Re: SSLHonorCipherOrder for OpenBSD's httpd
Example lines for the config file. ok? -Otto Index: httpd.conf === RCS file: /cvs/src/usr.sbin/httpd/conf/httpd.conf,v retrieving revision 1.26 diff -u -p -r1.26 httpd.conf --- httpd.conf 3 Jun 2009 18:28:21 - 1.26 +++ httpd.conf 12 Jul 2013 09:19:27 - @@ -1035,6 +1035,9 @@ SSLEngine on # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP +# If on, use server's order of preference for ciphers. +#SSLHonorCipherOrder on + # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a Index: httpd.conf-dist === RCS file: /cvs/src/usr.sbin/httpd/conf/httpd.conf-dist,v retrieving revision 1.20 diff -u -p -r1.20 httpd.conf-dist --- httpd.conf-dist 1 Apr 2009 06:47:34 - 1.20 +++ httpd.conf-dist 12 Jul 2013 09:19:27 - @@ -1045,6 +1045,9 @@ SSLEngine on # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +# If on, use server's order of preference for ciphers. +#SSLHonorCipherOrder on + # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Wed, Jul 10, 2013 at 10:28:32AM +0200, Otto Moerbeek wrote: On Sun, Jul 07, 2013 at 10:17:11PM -0700, Aaron Stellman wrote: On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote: I think you missed the renogiate case. Anyway, I posted almost the same diff some time ago. You're right -- renegotiate case was missed. Your patch from April looks fine to me. It would be beneficial to have it committed. Thanks As gunther@ kindly remarked, there was a small issue: AP_SRV_CMD versus my AP_ALL_CMD in my original diff. So this is the diff I am going to commit unless sombody objects quickly. And here's the manual page. -Otto Index: ssl_reference.html === RCS file: /cvs/src/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html,v retrieving revision 1.11 diff -u -p -r1.11 ssl_reference.html --- ssl_reference.html 22 Jul 2008 11:20:10 - 1.11 +++ ssl_reference.html 11 Jul 2013 13:17:15 - @@ -294,6 +294,7 @@ virtual host''), which can occur inside nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC7strongSSLEngine/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC8strongSSLProtocol/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC9strongSSLCipherSuite/strong/abr +nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC9astrongSSLHonorCipherOrder/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC10strongSSLCertificateFile/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC11strongSSLCertificateKeyFile/strong/abr nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;a href=#ToC12strongSSLCertificateChainFile/strong/abr @@ -1212,6 +1213,62 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MED /tr/table /td/tr/table /div +!-- SSLHonorCipherOrder - +p +br +a name=SSLCertificateFile/a +h2a name=ToC9aSSLHonorCipherOrder/a/h2 +table cellspacing=0 cellpadding=1 bgcolor=#cc border=0 summary= +tr +td +table bgcolor=white width=600 cellspacing=0 cellpadding=5 border=0 summary= +tr +td +table cellspacing=0 cellpadding=1 border=0 summary= +trtd +font face=Arial,HelveticabName:/b/font/a /tdtd bSSLHonorCipherOrder/b/td/tr +trtd +font face=Arial,HelveticabDescription:/b/font/a /tdtd User server's order of preference for ciphers/td/tr +trtda + href=../directive-dict.html#Syntax + rel=Help +font face=Arial,HelveticabSyntax:/b/font/a /tdtd codeSSLHonorCipherOrder/code emon|off/em/td/tr +trtda + href=../directive-dict.html#Default + rel=Help +font face=Arial,HelveticabDefault:/b/font/a /tdtd codeHonorCip Off/td/tr +trtda + href=../directive-dict.html#Context + rel=Help +font face=Arial,HelveticabContext:/b/font/a /tdtd server config, virtual host/td/tr +trtda + href=../directive-dict.html#Override + rel=Help +font face=Arial,HelveticabOverride:/b/font/a /tdtd emNot applicable/em/td/tr +trtda + href=../directive-dict.html#Status + rel=Help +font face=Arial,HelveticabStatus:/b/font/a /tdtd Extension/td/tr +trtda + href=../directive-dict.html#Module + rel=Help +font face=Arial,HelveticabModule:/b/font/a /tdtd mod_ssl/td/tr +trtda + href=../directive-dict.html#Compatibility + rel=Help +font face=Arial,HelveticabCompatibility:/b/font/a /tdtd/td/tr +/table +/td +/tr +/table +/td +/tr +/table +p +By default, the client's order of preference is used when choosing a cipher. +When switched on, this directive makes the server's order of preference for +ciphers leading. Applies to SSLv3 and TLS. +p !-- SSLCertificateFile - p br
