Re: [Openvpn-devel] [PATCH] Set tls-cipher restriction before loading certificates

Mon, 26 Jun 2017 07:02:44 -0700 

>>>
>>> See this also a bugfix. Since tls-cipher options affect certificate
>>> loading, it is good to set it before certificate loading. E.g. you might
>>> want to use @SECLEVEL=5 to only allow loading of SHA256 based certificates.
> Oh, btw ... We need to align this with another patch-set from Steffan.
> There is a feature we have in OpenVPN 3 and the proposed patches from
> Steffan which adds --tls-cert-profile.  This is aimed at controlling
> what kind of TLS security parameters which is required.
> 
> Currently there is an agreement of the following profiles:
> 
>   - legacy: SHA1 and newer, RSA 2048-bit+, any elliptic curve.
>   - preferred: SHA2 and newer, RSA 2048-bit+, any elliptic curve.
>                (default in v2.5)
>   - suiteb: SHA256/SHA384, ECDSA with P-256 or P-384.
> 
> The mbed TLS definition of these profiles in OpenVPN 3 is like this.
> 
>   const mbedtls_x509_crt_profile crt_profile_legacy = // CONST GLOBAL
>         {
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
>           0xFFFFFFF, /* Any PK alg    */
>           0xFFFFFFF, /* Any curve     */
>           1024,      /* Minimum size for RSA keys */
>         };
> 
>   const mbedtls_x509_crt_profile crt_profile_preferred = // CONST GLOBAL
>         {
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
>           MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
>           0xFFFFFFF, /* Any PK alg    */
>           0xFFFFFFF, /* Any curve     */
>           2048,      /* Minimum size for RSA keys */
>         };
> 
> 
> The suiteb profile is just reusing the mbed TLS definition directly.
> 
> With that said ... The legacy profile does not include MD5.  So either
> we allow MD5 into the legacy profile; or we need legacy-md5.
> 


Yes but I think that is seperate effort. I am not sure how to probably
implment that with OpenSSL. SECLEVEL is similar but does not have
exactly the same consequences. YOu could probably emulate the profiles
with some kind of tls-cipher settings. But if you do that, you still
need this patch :)

Arne

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to