Appropriate use of SSL_CTX_set_cipher_list()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Appropriate use of SSL_CTX_set_cipher_list()

Ryan Beethe
I am writing a cross-platform C application, which I would like to
release for a variety of operating systems (Windows 7+, MacOS
HighSierra, Debian 8+, Ubuntu 14.04+, Fedora 27+, Centos 7+, ArchLinux,
at least for now).

Up to now, I have had a line of code which prepares an SSL_CTX object
like something like this:

    SSL_CTX_set_cipher_list(ctx->ctx, CIPHERS);

where `CIPHERS` was set to "HIGH:MED:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4".

However, I realized that Fedora's packaging standards [1] require me to
elminate this line or use the special value "PROFILE=SYSTEM" for
CIPHERS.

So that makes me nervous about whether or not I am using
SSL_CTX_set_cipher_list() wrong.  Should I be calling it at all?  And if
so, where would I find the "right" setting for other operating systems,
since "PROFILE=SYSTEM" appears to be Fedora-specific?

Ryan

[1] https://fedoraproject.org/wiki/Packaging:CryptoPolicies
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Appropriate use of SSL_CTX_set_cipher_list()

Daurnimator
On 18 July 2018 at 08:36, Ryan Beethe <[hidden email]> wrote:
> So that makes me nervous about whether or not I am using
> SSL_CTX_set_cipher_list() wrong.  Should I be calling it at all?  And if
> so, where would I find the "right" setting for other operating systems,
> since "PROFILE=SYSTEM" appears to be Fedora-specific?

Mozilla maintain a recommended cipher list. See
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Appropriate use of SSL_CTX_set_cipher_list()

Michael Wojcik
In reply to this post by Ryan Beethe
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Ryan Beethe
> Sent: Tuesday, July 17, 2018 16:37
>
> However, I realized that Fedora's packaging standards [1] require me to
> elminate this line or use the special value "PROFILE=SYSTEM" for
> CIPHERS.
>
> So that makes me nervous about whether or not I am using
> SSL_CTX_set_cipher_list() wrong.  Should I be calling it at all?

I recommend you make it configurable.

>  And if
> so, where would I find the "right" setting for other operating systems,
> since "PROFILE=SYSTEM" appears to be Fedora-specific?

Offhand, I'm not aware of other OSes that distribute implementations of OpenSSL that require platform-specific cipher-list settings. This strikes me as a Really Bad Idea on the part of the Fedora developers, but these days I'm not surprised by anything that comes out of the Red Hat organization.

Personally, I'd be tempted to drop Fedora from my list of supported platforms, or to ignore their "packaging standards". I have little tolerance for this sort of nonsense. But if you want to accommodate them, put the cipher list in a configuration file, and set it to "PROFILE=SYSTEM" for Fedora and a proper suite list for everything else. That also gives your customers the flexibility to change the list if they have good reason, or if they just enjoy making poor decisions.

I recommend Ivan Ristic's /Bulletproof TLS/ e-book (or the /OpenSSL Cookbook/ free excerpt, if you can't afford the full book) for cipher-suite recommendations, and much more besides. It's available from the Feisty Duck website.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Appropriate use of SSL_CTX_set_cipher_list()

Ryan Beethe
> Offhand, I'm not aware of other OSes that distribute implementations
> of OpenSSL that require platform-specific cipher-list settings.

Ok, that is very helpful to know

> This strikes me as a Really Bad Idea on the part of the Fedora
> developers

While it is a pain to have to have to have a Fedora-specific patch, I am
not sure I understand why this is a bad idea? (Server applications like
Apache do not fall under that guideline.)  As a consumer of applications
that use OpenSSL, I think I would prefer that an up-to-date list of
acceptable ciphers is kept by the same folks who keep my libssl.so
up-to-date, rather than depending on the developer of each individual
application to keep their code in step with current security news.

> I recommend Ivan Ristic's /Bulletproof TLS/ e-book

I have been meaning to buy this book for a long time, so I finally did.
Skimming through it, it looks excellent.

