10:06 a.m.
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
1:06 p.m.
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2:33 p.m.
Howard Chu wrote:
Dieter Klünter wrote:
> Hi,
> I wonder whether openldap, if compiled with openssl-1.x, will support
> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
> This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
Ciao, Michael.
4:07 p.m.
--On Friday, September 06, 2013 11:33 PM +0200 Michael Ströder
<michael(a)stroeder.com> wrote:
Howard Chu wrote:
> Dieter Klünter wrote:
>> Hi,
>> I wonder whether openldap, if compiled with openssl-1.x, will support
>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>> This issue has been discussed on several mailinglists recently.
>
> It already does, but you have to use the right cipher suites.
>
> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
The latter is correct. Can you file a doc bug?
--Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
4:32 p.m.
Quanah Gibson-Mount wrote:
--On Friday, September 06, 2013 11:33 PM +0200 Michael Ströder
<michael(a)stroeder.com> wrote:
> Howard Chu wrote:
>> Dieter Klünter wrote:
>>> Hi,
>>> I wonder whether openldap, if compiled with openssl-1.x, will support
>>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>>> This issue has been discussed on several mailinglists recently.
>>
>> It already does, but you have to use the right cipher suites.
>>
>> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
>
> http://www.openldap.org/doc/admin24/tls.html mentions directive
> 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
The latter is correct. Can you file a doc bug?
http://www.openldap.org/its/index.cgi?findid=7684
Ciao, Michael.
6:25 p.m.
Michael Ströder wrote:
http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
This was noted in ITS#7506. Apparently no one considered it an important
enough issue to fix it in the meantime.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3:55 a.m.
Howard Chu wrote:
Michael Ströder wrote:
> http://www.openldap.org/doc/admin24/tls.html mentions directive
> 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
This was noted in ITS#7506. Apparently no one considered it an important
enough issue to fix it in the meantime.
Thanks for the pointer. Well, being spoiled by the way it's implemented in
Apache I didn't care about 'TLSDHParamFile'.
Hmm, I wanted to add a note about this to FAQ-O-MATIC.
But the relevant FAQ entry is really a mess:
http://www.openldap.org/faq/data/cache/185.html
Ciao, Michael.
11:54 p.m.
New subject: Antw: Re: Perfect Forward Secrecy
>> Michael Ströder<michael(a)stroeder.com> schrieb am
06.09.2013 um 23:33 in
Nachricht <522A4A3A.9060401(a)stroeder.com>:
Howard Chu wrote:
> Dieter Klünter wrote:
>> Hi,
>> I wonder whether openldap, if compiled with openssl-1.x, will support
>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>> This issue has been discussed on several mailinglists recently.
>
> It already does, but you have to use the right cipher suites.
>
> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
Please let me note that 'TLSDHParamFile' is just a terrible identifier. How
large is the fine for using underscores like in 'TLS_DH_ParamFile'? ;-)
Ciao, Michael.
4:39 a.m.
New subject: Antw: Re: Perfect Forward Secrecy
Ulrich Windl wrote:
>>> Michael Ströder<michael(a)stroeder.com> schrieb am
06.09.2013 um 23:33 in
Nachricht <522A4A3A.9060401(a)stroeder.com>:
> Howard Chu wrote:
>> Dieter Klünter wrote:
>>> Hi,
>>> I wonder whether openldap, if compiled with openssl-1.x, will support
>>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>>> This issue has been discussed on several mailinglists recently.
>>
>> It already does, but you have to use the right cipher suites.
>>
>> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
>
> http://www.openldap.org/doc/admin24/tls.html mentions directive
> 'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions
'TLSDHParamFile'.
Please let me note that 'TLSDHParamFile' is just a terrible identifier. How
large is the fine for using underscores like in 'TLS_DH_ParamFile'? ;-)
You're about 8 years late to be making that suggestion.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2:45 p.m.
Howard Chu wrote:
Dieter Klünter wrote:
> Hi,
> I wonder whether openldap, if compiled with openssl-1.x, will support
> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
> This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
Please correct if I'm wrong. But this ITS seems to be about using the cipher
suites based on elliptic curves with EC server key/cert.
But what about just the DHE-RSA cipher suites like DHE-RSA-AES256-SHA for
TLSv1 with RSA-based server key/cert?
Why does Apache support this out-of-the-box and OpenLDAP 2.4.36 does not?
Do I have to configure something else?
Ciao, Michael.
6:43 p.m.
Michael Ströder wrote:
Howard Chu wrote:
> Dieter Klünter wrote:
>> Hi,
>> I wonder whether openldap, if compiled with openssl-1.x, will support
>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>> This issue has been discussed on several mailinglists recently.
>
> It already does, but you have to use the right cipher suites.
>
> Also see ITS #7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
Please correct if I'm wrong. But this ITS seems to be about using the cipher
suites based on elliptic curves with EC server key/cert.
But what about just the DHE-RSA cipher suites like DHE-RSA-AES256-SHA for
TLSv1 with RSA-based server key/cert?
