moment is only relevant to master. It can't be > backported to earlier branches because it includes info on stuff not in those > branches. In particular kDHE, DHE, ECDHE, kECHDE etc. If you want to merge > something for those branches you might want to provide a second pull. Sure, I'll provide backports for 1.0.1 and 1.0.2. -- Regards, Hubert Kario ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
