subject:"SSL Server setup DH\/ECDH"

Re: SSL Server setup DH/ECDH

2019-08-07 Thread Matt Caswell




On 07/08/2019 12:19, Chitrang Srivastava wrote:
> Hi Matt,
> 
> I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
> s_ctx = SSL_CTX_new(TLS_method());
> SSL_CTX_set_options(s_ctx,  SSL_OP_NO_RENEGOTIATION |
> SSL_OP_CIPHER_SERVER_PREFERENCE);
> SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
> SSL_CTX_set_ciphersuites(s_ctx,
> "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384");
> 
> In the debugger I noticed 
> 
> s_ctx :: cipher_list & cipher_list_by_id are both NULL

Well, that is very strange. I just tried the code above and it works just fine
for me.

s_ctx->cipher_list, and s_ctx->cipher_lib_by_id should be populated in the
SSL_CTX_new call:

https://github.com/openssl/openssl/blob/c50fd0f959de5b256d8eefb8ad2a82fcdcb899c3/ssl/ssl_lib.c#L3091-L3101

So you should never have an SSL_CTX object without those things being set.

Matt


> However tls13_ciphersuites is populated.
> Further in update_cipher_list which is called by SSL_CTX_set_ciphersuites 
> tries
> to delete this cipher_list and hence crash ?
> 
> Any pointer what I am missing?
> 
> -Thanks
> 
> 
> 
> On Tue, Aug 6, 2019 at 7:48 PM Matt Caswell  > wrote:
> 
> 
> 
> On 06/08/2019 14:58, Chitrang Srivastava wrote:
> > Yeah I mean TLS 1.3 cipher , sorry I haven't pasted exact names.
> > So after SSL_OP_CIPHER_SERVER_PREFERENCE, server uses 
> > TLS_1_3_AES_256_SHA_384.
> > While without that it uses TLS_1_3_AES_128_SHA_256, which is better in
> terms of
> > performance.
> 
> Ah! Right - now I understand.
> 
> So the option SSL_OP_CIPHER_SERVER_PREFERENCE means that the server 
> prefers the
> server's ordering of ciphersuites compared to the clients. With that 
> option set
> it will use the first ciphersuite that is in the server's list that is 
> also in
> the client's list. Without the set it will use the first ciphersuite that 
> is in
> the client's list that is also in the server's list. Server operators 
> often
> prefer this because it gives more control over which ciphersuite 
> ultimately gets
> used. But that's only really useful if you also look at this list of 
> configured
> ciphersuites and make sure they are in your preferred order! Otherwise the
> option is fairly pointless!
> 
> For TLSv1.3 the default list is:
> 
> #   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
>                                     "TLS_CHACHA20_POLY1305_SHA256:" \
>                                     "TLS_AES_128_GCM_SHA256"
> 
> If you want a different order you can use the functions
> SSL_CTX_set_ciphersuites() (or SSL_set_ciphersuites()) to amend it:
> 
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html
> 
> Matt
> 
> >
> > Thanks very much,
> > Chitrang
> >
> > Tuesday, August 6, 2019, Matt Caswell  
> > >> wrote:
> >
> >
> >
> >     On 06/08/2019 12:20, Chitrang Srivastava wrote:
> >     > Noticed that if I set  SSL_OP_CIPHER_SERVER_PREFERENCE,
> >     TLS_1_3_AES_256_SHA_384
> >     > is being used while without that
> >     > AES_128_SHA256 is being used and I see client(Chrome) send this 
> as first
> >     preference.
> >     > Is there anyway where I can always prefer AES-128-SHA256 cipher 
> suite of
> >     TLS 1.3?
> >
> >     Hmmm...are you sure?
> >
> >     Those names don't look like OpenSSL names for those ciphersuites. I
> guess you
> >     mean TLS_AES_256_GCM_SHA384 and AES128-SHA256. The former is a 
> TLSv1.3
> >     ciphersuite and the latter is for TLSv1.2 and below. They are 
> mutually
> >     exclusive. If you negotiate TLSv1.3 then you can't use TLSv1.2
> ciphersuites and
> >     vice versa.
> >
> >     SSL_OP_CIPHER_SERVER_PREFERENCE should not affect the protocol 
> version
> >     negotiated. OpenSSL negotiates the version *first* before deciding 
> what
> >     ciphersuite to use. So it should not be the case that
> >     SSL_OP_CIPHER_SERVER_PREFERENCE suddenly causes a TLSv1.3 
> ciphersuite
> to be used
> >     when a TLSv1.2 ciphersuite was used without it.
> >
> >     Matt
> >
> >
> >     >
> >     > On Tue, Aug 6, 2019 at 3:53 PM Matt Caswell  
> >     >
> >     > 
>  >     >
> >     >
> >     >
> >     >     On 06/08/2019 11:21, Chitrang Srivastava wrote:
> >     >     > Yes , since in my case mostly browser will be used to access
> >     webserver running
> >     >     > on embedded platform.
> >     >     > Another question, since my

