On 19/08/17 10:00, Steffan Karger wrote: > Hi, > > On 16-07-17 15:06, Szilárd Pfeiffer wrote: >> Prefer server ciphers over client ciphers during the TLS handshake. Part >> of the ClientHello message client sends supported cipher suites in order >> of its preference. If tls-prefer-server-ciphers is when server choosing >> a cipher, use the server's preferences instead of the client preferences. >> >> The functionality is the same as the folowings: >> >> * ssl_prefer_server_ciphers in NGINX >> * SSLHonorCipherOrder in Apache >> * ... > > Took me a while to ponder about this one, sorry about that. > > You probably know this, but as context for other readers: OpenVPN uses > TLS differently than HTTP (nginx/apache) do, because we barely use the > TLS record protocol. The reason to prefer client ciphers, is that a > client can e.g. prefer a cipher that performs better on the client > platform. Think chacha20-poly1305 on ARM chips without AES hardware > acceleration. For OpenVPN, this is not really relevant, because the > actual performance-relevant crypto is the data channel, which is > negotiated (or statically configured) separately from the TLS ciphers. > > All in all, I don't think we need an option for this, but can simply > always use the server cipher preference. I think it's a safe bet to say > that server admins are better at updating their configs than client > users are. And if client do want to restrict their ciphers, they should > simply evict the ciphers they don't want from their cipher suite. > > Since mbed TLS by default already prefers the server-side cipher list, > all we would need to do is or in the SSL_OP_CIPHER_SERVER_PREFERENCE > flag in the OpenSSL-specific code. That makes the patch a lot simpler > *and* we have less option combinations to test and maintain. We can > even safely do that without #ifdef guards, because this define is > available since OpenSSL 0.9.8, which is the oldest version we support.
This corresponds very well with my own conclusion as well; but as I'm not the crypto guru I hoped Steffan would respond in a reasonable time :) I do like that we make mbed TLS and OpenSSL behave more similar with the SSL_OP_CIPHER_SERVER_PREFERENCE flag. Regarding OpenSSL 0.9.8 support, that is nice to have - but if we need to move to 1.0.1 in release/2.4, I won't be hard to convince. We've already made that move for git master (future release/2.5). There are some SUSE Linux releases still shipping OpenSSL 0.9.8 (but also provides a 1.0.x package too, iirc). -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
