[From nobody Thu Jun 25 05:54:42 2020 Received: from sonic303-20.consmr.mail.ne1.yahoo.com ([66.163.188.146]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fU2Rd-0003VA-41 for openwrt-devel@lists.openwrt.org; Sat, 16 Jun 2018 04:04:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1529121835; bh=/tU0zKTgYbrtwTMQA/3TeXSTXVsZv9qsY3EuLDLcMJU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:In-Reply-To:References:From:Subject; b=dx0+HrUD7IkixJW3P8hQFy3e/4+0Ro3g/CpxSBerltKJcDV6drcM0hiK2VU3EVKW+8cTQXMi5kDQbkDSo+m0UKjxka1ayYXAoWMfQOe/cjJgNCzaicFq2QuQ3f7+TMfBf+338VzPsVYA9mMiaXSuAdQARzmY6QJO9cxI8tAClMvKkH3JAzswPc34ZeNF2OHgGraHTqQN4xpz7JRzPPaRFYPEtsI5wgaQpbJ6zcbiytuaQ3MlaqSzb4DpN695GrkyPBPxXxBxw2/kC2FnxvzwK3yVaxKO6R2yoSi+ZcgHF2dONXpFzsOs/KmFfSmacQ1252JQUX1uzAmgfL+m/2leGA== X-YMail-OSG: SwsdwfwVM1lilQWgXDRb5NyZmc.8bzvwerUVhLmEPRr5fYpyNIrTTkZJQQUQ3U. vU9CowoN9u3vtCKvAhskcaCeohDrXE8SVcS7jv2WVmllajHP8o.0lDgulJuxuGt.o.i01uvHEymh .2j6aXEmDaNk_X.FjNkbX1WAfPHnmFyBkuIuS25HfPQPILj7JRZ8xTPmZnd5upfdX0OPKjTG3nYK 0kQQItnCZmSipgNPHPz8kbYGEDOwOh.Jx5AzlAYiEmtIhsJCB4CpVSmh_kqfN0UvrluS4Aistra3 fP6vE.n3avhxuDQ4yK7bhStPyKZ9pvXn6AGzO2ZLjFqWNDZPzsgaFFfJR_rWoNQ9hbf4RhjOiePn 96duLuTmuKx67nEpE1IqAhrDpiHqStdxFiMDhwYNI_2idhrxHasdRDuWp9P.zrmPDr5VKc6jpAZS tSz1HaM.4uCUd5FJZn3Vch1lcNoFFpApcq07jcQKLARJjLDcT4v0TAGYAPsvgrS_vrX.y7dIWdx6 YJe4ge0Z4DVtuZYLFicu7Y9IqwykuYmMJ0jhMEgkQCudmeCF87m5bYtChq0JLUscLYI7C06jKaqB gXzgoQGOUe_Euxg5lalIkRWL1rAUFERnLumFtYBMiq8b7gAJJMUUYBlwrWctKiWtD7bCU80pBGdD q9TxpP6ssX3L7RfyBqULQtzz4nFaq4fGlUTeLycirYLGMuMkIphnAhImh9jb3nHf1Gc44tMOF3ya TholawpBlYAaBhuI9p9H1w7bqU3dOiX6ze8_xmaDzgWb33iG1no8jBMtNscjqSe_CXLKktf3BCmV NU2KrLXIM5.EgDnJ5DY7qiAtyZkCZU1AxzSA_dsA3AAHZY9NXDGywXhD1d8a33E1HHh1BMTrp2it AmhgyCMHxZL.CgN0FkZBauCUZJ3Khmpk_NoxrVGG8p7NyH2r7bXbCwNnIL6_gDUN8MMeR3sfyfLi gX5Io17HOc6HJOO07vFT6aVj1LiI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Jun 2018 04:03:55 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID cbea9a4f35f8bc13a14a401ee42217cf; Sat, 16 Jun 2018 04:03:53 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH v3 2/3] ustream-ssl: Revised security on openssl/wolfssl Date: Sat, 16 Jun 2018 01:03:42 -0300 Message-Id: <20180616040343.24722-3-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20180616040343.24722-1-cote2004-github@yahoo.com> References: <20180616040343.24722-1-cote2004-github@yahoo.com> In-Reply-To: <20180531124520.31010-1-cote2004-github@yahoo.com> References: <20180531124520.31010-1-cote2004-github@yahoo.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180615_210409_206795_629E0956 X-CRM114-Status: UNSURE ( 7.20 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 1.3 (+) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (1.