How to use ADH with OpenSSL 1.1.0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to use ADH with OpenSSL 1.1.0

Frykenvall, Per
Hi,

I need to permit some anonymous Diffie-Hellman ciphers in OpenSSL. This worked fine until I installed 1.1.0h when I get "no shared cipher". I debugged and found the cause in ssl_security_default_callback, ssl_cert.c line 1028:

            /* No unauthenticated ciphersuites */
            if (c->algorithm_auth & SSL_aNULL)
                return 0;

So do I need to have my own callback, using SSL_CTX_set_security_callback? The manual page is not very informative and I'm not sure about how to implement the callback. I wouldn't like to duplicate all the other checks of the default callback.

Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick, but as far as I understand, it switches off some other cipher checks. What's the recommended way of allowing ADH?

Best regards,
Per

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use ADH with OpenSSL 1.1.0

Viktor Dukhovni


> On Apr 12, 2018, at 7:12 AM, Frykenvall, Per <[hidden email]> wrote:
>
> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick, but as far as I understand, it switches off some other cipher checks. What's the recommended way of allowing ADH?

For now just @SECLEVEL=0.  There's not yet a more fine-grained to set the security level for crypto parameters but allow certificate-less key exchange.  If you're willing to allow MiTM attacks, then downgrades are of scope, and the peers will negotiate the best available ciphers, so @SECLEVEL=0 is probably fine, you'll still get strong ciphers.
You can also limit the cipher list to exclude anything you feel is too weak to offer.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use ADH with OpenSSL 1.1.0

Frykenvall, Per
>> Then I tried adding :@SECLEVEL=0 to my cipher suite list. That made the trick, but as far as I understand, it switches off some other cipher checks. What's the recommended way of allowing ADH?

>For now just @SECLEVEL=0.  There's not yet a more fine-grained to set the security
>level for crypto parameters but allow certificate-less key exchange.  If you're willing
>to allow MiTM attacks, then downgrades are of scope, and the peers will negotiate
>the best available ciphers, so @SECLEVEL=0 is probably fine, you'll still get strong ciphers.
>You can also limit the cipher list to exclude anything you feel is too weak to offer.

Since we never allow unauthenticated cipher suites in production configurations, it's actually not a problem with the @SECLEVEL solution for those test systems where we do use ADH. Glad that I don't have to use a modified callback.
Thanks a lot, Per

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users