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Sun, Jul 07, 2013 at 10:17:11PM -0700, Aaron Stellman wrote: On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote: I think you missed the renogiate case. Anyway, I posted almost the same diff some time ago. You're right -- renegotiate case was missed. Your patch from April looks fine to me. It would be beneficial to have it committed. Thanks As gunther@ kindly remarked, there was a small issue: AP_SRV_CMD versus my AP_ALL_CMD in my original diff. So this is the diff I am going to commit unless sombody objects quickly. -Otto Index: src/modules/ssl/mod_ssl.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.c,v retrieving revision 1.10 diff -u -p -r1.10 mod_ssl.c --- src/modules/ssl/mod_ssl.c 14 Oct 2007 15:12:59 - 1.10 +++ src/modules/ssl/mod_ssl.c 10 Jul 2013 08:26:47 - @@ -107,6 +107,9 @@ static command_rec ssl_config_cmds[] = { AP_SRV_CMD(Engine, FLAG, SSL switch for the protocol engine (`on', `off')) +AP_SRV_CMD(HonorCipherOrder, TAKE1, + Let the server determine preferred ciphers + (`on', `off') AP_ALL_CMD(CipherSuite, TAKE1, Colon-delimited list of permitted SSL Ciphers (`XXX:...:XXX' - see manual)) Index: src/modules/ssl/mod_ssl.h === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.h,v retrieving revision 1.21 diff -u -p -r1.21 mod_ssl.h --- src/modules/ssl/mod_ssl.h 4 Apr 2006 08:51:28 - 1.21 +++ src/modules/ssl/mod_ssl.h 10 Jul 2013 08:26:47 - @@ -516,6 +516,7 @@ typedef struct { char*szCipherSuite; FILE*fileLogFile; int nLogLevel; +BOOL cipher_server_pref; int nVerifyDepth; ssl_verify_t nVerifyClient; X509*pPublicCert[SSL_AIDX_MAX]; @@ -589,6 +590,7 @@ const char *ssl_cmd_SSLPassPhraseDialog const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *); const char *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *); const char *ssl_cmd_SSLEngine(cmd_parms *, char *, int); +const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *, char *, int); const char *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *); const char *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *); const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *); Index: src/modules/ssl/ssl_engine_config.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c,v retrieving revision 1.19 diff -u -p -r1.19 ssl_engine_config.c --- src/modules/ssl/ssl_engine_config.c 27 May 2008 10:17:24 - 1.19 +++ src/modules/ssl/ssl_engine_config.c 10 Jul 2013 08:26:47 - @@ -197,6 +197,7 @@ void *ssl_config_server_create(pool *p, sc-szLogFile = NULL; sc-szCipherSuite = NULL; sc-nLogLevel = SSL_LOG_NONE; +sc-cipher_server_pref = UNSET; sc-nVerifyDepth = UNSET; sc-nVerifyClient = SSL_CVERIFY_UNSET; sc-nSessionCacheTimeout = UNSET; @@ -252,6 +253,7 @@ void *ssl_config_server_merge(pool *p, v cfgMergeString(szCertificateChain); cfgMergeString(szLogFile); cfgMergeString(szCipherSuite); +cfgMergeBool(cipher_server_pref); cfgMerge(nLogLevel, SSL_LOG_NONE); cfgMergeInt(nVerifyDepth); cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET); @@ -527,6 +529,14 @@ const char *ssl_cmd_SSLEngine( SSLSrvConfigRec *sc = mySrvConfig(cmd-server); sc-bEnabled = (flag ? TRUE : FALSE); +return NULL; +} + +const char *ssl_cmd_SSLHonorCipherOrder( + cmd_parms *cmd, char *struct_ptr, int flag) +{ +SSLSrvConfigRec *sc = mySrvConfig(cmd-server); +sc-cipher_server_pref = flag?TRUE:FALSE; return NULL; } Index: src/modules/ssl/ssl_engine_init.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c,v retrieving revision 1.28 diff -u -p -r1.28 ssl_engine_init.c --- src/modules/ssl/ssl_engine_init.c 7 Jul 2012 17:08:17 - 1.28 +++ src/modules/ssl/ssl_engine_init.c 10 Jul 2013 08:26:47 - @@ -589,6 +589,8 @@ void ssl_init_ConfigureServer(server_rec SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if (!(sc-nProtocol SSL_PROTOCOL_TLSV1)) SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); +if (sc-cipher_server_pref == TRUE) + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_app_data(ctx, s); sc-pSSLCtx = ctx; Index: src/modules/ssl/ssl_engine_kernel.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.25 diff -u -p -r1.25
Re: SSLHonorCipherOrder for OpenBSD's httpd
Aaron Stellman z...@x96.org writes: As you may or may not know, SSLHonorCipherOrder is supported since apache 2.1. This diff ports this feature to OpenBSD's httpd. Its effects can be tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by playing with SSLHonorCipherOrder/SSLCipherSuite directives. Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2 SSLHonorCipherOrder directive is useful for prioritizing certain crypto parameters over others. I use to to prioritize GCM over RC4, and RC4 over CBC based ciphers to reduce chance of BEAST attack. It's documented @ http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? -- Jérémie Courrèges-Anglas PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Mon, Jul 08, 2013 at 05:30:22AM +0200, J??r??mie Courr??ges-Anglas wrote: Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2 I am sorry I've missed his earlier email. This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? I believe so -- I apologize if that's not acceptable for OpenBSD src.
