TLSv1 on CentOS-8

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

TLSv1 on CentOS-8

Junaid Mukhtar
Hi Team

I am trying to enable TLSv1 on CentOS-8. We don't have the ability to upgrade the server unfortunately so we need to enable TLSv1 with weak-ciphers on OpenSSL.

I have tried to build the OpenSSL version manually using switches "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-tls1 zlib" which ran successfully

[root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
OpenSSL 1.1.1c  28 May 2019


But i am still not able to run the "openssl s_client -connect " command without specifying -tls1 in it. Build accepts the weak-ciphers but not the tls1 version.

Can someone please help me with this?

--------
Regards,

Junaid

Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Tomas Mraz-2
On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:

> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the OpenSSL version manually using switches
> "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
> shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> tls1 zlib" which ran successfully
>
> [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> OpenSSL 1.1.1c  28 May 2019
>
>
> But i am still not able to run the "openssl s_client -connect "
> command without specifying -tls1 in it. Build accepts the weak-
> ciphers but not the tls1 version.
>
> Can someone please help me with this?

You should not need to recompile openssl or anything.

Just run:

update-crypto-policies --set LEGACY

and restart the service that is supposed to be providing the TLS1
server or reboot the machine.

The LEGACY crypto policy purpose is exactly for re-enabling some of the
not-up-to-date protocols and crypto algorithms.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Junaid Mukhtar
Thanks a lot; It really helped

--------
Regards,

Junaid



On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz <[hidden email]> wrote:
On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the OpenSSL version manually using switches
> "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
> shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> tls1 zlib" which ran successfully
>
> [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> OpenSSL 1.1.1c  28 May 2019
>
>
> But i am still not able to run the "openssl s_client -connect "
> command without specifying -tls1 in it. Build accepts the weak-
> ciphers but not the tls1 version.
>
> Can someone please help me with this?

You should not need to recompile openssl or anything.

Just run:

update-crypto-policies --set LEGACY

and restart the service that is supposed to be providing the TLS1
server or reboot the machine.

The LEGACY crypto policy purpose is exactly for re-enabling some of the
not-up-to-date protocols and crypto algorithms.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Junaid Mukhtar
Hi Tomas

Is it possible to enable legacy protocols/ciphers but disable only one. In particular we want RC4-SHA to be disable

--------
Regards,

Junaid



On Wed, Apr 15, 2020 at 5:13 PM Junaid Mukhtar <[hidden email]> wrote:
Thanks a lot; It really helped

--------
Regards,

Junaid



On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz <[hidden email]> wrote:
On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the OpenSSL version manually using switches
> "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
> shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> tls1 zlib" which ran successfully
>
> [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> OpenSSL 1.1.1c  28 May 2019
>
>
> But i am still not able to run the "openssl s_client -connect "
> command without specifying -tls1 in it. Build accepts the weak-
> ciphers but not the tls1 version.
>
> Can someone please help me with this?

You should not need to recompile openssl or anything.

Just run:

update-crypto-policies --set LEGACY

and restart the service that is supposed to be providing the TLS1
server or reboot the machine.

The LEGACY crypto policy purpose is exactly for re-enabling some of the
not-up-to-date protocols and crypto algorithms.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Tomas Mraz-2
It will be possible via Custom crypto policies in 8.2 release.

It can be solved only in a hackish way on 8.1.

You can manually edit /etc/crypto-policies/back-ends/openssl*.config
files however that will not survive further runs of update-crypto-
policies or package updates.

Or you could modify the /etc/pki/tls/openssl.cnf:
Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
line in it and insert something like:

CipherString = @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!DES:!RC2:!RC4:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8

after that include line.

This will override the policy. However then it will be overridden even
after you switch the system to another mode or if you update the system
and new policy (with adjustments and fixes) is provided in the updated
packages.