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [66.163.188.146 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list I've revised the security options, and made them more uniform across the ssl libraries. - disabled TLS compression, because of CRIME attack - enabled server-side ordering of cipher suites - use only TLS 1.2 in server mode for wolfssl - changed the ciphersuite ordering Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- ustream-openssl.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/ustream-openssl.c b/ustream-openssl.c index c6839ea..ffb0f3d 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -22,6 +22,53 @@ #include "ustream-ssl.h" #include "ustream-internal.h" + +/* Ciphersuite preference: + * - key exchange: prefer ECDHE, then DHE(client only), then RSA + * - prefer AEAD ciphers: + * chacha20-poly1305, the fastest in software, 256-bits + * aes128-gcm, 128-bits + * aes256-gcm, 256-bits + * - CBC ciphers + * aes128, aes256, 3DES(client only) + */ + +#define ecdhe_ciphers \ + "ECDHE-ECDSA-CHACHA20-POLY1305:" \ + "ECDHE-ECDSA-AES128-GCM-SHA256:" \ + "ECDHE-ECDSA-AES256-GCM-SHA384:" \ + "ECDHE-ECDSA-AES128-SHA:" \ + "ECDHE-ECDSA-AES256-SHA:" \ + "ECDHE-RSA-CHACHA20-POLY1305:" \ + "ECDHE-RSA-AES128-GCM-SHA256:" \ + "ECDHE-RSA-AES256-GCM-SHA384:" \ + "ECDHE-RSA-AES128-SHA:" \ + "ECDHE-RSA-AES256-SHA" + +#define dhe_ciphers \ + "DHE-RSA-CHACHA20-POLY1305:" \ + "DHE-RSA-AES128-GCM-SHA256:" \ + "DHE-RSA-AES256-GCM-SHA384:" \ + "DHE-RSA-AES128-SHA:" \ + "DHE-RSA-AES256-SHA:" \ + "DHE-DES-CBC3-SHA" + +#define non_pfs_aes \ + "AES128-GCM-SHA256:" \ + "AES256-GCM-SHA384:" \ + "AES128-SHA:" \ + "AES256-SHA" + +#define server_cipher_list \ + ecdhe_ciphers ":" \ + non_pfs_aes + +#define client_cipher_list \ + ecdhe_ciphers ":" \ + dhe_ciphers ":" \ + non_pfs_aes ":" \ + "DES-CBC3-SHA" + __hidden struct ustream_ssl_ctx * __ustream_ssl_context_new(bool server) { @@ -36,7 +83,7 @@ __ustream_ssl_context_new(bool server) SSL_library_init(); _init = true; } -# define TLS_server_method SSLv23_server_method +# define TLS_server_method TLSv1_2_server_method # define TLS_client_method SSLv23_client_method #endif @@ -50,17 +97,18 @@ __ustream_ssl_context_new(bool server) return NULL; SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */ + SSL_CTX_set_options(c, SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_ECDH_USE | + SSL_OP_CIPHER_SERVER_PREFERENCE); #if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(c, 1); #endif if (server) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); -#else - SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); #endif - SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); + SSL_CTX_set_cipher_list(c, server_cipher_list); + } else { + SSL_CTX_set_cipher_list(c, client_cipher_list); } SSL_CTX_set_quiet_shutdown(c, 1); -- 2.16.4 ]