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Sun, Jul 07, 2013 at 08:40:52PM -0700, Aaron Stellman wrote: On Mon, Jul 08, 2013 at 05:30:22AM +0200, J??r??mie Courr??ges-Anglas wrote: Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2 I am sorry I've missed his earlier email. This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? I believe so -- I apologize if that's not acceptable for OpenBSD src. I believe there's very little copyrightable in this. It's basically switching on an openssl option. -Otto
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Sun, Jul 07, 2013 at 08:18:18PM -0700, Aaron Stellman wrote: As you may or may not know, SSLHonorCipherOrder is supported since apache 2.1. This diff ports this feature to OpenBSD's httpd. Its effects can be tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by playing with SSLHonorCipherOrder/SSLCipherSuite directives. SSLHonorCipherOrder directive is useful for prioritizing certain crypto parameters over others. I use to to prioritize GCM over RC4, and RC4 over CBC based ciphers to reduce chance of BEAST attack. It's documented @ http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder This diff is adapted from r103832 @ http://svn.apache.org/repos/asf/httpd (subversion) Thanks I think you missed the renogiate case. Anyway, I posted almost the same diff some time ago. -Otto Index: usr.sbin/httpd//src/modules/ssl/mod_ssl.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.c,v retrieving revision 1.10 diff -u -p -r1.10 mod_ssl.c --- usr.sbin/httpd//src/modules/ssl/mod_ssl.c 14 Oct 2007 15:12:59 - 1.10 +++ usr.sbin/httpd//src/modules/ssl/mod_ssl.c 8 Jul 2013 03:08:27 - @@ -158,6 +158,8 @@ static command_rec ssl_config_cmds[] = { AP_SRV_CMD(Protocol, RAW_ARGS, Enable or disable various SSL protocols (`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)) +AP_SRV_CMD(HonorCipherOrder, FLAG, +Use the server's cipher ordering preference) #ifdef SSL_EXPERIMENTAL_PROXY /* Index: usr.sbin/httpd//src/modules/ssl/mod_ssl.h === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/mod_ssl.h,v retrieving revision 1.21 diff -u -p -r1.21 mod_ssl.h --- usr.sbin/httpd//src/modules/ssl/mod_ssl.h 4 Apr 2006 08:51:28 - 1.21 +++ usr.sbin/httpd//src/modules/ssl/mod_ssl.h 8 Jul 2013 03:08:27 - @@ -514,6 +514,7 @@ typedef struct { char*szCACertificateFile; char*szLogFile; char*szCipherSuite; +BOOL cipher_server_pref; FILE*fileLogFile; int nLogLevel; int nVerifyDepth; @@ -597,6 +598,7 @@ const char *ssl_cmd_SSLCACertificatePat const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *, char *); const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *, char *); const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *, char *); +const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); const char *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *); const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *); const char *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *); Index: usr.sbin/httpd//src/modules/ssl/ssl_engine_config.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c,v retrieving revision 1.19 diff -u -p -r1.19 ssl_engine_config.c --- usr.sbin/httpd//src/modules/ssl/ssl_engine_config.c 27 May 2008 10:17:24 - 1.19 +++ usr.sbin/httpd//src/modules/ssl/ssl_engine_config.c 8 Jul 2013 03:08:27 - @@ -208,6 +208,7 @@ void *ssl_config_server_create(pool *p, sc-szCARevocationPath = NULL; sc-szCARevocationFile = NULL; sc-pRevocationStore = NULL; +sc-cipher_server_pref = UNSET; #ifdef SSL_EXPERIMENTAL_PROXY sc-nProxyVerifyDepth = UNSET; @@ -264,6 +265,7 @@ void *ssl_config_server_merge(pool *p, v cfgMerge(szCARevocationPath, NULL); cfgMerge(szCARevocationFile, NULL); cfgMerge(pRevocationStore, NULL); +cfgMergeBool(cipher_server_pref); for (i = 0; i SSL_AIDX_MAX; i++) { cfgMergeString(szPublicCertFile[i]); @@ -540,6 +542,17 @@ const char *ssl_cmd_SSLCipherSuite( else dc-szCipherSuite = arg; return NULL; +} + +const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) +{ +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE +SSLSrvConfigRec *sc = mySrvConfig(cmd-server); +sc-cipher_server_pref = flag?TRUE:FALSE; +return NULL; +#else +return SSLHonorCiperOrder unsupported; not implemented by the SSL library; +#endif } const char *ssl_cmd_SSLCertificateFile( Index: usr.sbin/httpd//src/modules/ssl/ssl_engine_init.c === RCS file: /cvs/src/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c,v retrieving revision 1.28 diff -u -p -r1.28 ssl_engine_init.c --- usr.sbin/httpd//src/modules/ssl/ssl_engine_init.c 7 Jul 2012 17:08:17 - 1.28 +++ usr.sbin/httpd//src/modules/ssl/ssl_engine_init.c 8 Jul 2013 03:08:27 - @@ -589,6 +589,16 @@ void
Re: SSLHonorCipherOrder for OpenBSD's httpd
On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote: I think you missed the renogiate case. Anyway, I posted almost the same diff some time ago. You're right -- renegotiate case was missed. Your patch from April looks fine to me. It would be beneficial to have it committed. Thanks