Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
-Dieter
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
Ciao, Michael.
--On Friday, September 06, 2013 11:33 PM +0200 Michael Ströder michael@stroeder.com wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
The latter is correct. Can you file a doc bug?
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Friday, September 06, 2013 11:33 PM +0200 Michael Ströder michael@stroeder.com wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
The latter is correct. Can you file a doc bug?
http://www.openldap.org/its/index.cgi?findid=7684
Ciao, Michael.
Michael Ströder wrote:
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
This was noted in ITS#7506. Apparently no one considered it an important enough issue to fix it in the meantime.
Howard Chu wrote:
Michael Ströder wrote:
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
This was noted in ITS#7506. Apparently no one considered it an important enough issue to fix it in the meantime.
Thanks for the pointer. Well, being spoiled by the way it's implemented in Apache I didn't care about 'TLSDHParamFile'.
Hmm, I wanted to add a note about this to FAQ-O-MATIC.
But the relevant FAQ entry is really a mess:
http://www.openldap.org/faq/data/cache/185.html
Ciao, Michael.
Michael Strödermichael@stroeder.com schrieb am 06.09.2013 um 23:33 in
Nachricht 522A4A3A.9060401@stroeder.com:
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
Please let me note that 'TLSDHParamFile' is just a terrible identifier. How large is the fine for using underscores like in 'TLS_DH_ParamFile'? ;-)
Ciao, Michael.
Ulrich Windl wrote:
Michael Strödermichael@stroeder.com schrieb am 06.09.2013 um 23:33 in
Nachricht 522A4A3A.9060401@stroeder.com:
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
Please let me note that 'TLSDHParamFile' is just a terrible identifier. How large is the fine for using underscores like in 'TLS_DH_ParamFile'? ;-)
You're about 8 years late to be making that suggestion.
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
Please correct if I'm wrong. But this ITS seems to be about using the cipher suites based on elliptic curves with EC server key/cert.
But what about just the DHE-RSA cipher suites like DHE-RSA-AES256-SHA for TLSv1 with RSA-based server key/cert?
Why does Apache support this out-of-the-box and OpenLDAP 2.4.36 does not? Do I have to configure something else?
Ciao, Michael.
Michael Ströder wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi, I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
Please correct if I'm wrong. But this ITS seems to be about using the cipher suites based on elliptic curves with EC server key/cert.
But what about just the DHE-RSA cipher suites like DHE-RSA-AES256-SHA for TLSv1 with RSA-based server key/cert?
Why does Apache support this out-of-the-box and OpenLDAP 2.4.36 does not? Do I have to configure something else?
You have to configure TLSDHParamFile. This appears to be an oversight, while we have some default DH parameters hardcoded in libldap, none of them actually get used unless you've set the TLSDHParamFile directive. Also related to ITS#7506.
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local system (with OpenSSL 1.0.1e shipped with distribution) using sslscan with no cipher configuration directives in the server configurations (only listing the "Accepted").
OpenLDAP RE24 build:
Supported Server Cipher(s): Accepted TLSv1 256 bits AES256-SHA Accepted TLSv1 256 bits CAMELLIA256-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Accepted TLSv1 128 bits AES128-SHA Accepted TLSv1 128 bits SEED-SHA Accepted TLSv1 128 bits CAMELLIA128-SHA Accepted TLSv1 128 bits RC4-SHA Accepted TLSv1 128 bits RC4-MD5 Accepted TLSv1 56 bits DES-CBC-SHA Accepted TLSv1 40 bits EXP-DES-CBC-SHA Accepted TLSv1 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1 40 bits EXP-RC4-MD5 Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 168 bits DES-CBC3-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits SEED-SHA Accepted TLSv1.1 128 bits CAMELLIA128-SHA Accepted TLSv1.1 128 bits RC4-SHA Accepted TLSv1.1 128 bits RC4-MD5 Accepted TLSv1.1 56 bits DES-CBC-SHA Accepted TLSv1.1 40 bits EXP-DES-CBC-SHA Accepted TLSv1.1 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1.1 40 bits EXP-RC4-MD5 Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 168 bits DES-CBC3-SHA Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits SEED-SHA Accepted TLSv1.2 128 bits CAMELLIA128-SHA Accepted TLSv1.2 128 bits RC4-SHA Accepted TLSv1.2 128 bits RC4-MD5 Accepted TLSv1.2 56 bits DES-CBC-SHA Accepted TLSv1.2 40 bits EXP-DES-CBC-SHA Accepted TLSv1.2 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1.2 40 bits EXP-RC4-MD5
Apache web server:
Supported Server Cipher(s): Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1 256 bits AES256-SHA Accepted TLSv1 256 bits CAMELLIA256-SHA Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1 128 bits DHE-RSA-SEED-SHA Accepted TLSv1 128 bits DHE-RSA-CAMELLIA128-SHA Accepted TLSv1 128 bits AES128-SHA Accepted TLSv1 128 bits SEED-SHA Accepted TLSv1 128 bits CAMELLIA128-SHA Accepted TLSv1 128 bits RC4-SHA Accepted TLSv1 128 bits RC4-MD5 Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA Accepted TLSv1 56 bits DES-CBC-SHA Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA Accepted TLSv1 40 bits EXP-DES-CBC-SHA Accepted TLSv1 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1 40 bits EXP-RC4-MD5 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1.1 168 bits DES-CBC3-SHA Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits SEED-SHA Accepted TLSv1.1 128 bits CAMELLIA128-SHA Accepted TLSv1.1 128 bits RC4-SHA Accepted TLSv1.1 128 bits RC4-MD5 Accepted TLSv1.1 56 bits EDH-RSA-DES-CBC-SHA Accepted TLSv1.1 56 bits DES-CBC-SHA Accepted TLSv1.1 40 bits EXP-EDH-RSA-DES-CBC-SHA Accepted TLSv1.1 40 bits EXP-DES-CBC-SHA Accepted TLSv1.1 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1.1 40 bits EXP-RC4-MD5 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1.2 168 bits DES-CBC3-SHA Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits SEED-SHA Accepted TLSv1.2 128 bits CAMELLIA128-SHA Accepted TLSv1.2 128 bits RC4-SHA Accepted TLSv1.2 128 bits RC4-MD5 Accepted TLSv1.2 56 bits EDH-RSA-DES-CBC-SHA Accepted TLSv1.2 56 bits DES-CBC-SHA Accepted TLSv1.2 40 bits EXP-EDH-RSA-DES-CBC-SHA Accepted TLSv1.2 40 bits EXP-DES-CBC-SHA Accepted TLSv1.2 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1.2 40 bits EXP-RC4-MD5
Any reason why the *DHE* ciphers seems not to be supported during OpenLDAP scan which they are with Apache on the very same system?
Ciao, Michael.
On Fri, 6 Sep 2013, Michael Ströder wrote:
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local system (with OpenSSL 1.0.1e shipped with distribution) using sslscan with no cipher configuration directives in the server configurations (only listing the "Accepted").
...
Any reason why the *DHE* ciphers seems not to be supported during OpenLDAP scan which they are with Apache on the very same system?
Because you have to set the TLSDHParamFile / olcTLSDHParamFile config option.
If that file doesn't contain DH parameters for the requested key length, then slapd/libldap will use compiled in parameters for 512/1024/2048/4096 lengths or generate parameters on the fly, so you can just use /dev/null as the 'file' for the option.
Once you add that, slapd will negotiate DHE cipher suites.
Philip Guenther
Philip Guenther wrote:
On Fri, 6 Sep 2013, Michael Ströder wrote:
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local system (with OpenSSL 1.0.1e shipped with distribution) using sslscan with no cipher configuration directives in the server configurations (only listing the "Accepted").
...
Any reason why the *DHE* ciphers seems not to be supported during OpenLDAP scan which they are with Apache on the very same system?
Because you have to set the TLSDHParamFile / olcTLSDHParamFile config option.
If that file doesn't contain DH parameters for the requested key length, then slapd/libldap will use compiled in parameters for 512/1024/2048/4096 lengths or generate parameters on the fly, so you can just use /dev/null as the 'file' for the option.
Once you add that, slapd will negotiate DHE cipher suites.
Oh yeah, TLSDHParamFile /dev/null did the trick. Thanks.
And also invoking
openssl dhparam -out /etc/openldap/ssl.key/dhparam 2048
and setting
TLSDHParamFile /etc/openldap/ssl.key/dhparam
Ciao, Michael.
openldap-technical@openldap.org
-
Dieter Klünter -
Howard Chu -
Michael Ströder -
Philip Guenther -
Quanah Gibson-Mount -
Ulrich Windl