Everything I'm recommending is based on your information.
Specifically:
Pound Version : 2.7
OpenSSL Version: 1.0.2f 28 Jan 2016
Pound version 2.7 manpage:
ECDHcurve "name"
Use the named curve for elliptical curve encryption (default:
prime256v1).
The other option is that pound was compiled with OPENSSL_NO_ECDH defined, in
which case Elliptic Curve crypto is never going to work.
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Shouldn't be that easy by just adding them somehow to the Ciphers
> directive parameter?
Yes, it is that easy. But it's not working for you. Which means you have
something else wrong in your config.
Pound doesn't define its own cipher rules, it uses OpenSSL, just like Apache or
nginx or anything else. If you use openssl ciphers, and put in your list, and
see the cipher, then Pound's going to use it.
For instance, your original cipher string on Debian Wheezy:
$ openssl ciphers -v
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS:!EDH-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-SHA:!SSLv3'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256)
Mac=AEAD
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256)
Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128)
Mac=AEAD
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128)
Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
The ciphers output on debian wheezy based on my cipher string:
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256)
Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128)
Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
Both include the ciphers you've indicated.
But DHE ciphers and ECDH ciphers require ephemeral keys, which are dependent on
the compiled DH bit size (which you've verified) and Pound being compiled with
ECDH support, which if you don't have that config parameter, may be the case.
It doesn't matter what ciphers are available if no key is available for Pound
to use when a connection comes in.
Does nmap show you *any* ECDH ciphers?
Are you sure pound was compiled against openssl 1.0.2?
config.c line 1354 indicates the only way you're going to get invalid directive
on ECDHCurve is if your openssl is 0.9.8 or less, or you have OPENSSL_NO_ECDH
defined at compile time.
------
Joe
CONFIDENTIALITY STATEMENT
The documents and communication included in this email transmission may contain
confidential information. All information is intended only for the use of the
above named recipient(s). If you are not the named recipient, you are NOT
authorized to read, disclose, copy, distribute, or take any action on the
information and any action other than immediate delivery to the named recipient
is strictly prohibited. If you have received this email in error, do NOT read
the information and please immediately notify sender by telephone and email and
immediately delete this email. If you are the named recipient, you are NOT
authorized to reveal any of this information to any unauthorized person and are
hereby instructed to delete this email when no longer needed.
On 3/9/16, 1:23 PM, "Pound" <[email protected]> wrote:
>Am 08.03.16 um 17:08 schrieb Joe Gooch:
>> Based on the cipher string you've provided, I see the ciphers you're looking
>> for in openssl ciphers -v output.
>>
>> Have you selected a ECDH Curve? Do you see any ECDH ciphers in the list?
>>
>> Also review
>> http://www.apsis.ch/pound/pound_list/archive/2014/2014-10/1414097953000
>>
>>
>> Specifically you need (globally)
>> ECDHCurve prime256v1
>
>This doesn't work:
>/usr/local/etc/pound.cfg line 1: unknown directive - aborted
>
>> And in your listeners:
>> Disable SSLv3
>> SSLAllowClientRenegotiation 0
>> SSLHonorCipherOrder 1
>>
>> Ciphers
>> "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:-3DES:!MD5:!EXP:!PSK:!SRP:!DSS:3DES"
>>
>>
>> (or your ciphers line, whichever)
>
>SSLv3 is no longer the problem. I'm required by a client to add these
>ciphers:
>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>Shouldn't be that easy by just adding them somehow to the Ciphers
>directive parameter?
>
>> Ensure that DH_LEN=2048 in your makefile
>
>It is set. I hadn't considered the build logs of our build server, but
>DH_LEN=2048 is taken.
>
>--
>To unsubscribe send an email with subject unsubscribe to [email protected].
>Please contact [email protected] for questions.
N�����r��zǧu�ޙ���+a���y�n�˛���m�h���u�l��!>W���(�֜��,z���+���+�笶*'
