I am trying to limit the cipher list for TLS negotiations, but I don't seem to be able to do this.....
... output from -d -1.... 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) ) TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! aNULL:!NULL:+SHA:+MD5. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. </-d -1 snip>
Here is all of my TLS data from my slapd.conf # SSL TLSCertificateFile /etc/ldap/certificate.pem TLSCertificateKeyFile /etc/ldap/private.key TLSCipherSuite !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA: +MD5 </slapd.conf snip>
OpenLDAP 2.4.7-5 on Debian x86 installed from apt
What did I do wrong? I would swear the cipher list is good, but.... Pat
On Mon, 24 Mar 2008, Pat Riehecky wrote:
I am trying to limit the cipher list for TLS negotiations, but I don't seem to be able to do this.....
...
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! aNULL:!NULL:+SHA:+MD5. main: TLS init def ctx failed: -1
You can test your cipher list expression by passing it to the "openssl ciphers" command:
$ openssl ciphers -v !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA:+MD5 Error in cipher list 16507:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:/usr/src/lib/libssl/src/ssl/ssl_lib.c:1144: $
So your cipher list disables all the ciphers. The error is in the first term: If `!' is used, then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are ex- plicitly stated.
So, your "!ALL" completely removes the "ALL" ciphers from the list and nothing can reinsert them after that.
Offhand, it's not clear what you're trying to accomplish with that cipher list expression, so it's not clear what the right 'fix' is.
Philip Guenther
Thanks for the reply,
I am trying to disable all the ciphers and then only enable the ciphers captured by the HIGH, SSLv3, TLSv1, MEDIUM, and SSLv2 list (these are maintained by the openssl guys i think... http://www.openssl.org/docs/apps/ciphers.html ). Explicitly turning off the NULL ciphers. Whenever possible I want to try and use SHA digests instead of MD5 since MD5 is no longer the approved digest, but those are preferred above non-digested ciphers (which are not present in SSLv2 and later, but...).
After poking about the net a bit more (thanks to the Ah Ha of the ! that you listed below) I have revised this to HIGH:+SSLv3:+TLSv1:MEDIUM: +SSLv2:!aNULL:!NULL:@STRENGTH:+SHA:+MD5
Which yields # openssl ciphers -v 'HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! aNULL:!NULL:@STRENGTH:+SHA:+MD5' DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
This tells me that now I am actually selecting a valid cipher list, but the start-up problem remains.
TLS: could not set cipher list HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:! NULL:@STRENGTH:+SHA:+MD5. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped.
OpenLDAP 2.4.7-5 on Debian x86 installed from apt Pat
On Mon, 2008-03-24 at 12:44 -0600, Philip Guenther wrote:
On Mon, 24 Mar 2008, Pat Riehecky wrote:
I am trying to limit the cipher list for TLS negotiations, but I don't seem to be able to do this.....
...
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! aNULL:!NULL:+SHA:+MD5. main: TLS init def ctx failed: -1
You can test your cipher list expression by passing it to the "openssl ciphers" command:
$ openssl ciphers -v !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:!NULL:+SHA:+MD5 Error in cipher list 16507:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:/usr/src/lib/libssl/src/ssl/ssl_lib.c:1144: $
So your cipher list disables all the ciphers. The error is in the first term: If `!' is used, then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are ex- plicitly stated.
So, your "!ALL" completely removes the "ALL" ciphers from the list and nothing can reinsert them after that.
Offhand, it's not clear what you're trying to accomplish with that cipher list expression, so it's not clear what the right 'fix' is.
Philip Guenther
On Mon, 24 Mar 2008, Pat Riehecky wrote:
I am trying to disable all the ciphers and then only enable the ciphers captured by the HIGH, SSLv3, TLSv1, MEDIUM, and SSLv2 list
Umm, a cipher's inclusion in a HIGH/MEDIUM/EXPORT/LOW list is orthogonal to its inclusion in a TLSv1/SSLv3/SSLv2 list. For example, if you said "all HIGH ciphers and all SSLv3 ciphers", then you would get some MEDIUM strength ciphers (that are for SSLv3) and some SSLv2 ciphers (that are HIGH strength).
