Reference: http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html
and http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html. BL > ...and don't intend to fix their broken ECDSA support in Safari. Apple really needs to fix their engineering process and broken implementation. (And hire some QA personnel while they are at it... This is something their lawyers can't fix with a change to their license agreements). Will the patch be applied to 0.9.8 and 1.0.1 branches? If I can't wait for the patch in future stable releases (or don't want to use SSL_OP_SAFARI_ECDHE_ECDSA_BUG), what are the other options? Can I use a cipher_list to work around this? For example, can I prefer RSA and DSS ciphers over ECDSA: const char* const PREFERRED_CIPHERS = /* TLS 1.2 only */ "ECDHE-RSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" /* TLS 1.2 only */ "DHE-DSS-AES256-GCM-SHA384:" "DHE-RSA-AES256-GCM-SHA384:" "DHE-DSS-AES128-GCM-SHA256:" "DHE-RSA-AES128-GCM-SHA256:" /* TLS 1.2, see SSL_OP_SAFARI_ECDHE_ECDSA_BUG */ "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-ECDSA-AES128-GCM-SHA256:" ... Thanks in advance. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [hidden email] Automated List Manager [hidden email] |
On 09/12/13 23:34, Jeffrey Walton wrote:
> Reference: http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html > and http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html. > > BL > ...and don't intend to fix their broken ECDSA support in Safari. > Apple really needs to fix their engineering process and broken > implementation. (And hire some QA personnel while they are at it... > This is something their lawyers can't fix with a change to their > license agreements). > > Will the patch be applied to 0.9.8 and 1.0.1 branches? It has been applied on those branches already. http://git.openssl.org/gitweb/?p=openssl.git;a=shortlog;h=refs/heads/OpenSSL_0_9_8-stable Committed on 2013-10-04. http://git.openssl.org/gitweb/?p=openssl.git;a=shortlog;h=refs/heads/OpenSSL_1_0_0-stable Committed on 2013-09-10. http://git.openssl.org/gitweb/?p=openssl.git;a=shortlog;h=refs/heads/OpenSSL_1_0_1-stable Committed on 2013-09-16. > If I can't wait for the patch in future stable releases (or don't want > to use SSL_OP_SAFARI_ECDHE_ECDSA_BUG), what are the other options? Can > I use a cipher_list to work around this? For example, can I prefer RSA > and DSS ciphers over ECDSA: > > const char* const PREFERRED_CIPHERS = > > /* TLS 1.2 only */ > "ECDHE-RSA-AES256-GCM-SHA384:" > "ECDHE-RSA-AES128-GCM-SHA256:" > > /* TLS 1.2 only */ > "DHE-DSS-AES256-GCM-SHA384:" > "DHE-RSA-AES256-GCM-SHA384:" > "DHE-DSS-AES128-GCM-SHA256:" > "DHE-RSA-AES128-GCM-SHA256:" > > /* TLS 1.2, see SSL_OP_SAFARI_ECDHE_ECDSA_BUG */ > "ECDHE-ECDSA-AES256-GCM-SHA384:" > "ECDHE-ECDSA-AES128-GCM-SHA256:" The broken versions of Safari/OSX don't support GCM (or DSS, I think), so enabling and even preferring ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES128-GCM-SHA256 on your server shouldn't cause any problems. If you can't wait for the patch, or don't want to use it, here are two workarounds that I think should work... 1. Ensure that these 4 ciphers are all disabled on your server (since these are the only ciphers that are affected by the Safari/OSX bug): ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-DES-CBC3-SHA or 2. If you want to enable 1 or more of those 4 ECDHE-ECDSA ciphers, ensure that your server prefers at least 1 of the following ciphers (that Safari/OSX also offers) ahead of them: ECDH-RSA-AES128-SHA ECDH-RSA-AES256-SHA ECDH-RSA-RC4-SHA ECDH-RSA-DES-CBC3-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-DES-CBC3-SHA AES128-SHA RC4-SHA RC4-MD5 AES256-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA EDH-RSA-DES-CBC3-SHA (Obviously you'll need 2 server certificates, one with an RSA key and one with an ECC key). -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [hidden email] Automated List Manager [hidden email] |
On Tue, Dec 10, 2013 at 7:06 AM, Rob Stradling <[hidden email]> wrote:
> On 09/12/13 23:34, Jeffrey Walton wrote: >> >> Reference: >> http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html >> and >> http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html. >> >> ... >> If I can't wait for the patch in future stable releases (or don't want >> to use SSL_OP_SAFARI_ECDHE_ECDSA_BUG), what are the other options? Can >> I use a cipher_list to work around this? For example, can I prefer RSA >> and DSS ciphers over ECDSA: >> >> const char* const PREFERRED_CIPHERS = >> >> /* TLS 1.2 only */ >> "ECDHE-RSA-AES256-GCM-SHA384:" >> "ECDHE-RSA-AES128-GCM-SHA256:" >> >> /* TLS 1.2 only */ >> "DHE-DSS-AES256-GCM-SHA384:" >> "DHE-RSA-AES256-GCM-SHA384:" >> "DHE-DSS-AES128-GCM-SHA256:" >> "DHE-RSA-AES128-GCM-SHA256:" >> >> /* TLS 1.2, see SSL_OP_SAFARI_ECDHE_ECDSA_BUG */ >> "ECDHE-ECDSA-AES256-GCM-SHA384:" >> "ECDHE-ECDSA-AES128-GCM-SHA256:" > > > The broken versions of Safari/OSX don't support GCM (or DSS, I think), so > enabling and even preferring ECDHE-ECDSA-AES256-GCM-SHA384 and > ECDHE-ECDSA-AES128-GCM-SHA256 on your server shouldn't cause any problems. > > If you can't wait for the patch, or don't want to use it, here are two > workarounds that I think should work... > > 1. Ensure that these 4 ciphers are all disabled on your server (since these > are the only ciphers that are affected by the Safari/OSX bug): > ECDHE-ECDSA-AES256-SHA > ECDHE-ECDSA-AES128-SHA > ECDHE-ECDSA-RC4-SHA > ECDHE-ECDSA-DES-CBC3-SHA > > or > > 2. If you want to enable 1 or more of those 4 ECDHE-ECDSA ciphers, ensure > that your server prefers at least 1 of the following ciphers (that > Safari/OSX also offers) ahead of them: > ECDH-RSA-AES128-SHA > ECDH-RSA-AES256-SHA > ECDH-RSA-RC4-SHA > ECDH-RSA-DES-CBC3-SHA > ECDHE-RSA-AES256-SHA > ECDHE-RSA-AES128-SHA > ECDHE-RSA-RC4-SHA > ECDHE-RSA-DES-CBC3-SHA > AES128-SHA > RC4-SHA > RC4-MD5 > AES256-SHA > DES-CBC3-SHA > DHE-RSA-AES128-SHA > DHE-RSA-AES256-SHA > EDH-RSA-DES-CBC3-SHA > > (Obviously you'll need 2 server certificates, one with an RSA key and one > with an ECC key). Perfect, thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |