Hi Matt, I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites* s_ctx = SSL_CTX_new(TLS_method()); SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION); SSL_CTX_set_ciphersuites(s_ctx, "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384");
In the debugger I noticed s_ctx :: cipher_list & cipher_list_by_id are both NULL However tls13_ciphersuites is populated. Further in update_cipher_list which is called by SSL_CTX_set_ciphersuites tries to delete this cipher_list and hence crash ? Any pointer what I am missing? -Thanks On Tue, Aug 6, 2019 at 7:48 PM Matt Caswell <m...@openssl.org> wrote: > > > On 06/08/2019 14:58, Chitrang Srivastava wrote: > > Yeah I mean TLS 1.3 cipher , sorry I haven't pasted exact names. > > So after SSL_OP_CIPHER_SERVER_PREFERENCE, server uses > > TLS_1_3_AES_256_SHA_384. > > While without that it uses TLS_1_3_AES_128_SHA_256, which is better in > terms of > > performance. > > Ah! Right - now I understand. > > So the option SSL_OP_CIPHER_SERVER_PREFERENCE means that the server > prefers the > server's ordering of ciphersuites compared to the clients. With that > option set > it will use the first ciphersuite that is in the server's list that is > also in > the client's list. Without the set it will use the first ciphersuite that > is in > the client's list that is also in the server's list. Server operators often > prefer this because it gives more control over which ciphersuite > ultimately gets > used. But that's only really useful if you also look at this list of > configured > ciphersuites and make sure they are in your preferred order! Otherwise the > option is fairly pointless! > > For TLSv1.3 the default list is: > > # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ > "TLS_CHACHA20_POLY1305_SHA256:" \ > "TLS_AES_128_GCM_SHA256" > > If you want a different order you can use the functions > SSL_CTX_set_ciphersuites() (or SSL_set_ciphersuites()) to amend it: > > https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html > > Matt > > > > > Thanks very much, > > Chitrang > > > > Tuesday, August 6, 2019, Matt Caswell <m...@openssl.org > > <mailto:m...@openssl.org>> wrote: > > > > > > > > On 06/08/2019 12:20, Chitrang Srivastava wrote: > > > Noticed that if I set SSL_OP_CIPHER_SERVER_PREFERENCE, > > TLS_1_3_AES_256_SHA_384 > > > is being used while without that > > > AES_128_SHA256 is being used and I see client(Chrome) send this as > first > > preference. > > > Is there anyway where I can always prefer AES-128-SHA256 cipher > suite of > > TLS 1.3? > > > > Hmmm...are you sure? > > > > Those names don't look like OpenSSL names for those ciphersuites. I > guess you > > mean TLS_AES_256_GCM_SHA384 and AES128-SHA256. The former is a > TLSv1.3 > > ciphersuite and the latter is for TLSv1.2 and below. They are > mutually > > exclusive. If you negotiate TLSv1.3 then you can't use TLSv1.2 > ciphersuites and > > vice versa. > > > > SSL_OP_CIPHER_SERVER_PREFERENCE should not affect the protocol > version > > negotiated. OpenSSL negotiates the version *first* before deciding > what > > ciphersuite to use. So it should not be the case that > > SSL_OP_CIPHER_SERVER_PREFERENCE suddenly causes a TLSv1.3 > ciphersuite to be used > > when a TLSv1.2 ciphersuite was used without it. > > > > Matt > > > > > > > > > > On Tue, Aug 6, 2019 at 3:53 PM Matt Caswell <m...@openssl.org > > <mailto:m...@openssl.org> > > > <mailto:m...@openssl.org <mailto:m...