Furthermore, saying "all of SSLv3, TLSv1, and SSLv2" is the same as saying you want all ciphers, as every cipher is in one of those lists!
Explicitly turning off the NULL ciphers. Whenever possible I want to try and use SHA digests instead of MD5 since MD5 is no longer the approved digest, but those are preferred above non-digested ciphers (which are not present in SSLv2 and later, but...).
After poking about the net a bit more (thanks to the Ah Ha of the ! that you listed below) I have revised this to HIGH:+SSLv3:+TLSv1:MEDIUM: +SSLv2:!aNULL:!NULL:@STRENGTH:+SHA:+MD5
I would suggest removing the ":+SSLv3:+TLSv1" and ":+SSLv2", as they have no effect for your list.
You're concerned about MD5 and yet you permit SSLv2?!? I think your risk assessment is a bit...odd.
If a cipher w/o a digest actually existed, you cipher list expression would actually prefer it over ciphers w/digest, as ":+SHA:+MD5" shuffles ciphers with SHA and MD5 to the end of the list. I think it's a pointless concern, because no one is stupid enough to specify a cipher w/o digest unless it's secure that way. Indeed, the TLS version 1.2 internet-draft say the following when describing the signature_hash_algorithms extension: hash This field indicates the hash algorithm which may be used. The values indicate support for undigested data, MD5 [MD5], SHA-1, SHA-256, SHA-384, and SHA-512 [SHA] respectively. The "none" value is provided for future extensibility, in case of a signature algorithm which does not require hashing before signing.
I.e., while none exist, they can imagine it.
I would just use ":+MD5" to shuffle those to the end of the list and stop there.
...
This tells me that now I am actually selecting a valid cipher list, but the start-up problem remains.
TLS: could not set cipher list HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:!aNULL:! NULL:@STRENGTH:+SHA:+MD5. main: TLS init def ctx failed: -1 slapd destroy: freeing system resources. slapd stopped.
OpenLDAP 2.4.7-5 on Debian x86 installed from apt
If that uses GnuTLS like Quanah, then you'll have to figure out how ciphers are expresses there and adjust your expression to fit. Good luck!
Philip Guenther
--On Monday, March 24, 2008 2:23 PM -0500 Pat Riehecky prieheck@iwu.edu wrote:
Thanks for the reply, Which yields # openssl ciphers -v 'HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! This tells me that now I am actually selecting a valid cipher list, but the start-up problem remains.
None of this will work as long as you continue to ignore my point about GnuTLS for the package you are running.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Monday, March 24, 2008 12:44 PM -0600 Philip Guenther guenther+ldapsoft@sendmail.com wrote:
On Mon, 24 Mar 2008, Pat Riehecky wrote:
I am trying to limit the cipher list for TLS negotiations, but I don't seem to be able to do this.....
...
TLS: could not set cipher list !ALL:HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:! aNULL:!NULL:+SHA:+MD5. main: TLS init def ctx failed: -1
You can test your cipher list expression by passing it to the "openssl ciphers" command:
$ openssl ciphers -v
I'd note that Debian links against GnuTLS, not OpenSSL, and some of the cipher names are different.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount quanah@zimbra.com writes:
Philip Guenther guenther+ldapsoft@sendmail.com wrote:
You can test your cipher list expression by passing it to the "openssl ciphers" command:
$ openssl ciphers -v
I'd note that Debian links against GnuTLS, not OpenSSL, and some of the cipher names are different.
The equivalent command for gnutls is gnutls-cli -l, and yes, the cipher name parsing is completely different.
openldap-software@openldap.org
-
Pat Riehecky -
Philip Guenther -
Quanah Gibson-Mount -
Russ Allbery