On Tue, Jan 23, 2007 at 12:15:49AM -0500, Victor Duchovni wrote:
[ Issues explained more concisely, any comments from the OpenSSL team? ]
> > STARTTLS
> < 220 2.0.0 Ready to start TLS
> SSL_connect error to localhost[127.0.0.1]:26: -1
> warning: TLS library problem: 27116:error:140D308A:SSL
> routines:TLS1_SETUP_KEY_BLOCK:cipher or hash
> unavailable:../../../../common/openssl/ssl/t1_enc.c:449:
>
> The problem is lack of AES256 support the stock SunOS 5.10 libcrypto. They
> only partly fixed the problem by changing the definition of the "DEFAULT"
> cipherlist as follows:
Sun builds libcrypto with AES128 support, but without AES256 support.
> $ strings /usr/sfw/lib/libssl.so | grep ':@STRENGTH' | uniq
>
> ALL:!DHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:!ADH:+RC4:@STRENGTH
And attempts to paper-over the problem with a custom "DEFAULT" cipherlist,
(but COMPLEMENTOFDEFAULT is wrong, and "ALL" and "HIGH" are not usable).
When "ALL" is used instead of "DEFAULT", libssl believes that AES256 is
present because AES128 is present:
ssl_cipher_get_disabled():
mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
there is no separate probe for AES256, and no dedicated mask bit to tell
the two apart.
So Postfix now manually adds exceptions to the "ALL" cipherlist by
probing for AES256 and appending "!AES+HIGH" when AES256 is not found.
Code to augment the cipher exclusion array with "AES+HIGH" below:
> typedef struct {
> char *algorithm;
> char *exclusion;
> } cipher_probe;
>
> static cipher_probe cipher_probe_list[] = {
> /* Check for missing AES256 */
> SN_aes_256_cbc, SSL_TXT_AES "+HIGH",
> 0, 0,
> };
>
> ARGV *unavailable_ciphers()
> {
> ARGV *exclude = 0;
> cipher_probe *probe;
>
> for (probe = cipher_probe_list; probe->algorithm; ++probe)
> if (!EVP_get_cipherbyname(probe->algorithm))
> argv_add(exclude ? exclude : (exclude = argv_alloc(1)),
> probe->exclusion);
> return exclude;
> }
This addresses (somewhat crudely because it also clobbers AES128 which
is considered "HIGH" by 0.9.7l and 0.9.7d) the immediate issue:
$ openssl ciphers -v 'AES+HIGH'
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
but I would like to find out whether this problem:
- is likely to be resolved for AES256 in future OpenSSL releases
(by separately testing for disabled AES256 and AES128, and not mixing
AES128 in with the "HIGH" ciphers).
- is not likely to be repeated with other ciphers in future OpenSSL
releases (by ensuring that ssl_cipher_get_disabled() is not "fuzzy"
and masks out all symmetric ciphers that are not available).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
