Re: SSLHonorCipherOrder for OpenBSD's httpd
Example lines for the config file. ok? -Otto Index: httpd.conf === RCS file: /cvs/src/usr.sbin/httpd/conf/httpd.conf,v retrieving revision 1.26 diff -u -p -r1.26 httpd.conf --- httpd.conf 3 Jun 2009 18:28:21 - 1.26 +++ httpd.conf 12 Jul 2013 09:19:27 - @@ -1035,6 +1035,9 @@ SSLEngine on # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP +# If on, use server's order of preference for ciphers. +#SSLHonorCipherOrder on + # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a Index: httpd.conf-dist === RCS file: /cvs/src/usr.sbin/httpd/conf/httpd.conf-dist,v retrieving revision 1.20 diff -u -p -r1.20 httpd.conf-dist --- httpd.conf-dist 1 Apr 2009 06:47:34 - 1.20 +++ httpd.conf-dist 12 Jul 2013 09:19:27 - @@ -1045,6 +1045,9 @@ SSLEngine on # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +# If on, use server's order of preference for ciphers. +#SSLHonorCipherOrder on + # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Wed, Jul 10, 2013 at 10:28:32AM +0200, Otto Moerbeek wrote: On Sun, Jul 07, 2013 at 10:17:11PM -0700, Aaron Stellman wrote: On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote: I think you missed the renogiate case. Anyway, I posted almost the same diff some time ago. You're right -- renegotiate case was missed. Your patch from April looks fine to me. It would be beneficial to have it committed. Thanks As gunther@ kindly remarked, there was a small issue: AP_SRV_CMD versus my AP_ALL_CMD in my original diff. So this is the diff I am going to commit unless sombody objects quickly. And here's the manual page. -Otto Index: ssl_reference.html === RCS file: /cvs/src/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html,v retrieving revision 1.11 diff -u -p -r1.11 ssl_reference.html --- ssl_reference.html 22 Jul 2008 11:20:10 - 1.11 +++ ssl_reference.html 11 Jul 2013 13:17:15 - @@ -294,6 +294,7 @@ virtual host''), which can occur inside nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC7strongSSLEngine/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC8strongSSLProtocol/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC9strongSSLCipherSuite/strong/abr +nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC9astrongSSLHonorCipherOrder/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC10strongSSLCertificateFile/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC11strongSSLCertificateKeyFile/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC12strongSSLCertificateChainFile/strong/abr @@ -1212,6 +1213,62 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MED /tr/table /td/tr/table /div +!-- SSLHonorCipherOrder - +p +br +a name=SSLCertificateFile/a +h2a name=ToC9aSSLHonorCipherOrder/a/h2 +table cellspacing=0 cellpadding=1 bgcolor=#cc border=0 summary= +tr +td +table bgcolor=white width=600 cellspacing=0 cellpadding=5 border=0 summary= +tr +td +table cellspacing=0 cellpadding=1 border=0 summary= +trtd +font face=Arial,HelveticabName:/b/font/a /tdtd bSSLHonorCipherOrder/b/td/tr +trtd +font face=Arial,HelveticabDescription:/b/font/a /tdtd User server's order of preference for ciphers/td/tr +trtda + href=../directive-dict.html#Syntax + rel=Help +font face=Arial,HelveticabSyntax:/b/font/a /tdtd codeSSLHonorCipherOrder/code emon|off/em/td/tr +trtda + href=../directive-dict.html#Default + rel=Help +font face=Arial,HelveticabDefault:/b/font/a /tdtd codeHonorCip Off/td/tr +trtda + href=../directive-dict.html#Context + rel=Help +font face=Arial,HelveticabContext:/b/font/a /tdtd server config, virtual host/td/tr +trtda + href=../directive-dict.html#Override + rel=Help +font face=Arial,HelveticabOverride:/b/font/a /tdtd emNot applicable/em/td/tr +trtda + href=../directive-dict.html#Status + rel=Help +font face=Arial,HelveticabStatus:/b/font/a /tdtd Extension/td/tr +trtda + href=../directive-dict.html#Module + rel=Help +font face=Arial,HelveticabModule:/b/font/a /tdtd mod_ssl/td/tr +trtda + href=../directive-dict.html#Compatibility + rel=Help +font face=Arial,HelveticabCompatibility:/b/font/a /tdtd/td/tr +/table +/td +/tr +/table +/td +/tr +/table +p +By default, the client's order of preference is used when choosing a cipher. +When switched on, this directive makes the server's order of preference for +ciphers leading. Applies to SSLv3 and TLS. +p !-- SSLCertificateFile - p br
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Sun, Jul 07, 2013 at 10:17:11PM -0700, Aaron Stellman wrote:
On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote:
I think you missed the renogiate case. Anyway, I posted almost the
same diff some time ago.
