Is it possible to configure only TLSv1.2 ciphers for FIPS?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it possible to configure only TLSv1.2 ciphers for FIPS?

Cipher
Hi,
For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a configuration option to use only TLSv1.2 ciphers?
we are using apache/mod_ssl engine(v 2.2.16).  SSLProtocol directive does not support TLSv1.1/TLSv1.2 option.

if there is no config option, which functions need to be changed to support only TLSv1.2 in FIPS mode?(If the list is not so long)

any inputs are highly appreciated.

Thanks,
Cipher
 
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to configure only TLSv1.2 ciphers for FIPS?

Viktor Dukhovni
On Thu, Apr 25, 2013 at 04:40:12AM -0700, Cipher wrote:

> For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a
> configuration option to use *only* TLSv1.2 ciphers?

You say ciphers here.

> we are using apache/mod_ssl engine(v 2.2.16).  *SSLProtocol* directive does
> not support TLSv1.1/TLSv1.2 option.

And then protocols here.  Which do you want, the protocol or the ciphers?

> if there is no config option, which functions need to be changed to support
> only TLSv1.2 in FIPS mode?(If the list is not so long)
> any inputs are highly appreciated.

I am not aware of any "config" option.  At runtime you can call:
SSL_CTX_set_options() with an argument of:

        SSP_OP_NO_SSLv2|
        SSL_OP_NO_SSLv3|
        SSL_OP_NO_TLSv1|
        SSL_OP_NO_TLSv1_1

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to configure only TLSv1.2 ciphers for FIPS?

Jakob Bohm-7
In reply to this post by Cipher
On 4/25/2013 1:40 PM, Cipher wrote:
> Hi,
> For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a
> configuration option to use *only* TLSv1.2 ciphers?
> we are using apache/mod_ssl engine(v 2.2.16).  *SSLProtocol* directive does
> not support TLSv1.1/TLSv1.2 option.
>

Which version of the OpenSSL library was it built with?  Anything less
than 1.0.1 will not allow TLSv1.2, and will not work with the current
FIPS-certified module 2.0.

Due to known security fixes, be sure to use Apache/mod_ssl 2.2.24 or
later with OpenSSL 1.0.1e or later.  Apache 2.2.24 includes security
fixes, and some TLSv1.2 related fixes.

I it was built against OpenSSL library 1.0.1, you can use the
SSLCipherSuite directive to limit the set of ciphersuites that will
work.  Also note that the parser for this option in earlier OpenSSL
library 1.0.1 patch releases had bugs in the handling of TLSv1.2
related names, so be sure to use the current OpenSSL library version 1.0.1e.

According to <http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>, when
built against OpenSSL library 1.0.1e with FIPS module 2.0, mod_ssl
2.2.23 or later *does* support the specification of the TLSv1.2 protocol
in the SSLProtocol directive.

And please be sure to filter the correct aspect of your setup, as there
are 4 independent directives that affect *different* security parameters:

# Only use the cipher suites that are new for TLS version 1.2,
#    regardless of their security or lack thereof.
# The value of this option is parsed by the OpenSSL library and the
#    mod_ssl documentation of its possible values is hopelessly
#    outdated, for instance the value "HIGH" and "MEDIUM" do not mean
#    what that outdated document says.
SSLCipherSuite TLSv1.2
# Only use the version 1.2 handshake and encryption protocol, this
#    does not prevent negotiating a weak encryption such as
#    56 bit single DES.
# This option is new in Apache mod_ssl 2.2.23
SSLProtocol TLSv1.2
# Only use FIPS-approved algorithms in FIPS-validated implementations,
#   this is required for US Government work but prevents the use of
#   security improvements that have not made it through the bureaucracy
#   yet.
SSLFIPS on
# Prevent a traffic-analysis attack on some types of cookie-
#   authentication.  These attacks only work if they can trick the users
#   browser into repeatedly sending their secret cookie with different
#   attacker-chosen HTTP header values, thus giving different compressed
#   size depending on which letters are in common between the cookie and
#   the attackers values.  These attacks are called CRIME attacks.
# A better defense against these attacks is to cancel (server side!) the
#   validity of any authentication cookie repeatedly received with wrong
#   or modified URLs or other header parameters.
# Regardless, some security auditors currently insist that all data
#   compression of encrypted connections is disabled wholesale
#   regardless of other security measures taken against these attacks.
# This option is new in Apache mod_ssl 2.2.24
SSLCompression off


> if there is no config option, which functions need to be changed to support
> only TLSv1.2 in FIPS mode?(If the list is not so long)
>
> any inputs are highly appreciated.
>
> Thanks,


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to configure only TLSv1.2 ciphers for FIPS?

Cipher
Hi Jakob,

I am using Openssl 1.0.1e compiled against FIPS 2.0.2.
Thanks a lot! That was some great information. we will upgrade to 2.3.x since we need OCSP support as well.
Any idea which is the stable version in 2.3.x?

Hi Viktor,
>And then protocols here.  Which do you want, the protocol or the ciphers? 
Sorry, i was under the impression that Selecting TLS version automatically sets the same versioned ciphers. I may be mistaken here. Jakobs mail clears the confusion for me.
Thanks!

Cipher.
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to configure only TLSv1.2 ciphers for FIPS?

Jakob Bohm-7
Please refer to <http://httpd.apache.org> for the current version
numbers.  Note that 2.3.x was a beta series for the current 2.4.x releases.

On 4/29/2013 2:22 PM, Cipher wrote:

> Hi Jakob,
>
> I am using Openssl 1.0.1e compiled against FIPS 2.0.2.
> Thanks a lot! That was some great information. we will upgrade to 2.3.x
> since we need OCSP support as well.
> Any idea which is the stable version in 2.3.x?
>
> Hi Viktor,
>> /And then protocols here.  Which do you want, the protocol or the ciphers?/
> Sorry, i was under the impression that Selecting TLS version automatically
> sets the same versioned ciphers. I may be mistaken here. Jakobs mail clears
> the confusion for me.
> Thanks!
>
> Cipher.
>
>


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]