Why does Apache support this out-of-the-box and OpenLDAP 2.4.36 does not?
Do I have to configure something else?
You have to configure TLSDHParamFile. This appears to be an oversight, while
we have some default DH parameters hardcoded in libldap, none of them actually
get used unless you've set the TLSDHParamFile directive. Also related to ITS#7506.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1:40 p.m.
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will
support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local system (with OpenSSL 1.0.1e shipped with distribution) using
sslscan with no cipher configuration directives in the server configurations
(only listing the "Accepted").
OpenLDAP RE24 build:
Supported Server Cipher(s):
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits SEED-SHA
Accepted TLSv1 128 bits CAMELLIA128-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 168 bits DES-CBC3-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits SEED-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Accepted TLSv1.1 128 bits RC4-SHA
Accepted TLSv1.1 128 bits RC4-MD5
Accepted TLSv1.1 56 bits DES-CBC-SHA
Accepted TLSv1.1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1.1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1.1 40 bits EXP-RC4-MD5
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 168 bits DES-CBC3-SHA
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits SEED-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Accepted TLSv1.2 128 bits RC4-SHA
Accepted TLSv1.2 128 bits RC4-MD5
Accepted TLSv1.2 56 bits DES-CBC-SHA
Accepted TLSv1.2 40 bits EXP-DES-CBC-SHA
Accepted TLSv1.2 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1.2 40 bits EXP-RC4-MD5
Apache web server:
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits DHE-RSA-SEED-SHA
Accepted TLSv1 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits SEED-SHA
Accepted TLSv1 128 bits CAMELLIA128-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1.1 168 bits DES-CBC3-SHA
Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA
Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 128 bits SEED-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Accepted TLSv1.1 128 bits RC4-SHA
Accepted TLSv1.1 128 bits RC4-MD5
Accepted TLSv1.1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1.1 56 bits DES-CBC-SHA
Accepted TLSv1.1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1.1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1.1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1.1 40 bits EXP-RC4-MD5
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1.2 168 bits DES-CBC3-SHA
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA
Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 128 bits SEED-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Accepted TLSv1.2 128 bits RC4-SHA
Accepted TLSv1.2 128 bits RC4-MD5
Accepted TLSv1.2 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1.2 56 bits DES-CBC-SHA
Accepted TLSv1.2 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1.2 40 bits EXP-DES-CBC-SHA
Accepted TLSv1.2 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1.2 40 bits EXP-RC4-MD5
Any reason why the *DHE* ciphers seems not to be supported during OpenLDAP
scan which they are with Apache on the very same system?
Ciao, Michael.
3:13 p.m.
On Fri, 6 Sep 2013, Michael Ströder wrote:
Dieter Klünter wrote:
> I wonder whether openldap, if compiled with openssl-1.x, will support
> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
> This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local system (with OpenSSL 1.0.1e shipped with distribution) using
sslscan with no cipher configuration directives in the server configurations
(only listing the "Accepted").
...
Any reason why the *DHE* ciphers seems not to be supported during
OpenLDAP
scan which they are with Apache on the very same system?
Because you have to set the TLSDHParamFile / olcTLSDHParamFile config
option.
If that file doesn't contain DH parameters for the requested key length,
then slapd/libldap will use compiled in parameters for 512/1024/2048/4096
lengths or generate parameters on the fly, so you can just use /dev/null
as the 'file' for the option.
Once you add that, slapd will negotiate DHE cipher suites.
Philip Guenther
3:20 p.m.
Philip Guenther wrote:
On Fri, 6 Sep 2013, Michael Ströder wrote:
> Dieter Klünter wrote:
>> I wonder whether openldap, if compiled with openssl-1.x, will support
>> PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
>> This issue has been discussed on several mailinglists recently.
>
> Hmm...
>
> Tests on my local system (with OpenSSL 1.0.1e shipped with distribution) using
> sslscan with no cipher configuration directives in the server configurations
> (only listing the "Accepted").
...
> Any reason why the *DHE* ciphers seems not to be supported during OpenLDAP
> scan which they are with Apache on the very same system?
Because you have to set the TLSDHParamFile / olcTLSDHParamFile config
option.
If that file doesn't contain DH parameters for the requested key length,
then slapd/libldap will use compiled in parameters for 512/1024/2048/4096
lengths or generate parameters on the fly, so you can just use /dev/null
as the 'file' for the option.
Once you add that, slapd will negotiate DHE cipher suites.
Oh yeah, TLSDHParamFile /dev/null did the trick. Thanks.
And also invoking
openssl dhparam -out /etc/openldap/ssl.key/dhparam 2048
and setting
TLSDHParamFile /etc/openldap/ssl.key/dhparam
Ciao, Michael.
3739
days inactive
3742
days old
openldap-technical@openldap.org
13 comments
6 participants
participants (6)
-
Dieter Klünter -
Howard Chu -
Michael Ströder -
Philip Guenther -
Quanah Gibson-Mount -
Ulrich Windl