You're right -- renegotiate case was missed. Your patch from April looks
fine to me. It would be beneficial to have it committed.
Thanks
As gunther@ kindly remarked, there was a small issue: AP_SRV_CMD
versus my AP_ALL_CMD in my original diff. So this is the diff I am
going to commit unless sombody objects quickly.
-Otto
Index: src/modules/ssl/mod_ssl.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.c,v
retrieving revision 1.10
diff -u -p -r1.10 mod_ssl.c
--- src/modules/ssl/mod_ssl.c 14 Oct 2007 15:12:59 - 1.10
+++ src/modules/ssl/mod_ssl.c 10 Jul 2013 08:26:47 -
@@ -107,6 +107,9 @@ static command_rec ssl_config_cmds[] = {
AP_SRV_CMD(Engine, FLAG,
SSL switch for the protocol engine
(`on', `off'))
+AP_SRV_CMD(HonorCipherOrder, TAKE1,
+ Let the server determine preferred ciphers
+ (`on', `off')
AP_ALL_CMD(CipherSuite, TAKE1,
Colon-delimited list of permitted SSL Ciphers
(`XXX:...:XXX' - see manual))
Index: src/modules/ssl/mod_ssl.h
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.h,v
retrieving revision 1.21
diff -u -p -r1.21 mod_ssl.h
--- src/modules/ssl/mod_ssl.h 4 Apr 2006 08:51:28 - 1.21
+++ src/modules/ssl/mod_ssl.h 10 Jul 2013 08:26:47 -
@@ -516,6 +516,7 @@ typedef struct {
char*szCipherSuite;
FILE*fileLogFile;
int nLogLevel;
+BOOL cipher_server_pref;
int nVerifyDepth;
ssl_verify_t nVerifyClient;
X509*pPublicCert[SSL_AIDX_MAX];
@@ -589,6 +590,7 @@ const char *ssl_cmd_SSLPassPhraseDialog
const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *);
const char *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char
*);
const char *ssl_cmd_SSLEngine(cmd_parms *, char *, int);
+const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *, char *, int);
const char *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *);
const char *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *);
const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *);
Index: src/modules/ssl/ssl_engine_config.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.19
diff -u -p -r1.19 ssl_engine_config.c
--- src/modules/ssl/ssl_engine_config.c 27 May 2008 10:17:24 - 1.19
+++ src/modules/ssl/ssl_engine_config.c 10 Jul 2013 08:26:47 -
@@ -197,6 +197,7 @@ void *ssl_config_server_create(pool *p,
sc-szLogFile = NULL;
sc-szCipherSuite = NULL;
sc-nLogLevel = SSL_LOG_NONE;
+sc-cipher_server_pref = UNSET;
sc-nVerifyDepth = UNSET;
sc-nVerifyClient = SSL_CVERIFY_UNSET;
sc-nSessionCacheTimeout = UNSET;
@@ -252,6 +253,7 @@ void *ssl_config_server_merge(pool *p, v
cfgMergeString(szCertificateChain);
cfgMergeString(szLogFile);
cfgMergeString(szCipherSuite);
+cfgMergeBool(cipher_server_pref);
cfgMerge(nLogLevel, SSL_LOG_NONE);
cfgMergeInt(nVerifyDepth);
cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
@@ -527,6 +529,14 @@ const char *ssl_cmd_SSLEngine(
SSLSrvConfigRec *sc = mySrvConfig(cmd-server);
sc-bEnabled = (flag ? TRUE : FALSE);
+return NULL;
+}
+
+const char *ssl_cmd_SSLHonorCipherOrder(
+ cmd_parms *cmd, char *struct_ptr, int flag)
+{
+SSLSrvConfigRec *sc = mySrvConfig(cmd-server);
+sc-cipher_server_pref = flag?TRUE:FALSE;
return NULL;
}