@openssl.org>>> wrote: > > > > > > > > > > > > On 06/08/2019 11:21, Chitrang Srivastava wrote: > > > > Yes , since in my case mostly browser will be used to access > > webserver running > > > > on embedded platform. > > > > Another question, since my webserver is running on embedded > platform and > > > it has > > > > limited memory , I have disabled > > > > ARIA/CAMELLIA and few others, is that OK ? because I don't > see any > > ciphers > > > > suites which is used in practice. > > > > > > Yes, that should be fine. > > > > > > Matt > > > > > > > > > > > > > > > > > > > On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell < > m...@openssl.org > > <mailto:m...@openssl.org> > > > <mailto:m...@openssl.org <mailto:m...@openssl.org>> > > > > <mailto:m...@openssl.org <mailto:m...@openssl.org> > > <mailto:m...@openssl.org <mailto:m...@openssl.org>>>> wrote: > > > > > > > > > > > > > > > > On 06/08/2019 11:07, Chitrang Srivastava wrote: > > > > > Thanks Matt, > > > > > > > > > > So now I have, which i believe is enough ? > > > > > > > > > > SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION | > > > > > SSL_OP_CIPHER_SERVER_PREFERENCE); > > > > > SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION); > > > > > > > > This is fine although it obviously prevents connections > from > > very old > > > clients > > > > that don't support TLSv1.2. This might not be a problem > for you > > > depending on > > > > your situation. > > > > > > > > Matt > > > > > > > > > > > > > > On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell < > m...@openssl.org > > <mailto:m...@openssl.org> > > > <mailto:m...@openssl.org <mailto:m...@openssl.org>> > > > > <mailto:m...@openssl.org <mailto:m...@openssl.org> > > <mailto:m...@openssl.org <mailto:m...@openssl.org>>> > > > > > <mailto:m...@openssl.org <mailto:m...@openssl.org> > > <mailto:m...@openssl.org <mailto:m...@openssl.org>> > > > <mailto:m...@openssl.org <mailto:m...@openssl.org> > > <mailto:m...@openssl.org <mailto:m...@openssl.org>>>>> wrote: > > > > > > > > > > > > > > > > > > > > On 06/08/2019 09:42, Chitrang Srivastava wrote: > > > > > > Hi, > > > > > > > > > > > > I am implementing HTTPs server using openssl > 1.1.1b. > > > > > > Is it mandatory to setup these API's while > creating ssl > > context ? > > > > > > > > > > > > SSL_CTX_set_tmp_ecdh > > > > > > > > > > > > SSL_CTX_set_tmp_dh > > > > > > > > > > By default OpenSSL will automatically use ECDH if > appropriate > > > and choose a > > > > > suitable group so there is no need to call > > SSL_CTX_set_tmp_ecdh() > > > > unless you > > > > > want more control over which specific group is > used. > > > > > > > > > > OpenSSL will not use DH unless you specifically > configure > > it. If you > > > > want to > > > > > make use of DH based ciphersuites then you must > either call > > > > SSL_CTX_set_tmp_dh() > > > > > or SSL_CTX_set_dh_auto() (or the SSL_* > equivalents). > > Calling the > > > > former enables > > > > > you to configure any arbitrary DH group that you > choose. > > Calling the > > > > latter will > > > > > enable the built-in DH groups. > > > > > > > > > > It is not mandatory to call any of the above. > > > > > > > > > > > > > > > > > Also any suggestion what all options one should > set while > > > setting up > > > > > server like > > > > > > SSL_CTX_set_options like SSL_OP_NO_SSLv2 > |SSL_OP_NO_SSLv3 > > > > > > > > > > Don't use the protocol version specific options at > all. Use > > > > > SSL_CTX_set_min_proto_version() if you want to > specify a > > minimum > > > protocol > > > > > version. SSLv2 is no longer supported at all. > SSLv3 is > > compiled > > > out by > > > > default. > > > > > > > > > > Other options that are worth considering are > > > SSL_OP_NO_RENEGOTIATION and > > > > > (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. > Generally you > > don't need > > > > the others > > > > > unless there is a specific problem you are trying > to solve. > > > > > > > > > > Matt > > > > > > > > > > > > > > >