Re: [openssl-users] How to use ADH with OpenSSL 1.1.0

2018-04-14 Thread Frykenvall, Per 
>> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the 
>> trick, but as far as I understand, it switches off some other cipher checks. 
>> What's the recommended way of allowing ADH?

>For now just @SECLEVEL=0.  There's not yet a more fine-grained to set the 
>security 
>level for crypto parameters but allow certificate-less key exchange.  If 
>you're willing
>to allow MiTM attacks, then downgrades are of scope, and the peers will 
>negotiate
>the best available ciphers, so @SECLEVEL=0 is probably fine, you'll still get 
>strong ciphers.
>You can also limit the cipher list to exclude anything you feel is too weak to 
>offer.

Since we never allow unauthenticated cipher suites in production 
configurations, it's actually not a problem with the @SECLEVEL solution for 
those test systems where we do use ADH. Glad that I don't have to use a 
modified callback.
Thanks a lot, Per

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to use ADH with OpenSSL 1.1.0

2018-04-12 Thread Viktor Dukhovni 


> On Apr 12, 2018, at 7:12 AM, Frykenvall, Per  wrote:
> 
> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the 
> trick, but as far as I understand, it switches off some other cipher checks. 
> What's the recommended way of allowing ADH?

For now just @SECLEVEL=0.  There's not yet a more fine-grained to set the 
security level for crypto parameters but allow certificate-less key exchange.  
If you're willing to allow MiTM attacks, then downgrades are of scope, and the 
peers will negotiate the best available ciphers, so @SECLEVEL=0 is probably 
fine, you'll still get strong ciphers.
You can also limit the cipher list to exclude anything you feel is too weak to 
offer.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to use ADH with OpenSSL 1.1.0

2018-04-12 Thread Frykenvall, Per 
Hi,

I need to permit some anonymous Diffie-Hellman ciphers in OpenSSL. This worked 
fine until I installed 1.1.0h when I get "no shared cipher". I debugged and 
found the cause in ssl_security_default_callback, ssl_cert.c line 1028:

/* No unauthenticated ciphersuites */
if (c->algorithm_auth & SSL_aNULL)
return 0;

So do I need to have my own callback, using SSL_CTX_set_security_callback? The 
manual page is not very informative and I'm not sure about how to implement the 
callback. I wouldn't like to duplicate all the other checks of the default 
callback.

Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick, 
but as far as I understand, it switches off some other cipher checks. What's 
the recommended way of allowing ADH?

Best regards,
Per

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users