Index: src/modules/ssl/ssl_engine_init.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.28
diff -u -p -r1.28 ssl_engine_init.c
--- src/modules/ssl/ssl_engine_init.c 7 Jul 2012 17:08:17 - 1.28
+++ src/modules/ssl/ssl_engine_init.c 10 Jul 2013 08:26:47 -
@@ -589,6 +589,8 @@ void ssl_init_ConfigureServer(server_rec
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
if (!(sc-nProtocol SSL_PROTOCOL_TLSV1))
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
+if (sc-cipher_server_pref == TRUE)
+ SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_app_data(ctx, s);
sc-pSSLCtx = ctx;
Index: src/modules/ssl/ssl_engine_kernel.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.25
diff -u -p -r1.25
Re: SSLHonorCipherOrder for OpenBSD's httpd
Aaron Stellman z...@x96.org writes: As you may or may not know, SSLHonorCipherOrder is supported since apache 2.1. This diff ports this feature to OpenBSD's httpd. Its effects can be tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by playing with SSLHonorCipherOrder/SSLCipherSuite directives. Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2 SSLHonorCipherOrder directive is useful for prioritizing certain crypto parameters over others. I use to to prioritize GCM over RC4, and RC4 over CBC based ciphers to reduce chance of BEAST attack. It's documented @ http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? -- Jérémie Courrèges-Anglas PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Mon, Jul 08, 2013 at 05:30:22AM +0200, J??r??mie Courr??ges-Anglas wrote: Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2 I am sorry I've missed his earlier email. This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? I believe so -- I apologize if that's not acceptable for OpenBSD src.
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Sun, Jul 07, 2013 at 08:40:52PM -0700, Aaron Stellman wrote: On Mon, Jul 08, 2013 at 05:30:22AM +0200, J??r??mie Courr??ges-Anglas wrote: Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2 I am sorry I've missed his earlier email. This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? I believe so -- I apologize if that's not acceptable for OpenBSD src. I believe there's very little copyrightable in this. It's basically switching on an openssl option. -Otto
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Sun, Jul 07, 2013 at 08:18:18PM -0700, Aaron Stellman wrote:
As you may or may not know, SSLHonorCipherOrder is supported since
apache 2.1.
This diff ports this feature to OpenBSD's httpd. Its effects can be
tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by
playing with SSLHonorCipherOrder/SSLCipherSuite directives.
SSLHonorCipherOrder directive is useful for prioritizing certain crypto
parameters over others. I use to to prioritize GCM over RC4, and RC4
over CBC based ciphers to reduce chance of BEAST attack.
It's documented @
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder
This diff is adapted from r103832 @
http://svn.apache.org/repos/asf/httpd (subversion)
Thanks
I think you missed the renogiate case. Anyway, I posted almost the
same diff some time ago.