Re: SSL Server setup DH/ECDH

2019-08-07 Thread Chitrang Srivastava

Hi Matt,

I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
s_ctx = SSL_CTX_new(TLS_method());
SSL_CTX_set_options(s_ctx,  SSL_OP_NO_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
SSL_CTX_set_ciphersuites(s_ctx,
"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384");

In the debugger I noticed

s_ctx :: cipher_list & cipher_list_by_id are both NULL
However tls13_ciphersuites is populated.
Further in update_cipher_list which is called by SSL_CTX_set_ciphersuites
tries to delete this cipher_list and hence crash ?

Any pointer what I am missing?

-Thanks



On Tue, Aug 6, 2019 at 7:48 PM Matt Caswell  wrote:

>
>
> On 06/08/2019 14:58, Chitrang Srivastava wrote:
> > Yeah I mean TLS 1.3 cipher , sorry I haven't pasted exact names.
> > So after SSL_OP_CIPHER_SERVER_PREFERENCE, server uses
> > TLS_1_3_AES_256_SHA_384.
> > While without that it uses TLS_1_3_AES_128_SHA_256, which is better in
> terms of
> > performance.
>
> Ah! Right - now I understand.
>
> So the option SSL_OP_CIPHER_SERVER_PREFERENCE means that the server
> prefers the
> server's ordering of ciphersuites compared to the clients. With that
> option set
> it will use the first ciphersuite that is in the server's list that is
> also in
> the client's list. Without the set it will use the first ciphersuite that
> is in
> the client's list that is also in the server's list. Server operators often
> prefer this because it gives more control over which ciphersuite
> ultimately gets
> used. But that's only really useful if you also look at this list of
> configured
> ciphersuites and make sure they are in your preferred order! Otherwise the
> option is fairly pointless!
>
> For TLSv1.3 the default list is:
>
> #   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
> "TLS_CHACHA20_POLY1305_SHA256:" \
> "TLS_AES_128_GCM_SHA256"
>
> If you want a different order you can use the functions
> SSL_CTX_set_ciphersuites() (or SSL_set_ciphersuites()) to amend it:
>
> https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html
>
> Matt
>
> >
> > Thanks very much,
> > Chitrang
> >
> > Tuesday, August 6, 2019, Matt Caswell  > > wrote:
> >
> >
> >
> > On 06/08/2019 12:20, Chitrang Srivastava wrote:
> > > Noticed that if I set  SSL_OP_CIPHER_SERVER_PREFERENCE,
> > TLS_1_3_AES_256_SHA_384
> > > is being used while without that
> > > AES_128_SHA256 is being used and I see client(Chrome) send this as
> first
> > preference.
> > > Is there anyway where I can always prefer AES-128-SHA256 cipher
> suite of
> > TLS 1.3?
> >
> > Hmmm...are you sure?
> >
> > Those names don't look like OpenSSL names for those ciphersuites. I
> guess you
> > mean TLS_AES_256_GCM_SHA384 and AES128-SHA256. The former is a
> TLSv1.3
> > ciphersuite and the latter is for TLSv1.2 and below. They are
> mutually
> > exclusive. If you negotiate TLSv1.3 then you can't use TLSv1.2
> ciphersuites and
> > vice versa.
> >
> > SSL_OP_CIPHER_SERVER_PREFERENCE should not affect the protocol
> version
> > negotiated. OpenSSL negotiates the version *first* before deciding
> what
> > ciphersuite to use. So it should not be the case that
> > SSL_OP_CIPHER_SERVER_PREFERENCE suddenly causes a TLSv1.3
> ciphersuite to be used
> > when a TLSv1.2 ciphersuite was used without it.
> >
> > Matt
> >
> >
> > >
> > > On Tue, Aug 6, 2019 at 3:53 PM Matt Caswell  > 
> > > >> wrote:
> > >
> > >
> > >
> > > On 06/08/2019 11:21, Chitrang Srivastava wrote:
> > > > Yes , since in my case mostly browser will be used to access
> > webserver running
> > > > on embedded platform.
> > > > Another question, since my webserver is running on embedded
> platform and
> > > it has
> > > > limited memory , I have disabled
> > > > ARIA/CAMELLIA  and few others, is that OK ? because I don't
> see any
> > ciphers
> > > > suites which is used in practice.
> > >
> > > Yes, that should be fine.
> > >
> > > Matt
> > >
> > > >
> > > >
> > > >
> > > > On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell <
> m...@openssl.org
> > 
> > > >
> > > > 
> >  > > >
> > > >
> > > >
> > > > On 06/08/2019 11:07, Chitrang Srivastava wrote:
> > > > > Thanks Matt,
> > > > >
> > > > > So now I have, which i believe is enough ?
> > > > >
> > > > >