I will also take another look at Mozilla's list (as mentioned by
Daurnimator), and compare it to the suggestions in "Bulletproof TLS".  I
have been using the Mozilla list for server-side things, so I suppose it
make sense to use it on the client side as well.

But I still have one question, which I don't see answered explicitly
anywhere:

For a safe client application, should you explicitly set the cipher list
explicitly, rather than trust the default cipher list that comes from
the package manager's libssl?

(obviously this question would not apply to operating systems which
which don't distribute OpenSSL, or to Fedora)

Thanks,
Ryan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Appropriate use of SSL_CTX_set_cipher_list()

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Ryan Beethe
> Sent: Wednesday, July 18, 2018 14:25
>
> For a safe client application, should you explicitly set the cipher list
> explicitly, rather than trust the default cipher list that comes from
> the package manager's libssl?

I don't think there's a definitive answer. It will depend on how well that OpenSSL package is maintained and how often the system administrator (who may just be Joe End User) updates it, the criteria used by the developer to set the cipher list, and so on.

That said, I'll always prefer software that has a configurable cipher list with a decent default. If the software uses an OpenSSL provided by the OS manufacturer or some third party, and that OpenSSL comes with its own default cipher suite list, as in the Fedora case, then making the application's default "use the OpenSSL package's default" might well be acceptable. But as I user and system administrator, I always want the freedom to override it.

The OpenSSL-consuming software I work on all uses our own OpenSSL builds - we don't use the OS-supplied one, if there is one - so this isn't an issue I have to deal with professionally. But we do make the cipher-suite list configurable, with a default that tries to strike a reasonable compromise between strength and compatibility.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Appropriate use of SSL_CTX_set_cipher_list()

Mark H. Wood
In reply to this post by Ryan Beethe
On Wed, Jul 18, 2018 at 03:24:31PM -0500, Ryan Beethe wrote:
> For a safe client application, should you explicitly set the cipher list
> explicitly, rather than trust the default cipher list that comes from
> the package manager's libssl?

I would say that the answer to that depends on another question:  do
you regularly review the package manager's default cipher list, and
have reason to trust it?

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Appropriate use of SSL_CTX_set_cipher_list()

Hubert Kario
In reply to this post by Michael Wojcik
On Thursday, 19 July 2018 00:12:55 CEST Michael Wojcik wrote:

> > From: openssl-users [mailto:[hidden email]] On Behalf
> > Of Ryan Beethe
> > Sent: Wednesday, July 18, 2018 14:25
> >
> > For a safe client application, should you explicitly set the cipher list
> > explicitly, rather than trust the default cipher list that comes from
> > the package manager's libssl?
>
> I don't think there's a definitive answer. It will depend on how well that
> OpenSSL package is maintained and how often the system administrator (who
> may just be Joe End User) updates it, the criteria used by the developer to
> set the cipher list, and so on.
>
> That said, I'll always prefer software that has a configurable cipher list
> with a decent default. If the software uses an OpenSSL provided by the OS
> manufacturer or some third party, and that OpenSSL comes with its own
> default cipher suite list, as in the Fedora case, then making the
> application's default "use the OpenSSL package's default" might well be
> acceptable. But as I user and system administrator, I always want the
> freedom to override it.
and the idea of providing that was exactly to allow this, as not all
applications provide necessary configuration options, so without the system
policy you have no way of overriding openssl defaults at all

yes, it's system-wide, but applications are explicitly allowed to override the
policy, and if you really need to communicate with old software or hardware,
there is LEGACY policy provided for this

> The OpenSSL-consuming software I work on all uses our own OpenSSL builds -
> we don't use the OS-supplied one, if there is one - so this isn't an issue
> I have to deal with professionally. But we do make the cipher-suite list
> configurable, with a default that tries to strike a reasonable compromise
> between strength and compatibility.

yes, for people that manage this stuff themselves, and spend a lot of time
thinking and making decisions about their TLS settings, regularly updating it,
this may feel intrusive

but please remember, this is not the typical user behaviour

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (849 bytes) Download Attachment