-Otto
Index: usr.sbin/httpd//src/modules/ssl/mod_ssl.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.c,v
retrieving revision 1.10
diff -u -p -r1.10 mod_ssl.c
--- usr.sbin/httpd//src/modules/ssl/mod_ssl.c 14 Oct 2007 15:12:59 -
1.10
+++ usr.sbin/httpd//src/modules/ssl/mod_ssl.c 8 Jul 2013 03:08:27 -
@@ -158,6 +158,8 @@ static command_rec ssl_config_cmds[] = {
AP_SRV_CMD(Protocol, RAW_ARGS,
Enable or disable various SSL protocols
(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual))
+AP_SRV_CMD(HonorCipherOrder, FLAG,
+Use the server's cipher ordering preference)
#ifdef SSL_EXPERIMENTAL_PROXY
/*
Index: usr.sbin/httpd//src/modules/ssl/mod_ssl.h
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.h,v
retrieving revision 1.21
diff -u -p -r1.21 mod_ssl.h
--- usr.sbin/httpd//src/modules/ssl/mod_ssl.h 4 Apr 2006 08:51:28 -
1.21
+++ usr.sbin/httpd//src/modules/ssl/mod_ssl.h 8 Jul 2013 03:08:27 -
@@ -514,6 +514,7 @@ typedef struct {
char*szCACertificateFile;
char*szLogFile;
char*szCipherSuite;
+BOOL cipher_server_pref;
FILE*fileLogFile;
int nLogLevel;
int nVerifyDepth;
@@ -597,6 +598,7 @@ const char *ssl_cmd_SSLCACertificatePat
const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *,
char *);
const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *,
char *);
const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *,
char *);
+const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int
flag);
const char *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *);
const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *);
const char *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *);
Index: usr.sbin/httpd//src/modules/ssl/ssl_engine_config.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.19
diff -u -p -r1.19 ssl_engine_config.c
--- usr.sbin/httpd//src/modules/ssl/ssl_engine_config.c 27 May 2008
10:17:24 - 1.19
+++ usr.sbin/httpd//src/modules/ssl/ssl_engine_config.c 8 Jul 2013
03:08:27 -
@@ -208,6 +208,7 @@ void *ssl_config_server_create(pool *p,
sc-szCARevocationPath = NULL;
sc-szCARevocationFile = NULL;
sc-pRevocationStore = NULL;
+sc-cipher_server_pref = UNSET;
#ifdef SSL_EXPERIMENTAL_PROXY
sc-nProxyVerifyDepth = UNSET;
@@ -264,6 +265,7 @@ void *ssl_config_server_merge(pool *p, v
cfgMerge(szCARevocationPath, NULL);
cfgMerge(szCARevocationFile, NULL);
cfgMerge(pRevocationStore, NULL);
+cfgMergeBool(cipher_server_pref);
for (i = 0; i SSL_AIDX_MAX; i++) {
cfgMergeString(szPublicCertFile[i]);
@@ -540,6 +542,17 @@ const char *ssl_cmd_SSLCipherSuite(
else
dc-szCipherSuite = arg;
return NULL;
+}
+
+const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
+{
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+SSLSrvConfigRec *sc = mySrvConfig(cmd-server);
+sc-cipher_server_pref = flag?TRUE:FALSE;
+return NULL;
+#else
+return SSLHonorCiperOrder unsupported; not implemented by the SSL
library;
+#endif
}
const char *ssl_cmd_SSLCertificateFile(
Index: usr.sbin/httpd//src/modules/ssl/ssl_engine_init.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.28
diff -u -p -r1.28 ssl_engine_init.c
--- usr.sbin/httpd//src/modules/ssl/ssl_engine_init.c 7 Jul 2012 17:08:17
- 1.28
+++ usr.sbin/httpd//src/modules/ssl/ssl_engine_init.c 8 Jul 2013 03:08:27
-
@@ -589,6 +589,16 @@ void
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote: I think you missed the renogiate case. Anyway, I posted almost the same diff some time ago. You're right -- renegotiate case was missed. Your patch from April looks fine to me. It would be beneficial to have it committed. Thanks
