TLSv1.3, AES and Apache2 on opensuse leap 15.2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

TLSv1.3, AES and Apache2 on opensuse leap 15.2

cryptearth
first of: as I'm not sure what's causing this issue I'll post this question on these locations:
opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
apache httpd mailing list
openssl mailing list

As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos it's now possible to use TLSv1.3 with Apache2 out of the box. As I use the TLS test on ssllabs.com as a reference I encountered some issues I'd like to ask for help to fix.
First of, as most important, the used versions:

apache2: 2.4.43-lp152.1.1
openssl: 1.1.1d-lp152.1.1

And here's the config (only used ssl-global.conf for this test):

SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384
SSLOpenSSLConfCmd Curves secp521r1:secp384r1

There were no other changes made to any other conf.
As one can see I only enabled AES with 256 bit keylength and ordered chacha20 preferred over AES. But when testing with ssllabs.com server test it shows two issues I'm unable to solve myself:

1) although not enabled the server test also shows AES with only 128 bit keylength enabled and working - hence capping the score to only 90% for cipher strength (only ciphers with an equivalent of at least RSA 4096 give one full 100%)
2) the order doesn'T match the config - it shows AES256 as the most preferred one, then followed by the chacha20 and finally the AES128

As I don't know if this is an issue with apache, openssl or opensuse I posted it on all three to reach most group of people, so, if you're member of more than one of the mentioned I apologize if you get this topic multiple times.

Thanks in advance to anyone,

Matt
Reply | Threaded
Open this post in threaded view
|

Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2

Rüdiger Plüm


On 7/21/20 4:20 AM, cryptearth wrote:

> first of: as I'm not sure what's causing this issue I'll post this question on these locations:
> opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
> apache httpd mailing list
> openssl mailing list
>
> As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos it's now possible to use TLSv1.3 with Apache2 out of the box.
> As I use the TLS test on ssllabs.com as a reference I encountered some issues I'd like to ask for help to fix.
> First of, as most important, the used versions:
>
> apache2: 2.4.43-lp152.1.1
> openssl: 1.1.1d-lp152.1.1
>
> And here's the config (only used ssl-global.conf for this test):
>
> SSLProtocol -all +TLSv1.2 +TLSv1.3
> SSLCipherSuite
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384

Try replacing the one SSLCiphersuite directive above with the below two ones:

SSLCipherSuite ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite

Regards

Rüdiger

Reply | Threaded
Open this post in threaded view
|

Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2

cryptearth
Hello Rüdiger,

I got the same reply on the opensuse forums.
Yes, it does "fix" my "issue", but as the reply on the forums noted:
AES128 is mandatory for a 1.3 compliant implementation, as for why: I
guess we all can come up with some three letter shorts without
mentioning them by name.
As for the ssllabs.com test: As I dug deeper in this "1.3 requires 128"
I found an issue on github talking about it. At first there was a
penalty in place for not supporting the mandatory AES128, but this ended
up in no matter if AES128 was supported or not the test ended up with a
penalty either way, one for supporting AES128 - the other for not
following the RFC. The latter one was removed so although technical any
server not supporting AES128 doesn't fully follow the standard the folks
over at ssllabs.com seem to see the increased security is more important
than to follow the [insert some north-american three letter short here]
"recommandation".

Anyway - as the test now shows the desired result I mark this topic as
solved for now.

Matt

Am 21.07.2020 um 08:40 schrieb Rüdiger Plüm:

>
> On 7/21/20 4:20 AM, cryptearth wrote:
>> first of: as I'm not sure what's causing this issue I'll post this question on these locations:
>> opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
>> apache httpd mailing list
>> openssl mailing list
>>
>> As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos it's now possible to use TLSv1.3 with Apache2 out of the box.
>> As I use the TLS test on ssllabs.com as a reference I encountered some issues I'd like to ask for help to fix.
>> First of, as most important, the used versions:
>>
>> apache2: 2.4.43-lp152.1.1
>> openssl: 1.1.1d-lp152.1.1
>>
>> And here's the config (only used ssl-global.conf for this test):
>>
>> SSLProtocol -all +TLSv1.2 +TLSv1.3
>> SSLCipherSuite
>> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384
> Try replacing the one SSLCiphersuite directive above with the below two ones:
>
> SSLCipherSuite ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
> SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
>
> See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite
>
> Regards
>
> Rüdiger
>

Reply | Threaded
Open this post in threaded view
|

Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2

Matt Caswell-2


On 21/07/2020 09:42, cryptearth wrote:
> Hello Rüdiger,
>
> I got the same reply on the opensuse forums.
> Yes, it does "fix" my "issue", but as the reply on the forums noted:
> AES128 is mandatory for a 1.3 compliant implementation,

AES128 is mandatory-to-implement for an RFC compliant implementation of
TLSv1.3. AFAIK it is *not* mandatory for a client to offer it, nor is it
mandatory for a server to accept it. Its just that the implementation
has to be *able* to do it. There should be no problems with you
configuring things to not offer or accept AES128.

Matt



> as for why: I
> guess we all can come up with some three letter shorts without
> mentioning them by name.
> As for the ssllabs.com test: As I dug deeper in this "1.3 requires 128"
> I found an issue on github talking about it. At first there was a
> penalty in place for not supporting the mandatory AES128, but this ended
> up in no matter if AES128 was supported or not the test ended up with a
> penalty either way, one for supporting AES128 - the other for not
> following the RFC. The latter one was removed so although technical any
> server not supporting AES128 doesn't fully follow the standard the folks
> over at ssllabs.com seem to see the increased security is more important
> than to follow the [insert some north-american three letter short here]
> "recommandation".
>
> Anyway - as the test now shows the desired result I mark this topic as
> solved for now.
>
> Matt
>
> Am 21.07.2020 um 08:40 schrieb Rüdiger Plüm:
>>
>> On 7/21/20 4:20 AM, cryptearth wrote:
>>> first of: as I'm not sure what's causing this issue I'll post this
>>> question on these locations:
>>> opensuse official forums
>>> https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2
>>>
>>> apache httpd mailing list
>>> openssl mailing list
>>>
>>> As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos
>>> it's now possible to use TLSv1.3 with Apache2 out of the box.
>>> As I use the TLS test on ssllabs.com as a reference I encountered
>>> some issues I'd like to ask for help to fix.
>>> First of, as most important, the used versions:
>>>
>>> apache2: 2.4.43-lp152.1.1
>>> openssl: 1.1.1d-lp152.1.1
>>>
>>> And here's the config (only used ssl-global.conf for this test):
>>>
>>> SSLProtocol -all +TLSv1.2 +TLSv1.3
>>> SSLCipherSuite
>>> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384
>>>
>> Try replacing the one SSLCiphersuite directive above with the below
>> two ones:
>>
>> SSLCipherSuite
>> ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
>>
>> SSLCipherSuite TLSv1.3
>> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
>>
>> See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite
>>
>> Regards
>>
>> Rüdiger
>>
>