Re: SSL Server setup DH/ECDH

2019-08-06 Thread Matt Caswell




On 06/08/2019 11:21, Chitrang Srivastava wrote:
> Yes , since in my case mostly browser will be used to access webserver running
> on embedded platform.
> Another question, since my webserver is running on embedded platform and it 
> has
> limited memory , I have disabled
> ARIA/CAMELLIA  and few others, is that OK ? because I don't see any ciphers
> suites which is used in practice.

Yes, that should be fine.

Matt

> 
> 
> 
> On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell  > wrote:
> 
> 
> 
> On 06/08/2019 11:07, Chitrang Srivastava wrote:
> > Thanks Matt,
> >
> > So now I have, which i believe is enough ?
> >
> > SSL_CTX_set_options(s_ctx,  SSL_OP_NO_RENEGOTIATION |
> > SSL_OP_CIPHER_SERVER_PREFERENCE);
> > SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
> 
> This is fine although it obviously prevents connections from very old 
> clients
> that don't support TLSv1.2. This might not be a problem for you depending 
> on
> your situation.
> 
> Matt
> 
> >
> > On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell  
> > >> wrote:
> >
> >
> >
> >     On 06/08/2019 09:42, Chitrang Srivastava wrote:
> >     > Hi,
> >     >
> >     > I am implementing HTTPs server using openssl 1.1.1b.
> >     > Is it mandatory to setup these API's while creating ssl context ?
> >     >
> >     > SSL_CTX_set_tmp_ecdh
> >     >
> >     > SSL_CTX_set_tmp_dh
> >
> >     By default OpenSSL will automatically use ECDH if appropriate and 
> choose a
> >     suitable group so there is no need to call SSL_CTX_set_tmp_ecdh()
> unless you
> >     want more control over which specific group is used.
> >
> >     OpenSSL will not use DH unless you specifically configure it. If you
> want to
> >     make use of DH based ciphersuites then you must either call
> SSL_CTX_set_tmp_dh()
> >     or SSL_CTX_set_dh_auto() (or the SSL_* equivalents). Calling the
> former enables
> >     you to configure any arbitrary DH group that you choose. Calling the
> latter will
> >     enable the built-in DH groups.
> >
> >     It is not mandatory to call any of the above.
> >
> >     >
> >     > Also any suggestion what all options one should set while setting 
> up
> >     server like
> >     > SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3
> >
> >     Don't use the protocol version specific options at all. Use
> >     SSL_CTX_set_min_proto_version() if you want to specify a minimum 
> protocol
> >     version. SSLv2 is no longer supported at all. SSLv3 is compiled out 
> by
> default.
> >
> >     Other options that are worth considering are 
> SSL_OP_NO_RENEGOTIATION and
> >     (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. Generally you don't need
> the others
> >     unless there is a specific problem you are trying to solve.
> >
> >     Matt
> >
>

Re: SSL Server setup DH/ECDH

2019-08-06 Thread Chitrang Srivastava

Yes , since in my case mostly browser will be used to access webserver
running on embedded platform.
Another question, since my webserver is running on embedded platform and it
has limited memory , I have disabled
ARIA/CAMELLIA  and few others, is that OK ? because I don't see any ciphers
suites which is used in practice.



On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell  wrote:

>
>
> On 06/08/2019 11:07, Chitrang Srivastava wrote:
> > Thanks Matt,
> >
> > So now I have, which i believe is enough ?
> >
> > SSL_CTX_set_options(s_ctx,  SSL_OP_NO_RENEGOTIATION |
> > SSL_OP_CIPHER_SERVER_PREFERENCE);
> > SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
>
> This is fine although it obviously prevents connections from very old
> clients
> that don't support TLSv1.2. This might not be a problem for you depending
> on
> your situation.
>
> Matt
>
> >
> > On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell  > > wrote:
> >
> >
> >
> > On 06/08/2019 09:42, Chitrang Srivastava wrote:
> > > Hi,
> > >
> > > I am implementing HTTPs server using openssl 1.1.1b.
> > > Is it mandatory to setup these API's while creating ssl context ?
> > >
> > > SSL_CTX_set_tmp_ecdh
> > >
> > > SSL_CTX_set_tmp_dh
> >
> > By default OpenSSL will automatically use ECDH if appropriate and
> choose a
> > suitable group so there is no need to call SSL_CTX_set_tmp_ecdh()
> unless you
> > want more control over which specific group is used.
> >
> > OpenSSL will not use DH unless you specifically configure it. If you
> want to
> > make use of DH based ciphersuites then you must either call
> SSL_CTX_set_tmp_dh()
> > or SSL_CTX_set_dh_auto() (or the SSL_* equivalents). Calling the
> former enables
> > you to configure any arbitrary DH group that you choose. Calling the
> latter will
> > enable the built-in DH groups.
> >
> > It is not mandatory to call any of the above.
> >
> > >
> > > Also any suggestion what all options one should set while setting
> up
> > server like
> > > SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3
> >
> > Don't use the protocol version specific options at all. Use
> > SSL_CTX_set_min_proto_version() if you want to specify a minimum
> protocol
> > version. SSLv2 is no longer supported at all. SSLv3 is compiled out
> by default.
> >
> > Other options that are worth considering are SSL_OP_NO_RENEGOTIATION
> and
> > (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. Generally you don't need
> the others
> > unless there is a specific problem you are trying to solve.
> >
> > Matt
> >
>

Re: SSL Server setup DH/ECDH

2019-08-06 Thread Matt Caswell




On 06/08/2019 11:07, Chitrang Srivastava wrote:
> Thanks Matt,
> 
> So now I have, which i believe is enough ?
> 
> SSL_CTX_set_options(s_ctx,  SSL_OP_NO_RENEGOTIATION |
> SSL_OP_CIPHER_SERVER_PREFERENCE);
> SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);

This is fine although it obviously prevents connections from very old clients
that don't support TLSv1.2. This might not be a problem for you depending on
your situation.

Matt

> 
> On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell  > wrote:
> 
> 
> 
> On 06/08/2019 09:42, Chitrang Srivastava wrote:
> > Hi,
> >
> > I am implementing HTTPs server using openssl 1.1.1b.
> > Is it mandatory to setup these API's while creating ssl context ?
> >
> > SSL_CTX_set_tmp_ecdh
> >
> > SSL_CTX_set_tmp_dh
> 
> By default OpenSSL will automatically use ECDH if appropriate and choose a
> suitable group so there is no need to call SSL_CTX_set_tmp_ecdh() unless 
> you
> want more control over which specific group is used.
> 
> OpenSSL will not use DH unless you specifically configure it. If you want 
> to
> make use of DH based ciphersuites then you must either call 
> SSL_CTX_set_tmp_dh()
> or SSL_CTX_set_dh_auto() (or the SSL_* equivalents). Calling the former 
> enables
> you to configure any arbitrary DH group that you choose. Calling the 
> latter will
> enable the built-in DH groups.
> 
> It is not mandatory to call any of the above.
> 
> >
> > Also any suggestion what all options one should set while setting up
> server like
> > SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3
> 
> Don't use the protocol version specific options at all. Use
> SSL_CTX_set_min_proto_version() if you want to specify a minimum protocol
> version. SSLv2 is no longer supported at all. SSLv3 is compiled out by 
> default.
> 
> Other options that are worth considering are SSL_OP_NO_RENEGOTIATION and
> (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. Generally you don't need the 
> others
> unless there is a specific problem you are trying to solve.
> 
> Matt
>

Re: SSL Server setup DH/ECDH

2019-08-06 Thread Chitrang Srivastava

Thanks Matt,

So now I have, which i believe is enough ?

