From patchwork Sat Jun 16 04:04:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Richard via openwrt-devel X-Patchwork-Id: 930306 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lists.openwrt.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="oQTq9Oq5"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4173dl5Hggz9s4n for ; Sat, 16 Jun 2018 14:04:27 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Date:Sender:Content-Type: Subject:List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:Cc: From:List-Post:List-Id:Message-ID:MIME-Version:References:In-Reply-To:To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=vE/ZZ5WFScylFcJvBZCGlxtDhy1s+2ki3MpUdx2uG6Y=; b=oQTq9Oq5YPugbHuA01ic6fxP/ EPOCxoT+BL3jrBXwyJFPFDYOFDa0IURVy46E8xhVJqGZCSUGppKS6xA3oJ0brZQYQYhZfT/uXxAWm pzDUDru+Fm1GWW7ZcfYxgqJu5H9wWmv9vCvob5McGPc1WsoXrU/TexrwB8FqUdr8ZaamvRljjsii2 ShlL0fIBcyuEp60pkNM+r4j9AlzUVFSJ65XXDRJe9EOq//FMtoTphHdAauhZDa/HpkdNrwsv9AF+i I3Xxb/0uzUYtwyjCHBB4li2E9KfR2DNfuLFlP1wnNkk0e9020glbSv+P+m2B8LHqfcxxsnm0dBVkm OVHSRqCFA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fU2Rg-0003XD-Ei; Sat, 16 Jun 2018 04:04:12 +0000 To: openwrt-devel@lists.openwrt.org In-Reply-To: <20180616040343.24722-1-cote2004-github@yahoo.com> References: <20180616040343.24722-1-cote2004-github@yahoo.com> In-Reply-To: <20180531124520.31010-1-cote2004-github@yahoo.com> References: <20180531124520.31010-1-cote2004-github@yahoo.com> MIME-Version: 1.0 Message-ID: List-Id: List-Post: X-Patchwork-Original-From: Eneas U de Queiroz via openwrt-devel From: Thomas Richard via openwrt-devel Precedence: list Cc: Eneas U de Queiroz X-Mailman-Version: 2.1.21 X-BeenThere: openwrt-devel@lists.openwrt.org List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Eneas U de Queiroz List-Help: Subject: [OpenWrt-Devel] [PATCH v3 2/3] ustream-ssl: Revised security on openssl/wolfssl Sender: "openwrt-devel" Date: Sat, 16 Jun 2018 04:04:12 +0000 Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. I've revised the security options, and made them more uniform across the ssl libraries. - disabled TLS compression, because of CRIME attack - enabled server-side ordering of cipher suites - use only TLS 1.2 in server mode for wolfssl - changed the ciphersuite ordering Signed-off-by: Eneas U de Queiroz --- ustream-openssl.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/ustream-openssl.c b/ustream-openssl.c index c6839ea..ffb0f3d 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -22,6 +22,53 @@ #include "ustream-ssl.h" #include "ustream-internal.h" + +/* Ciphersuite preference: + * - key exchange: prefer ECDHE, then DHE(client only), then RSA + * - prefer AEAD ciphers: + * chacha20-poly1305, the fastest in software, 256-bits + * aes128-gcm, 128-bits + * aes256-gcm, 256-bits + * - CBC ciphers + * aes128, aes256, 3DES(client only) + */ + +#define ecdhe_ciphers \ + "ECDHE-ECDSA-CHACHA20-POLY1305:" \ + "ECDHE-ECDSA-AES128-GCM-SHA256:" \ + "ECDHE-ECDSA-AES256-GCM-SHA384:" \ + "ECDHE-ECDSA-AES128-SHA:" \ + "ECDHE-ECDSA-AES256-SHA:" \ + "ECDHE-RSA-CHACHA20-POLY1305:" \ + "ECDHE-RSA-AES128-GCM-SHA256:" \ + "ECDHE-RSA-AES256-GCM-SHA384:" \ + "ECDHE-RSA-AES128-SHA:" \ + "ECDHE-RSA-AES256-SHA" + +#define dhe_ciphers \ + "DHE-RSA-CHACHA20-POLY1305:" \ + "DHE-RSA-AES128-GCM-SHA256:" \ + "DHE-RSA-AES256-GCM-SHA384:" \ + "DHE-RSA-AES128-SHA:" \ + "DHE-RSA-AES256-SHA:" \ + "DHE-DES-CBC3-SHA" + +#define non_pfs_aes \ + "AES128-GCM-SHA256:" \ + "AES256-GCM-SHA384:" \ + "AES128-SHA:" \ + "AES256-SHA" + +#define server_cipher_list \ + ecdhe_ciphers ":" \ + non_pfs_aes + +#define client_cipher_list \ + ecdhe_ciphers ":" \ + dhe_ciphers ":" \ + non_pfs_aes ":" \ + "DES-CBC3-SHA" + __hidden struct ustream_ssl_ctx * __ustream_ssl_context_new(bool server) { @@ -36,7 +83,7 @@ __ustream_ssl_context_new(bool server) SSL_library_init(); _init = true; } -# define TLS_server_method SSLv23_server_method +# define TLS_server_method TLSv1_2_server_method # define TLS_client_method SSLv23_client_method #endif @@ -50,17 +97,18 @@ __ustream_ssl_context_new(bool server) return NULL; SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */ + SSL_CTX_set_options(c, SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_ECDH_USE | + SSL_OP_CIPHER_SERVER_PREFERENCE); #if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(c, 1); #endif if (server) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); -#else - SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); #endif - SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); + SSL_CTX_set_cipher_list(c, server_cipher_list); + } else { + SSL_CTX_set_cipher_list(c, client_cipher_list); } SSL_CTX_set_quiet_shutdown(c, 1);