SSL_CTX_set_options(s_ctx,  SSL_OP_NO_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);

On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell  wrote:

>
>
> On 06/08/2019 09:42, Chitrang Srivastava wrote:
> > Hi,
> >
> > I am implementing HTTPs server using openssl 1.1.1b.
> > Is it mandatory to setup these API's while creating ssl context ?
> >
> > SSL_CTX_set_tmp_ecdh
> >
> > SSL_CTX_set_tmp_dh
>
> By default OpenSSL will automatically use ECDH if appropriate and choose a
> suitable group so there is no need to call SSL_CTX_set_tmp_ecdh() unless
> you
> want more control over which specific group is used.
>
> OpenSSL will not use DH unless you specifically configure it. If you want
> to
> make use of DH based ciphersuites then you must either call
> SSL_CTX_set_tmp_dh()
> or SSL_CTX_set_dh_auto() (or the SSL_* equivalents). Calling the former
> enables
> you to configure any arbitrary DH group that you choose. Calling the
> latter will
> enable the built-in DH groups.
>
> It is not mandatory to call any of the above.
>
> >
> > Also any suggestion what all options one should set while setting up
> server like
> > SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3
>
> Don't use the protocol version specific options at all. Use
> SSL_CTX_set_min_proto_version() if you want to specify a minimum protocol
> version. SSLv2 is no longer supported at all. SSLv3 is compiled out by
> default.
>
> Other options that are worth considering are SSL_OP_NO_RENEGOTIATION and
> (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. Generally you don't need the
> others
> unless there is a specific problem you are trying to solve.
>
> Matt
>

Re: SSL Server setup DH/ECDH

2019-08-06 Thread Matt Caswell

On 06/08/2019 09:42, Chitrang Srivastava wrote:
> Hi,
> 
> I am implementing HTTPs server using openssl 1.1.1b.
> Is it mandatory to setup these API's while creating ssl context ?
> 
> SSL_CTX_set_tmp_ecdh
> 
> SSL_CTX_set_tmp_dh

By default OpenSSL will automatically use ECDH if appropriate and choose a
suitable group so there is no need to call SSL_CTX_set_tmp_ecdh() unless you
want more control over which specific group is used.

OpenSSL will not use DH unless you specifically configure it. If you want to
make use of DH based ciphersuites then you must either call SSL_CTX_set_tmp_dh()
or SSL_CTX_set_dh_auto() (or the SSL_* equivalents). Calling the former enables
you to configure any arbitrary DH group that you choose. Calling the latter will
enable the built-in DH groups.

It is not mandatory to call any of the above.

> 
> Also any suggestion what all options one should set while setting up server 
> like
> SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3

Don't use the protocol version specific options at all. Use
SSL_CTX_set_min_proto_version() if you want to specify a minimum protocol
version. SSLv2 is no longer supported at all. SSLv3 is compiled out by default.

Other options that are worth considering are SSL_OP_NO_RENEGOTIATION and
(possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. Generally you don't need the others
unless there is a specific problem you are trying to solve.

Matt

SSL Server setup DH/ECDH

2019-08-06 Thread Chitrang Srivastava

Hi,

I am implementing HTTPs server using openssl 1.1.1b.
Is it mandatory to setup these API's while creating ssl context ?

SSL_CTX_set_tmp_ecdh

SSL_CTX_set_tmp_dh

Also any suggestion what all options one should set while setting up server
like
SSL_CTX_set_options like SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3

Thanks,

Re: SSL Server setup DH/ECDH

Re: SSL Server setup DH/ECDH

Re: SSL Server setup DH/ECDH

Re: SSL Server setup DH/ECDH

Re: SSL Server setup DH/ECDH

Re: SSL Server setup DH/ECDH

Re: SSL Server setup DH/ECDH

SSL Server setup DH/ECDH

8 matches

Site Navigation

Mail list logo

Footer information