Regards,
Tomas

On Fri, 2020-04-17 at 15:39 +0100, Junaid Mukhtar wrote:

> Hi Tomas
>
> Is it possible to enable legacy protocols/ciphers but disable only
> one. In particular we want RC4-SHA to be disable
>
> --------
> Regards,
> Junaid
>
>
> On Wed, Apr 15, 2020 at 5:13 PM Junaid Mukhtar <
> [hidden email]> wrote:
> > Thanks a lot; It really helped
> >
> > --------
> > Regards,
> > Junaid
> >
> >
> > On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz <[hidden email]>
> > wrote:
> > > On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> > > > Hi Team
> > > >
> > > > I am trying to enable TLSv1 on CentOS-8. We don't have the
> > > ability to
> > > > upgrade the server unfortunately so we need to enable TLSv1
> > > with
> > > > weak-ciphers on OpenSSL.
> > > >
> > > > I have tried to build the OpenSSL version manually using
> > > switches
> > > > "./config --prefix=/usr/local/openssl --
> > > openssldir=/usr/local/openssl
> > > > shared enable-weak-ssl-ciphers enable-deprecated enable-rc4
> > > enable-
> > > > tls1 zlib" which ran successfully
> > > >
> > > > [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> > > > OpenSSL 1.1.1c  28 May 2019
> > > >
> > > >
> > > > But i am still not able to run the "openssl s_client -connect "
> > > > command without specifying -tls1 in it. Build accepts the weak-
> > > > ciphers but not the tls1 version.
> > > >
> > > > Can someone please help me with this?
> > >
> > > You should not need to recompile openssl or anything.
> > >
> > > Just run:
> > >
> > > update-crypto-policies --set LEGACY
> > >
> > > and restart the service that is supposed to be providing the TLS1
> > > server or reboot the machine.
> > >
> > > The LEGACY crypto policy purpose is exactly for re-enabling some
> > > of the
> > > not-up-to-date protocols and crypto algorithms.
> > >
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Kyle Hamilton
In reply to this post by Junaid Mukhtar
Note: This is better asked on the CentOS support forums, since it asks about changes that CentOS made to OpenSSL.

This is an unsupported configuration, and will be overwritten if you audit or reinstall the crypto-policies package.  Also, I haven't looked to see where /etc/crypto-policies/back-ends/opensslcnf.config versus /etc/crypto-policies/back-ends/openssl.config are used.

Since you're modifying the LEGACY policy (and the files in /etc/crypto-policies/back-ends/ are all symlinks, and I don't want to give information that would modify any security level without regard for knowing what security level is currenty in place): You want to modify the /usr/share/crypto-policies/LEGACY/openssl.txt file to append ":!RC4" to it.  You should also modify /usr/share/crypto-policies/LEGACY/opensslcnf.txt to append ":!RC4" to the CipherString line, and ":!RC4-SHA" to the Ciphersuites line.

There are additional files in there that refer to other services and crypto libraries, that you may wish to change as well.  The OpenSSL support lists don't have any information about them.

-Kyle H

On Fri, Apr 17, 2020, 09:40 Junaid Mukhtar <[hidden email]> wrote:
Hi Tomas

Is it possible to enable legacy protocols/ciphers but disable only one. In particular we want RC4-SHA to be disable

--------
Regards,

Junaid



On Wed, Apr 15, 2020 at 5:13 PM Junaid Mukhtar <[hidden email]> wrote:
Thanks a lot; It really helped

--------
Regards,

Junaid



On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz <[hidden email]> wrote:
On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the OpenSSL version manually using switches
> "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
> shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> tls1 zlib" which ran successfully
>
> [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> OpenSSL 1.1.1c  28 May 2019
>
>
> But i am still not able to run the "openssl s_client -connect "
> command without specifying -tls1 in it. Build accepts the weak-
> ciphers but not the tls1 version.
>
> Can someone please help me with this?

You should not need to recompile openssl or anything.

Just run:

update-crypto-policies --set LEGACY

and restart the service that is supposed to be providing the TLS1
server or reboot the machine.

The LEGACY crypto policy purpose is exactly for re-enabling some of the
not-up-to-date protocols and crypto algorithms.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Viktor Dukhovni
In reply to this post by Tomas Mraz-2
On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:

> Or you could modify the /etc/pki/tls/openssl.cnf:
> Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> line in it and insert something like:
>
> CipherString = @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!DES:!RC2:!RC4:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8

How did this particular contraption become a recommended cipherlist?
What's wrong with "DEFAULT"?  In OpenSSL 1.1.1 it already excludes
RC4 (if RC4 is at all enabled at compile time):

    $ openssl ciphers -v 'COMPLEMENTOFDEFAULT+RC4'
    ECDHE-ECDSA-RC4-SHA     TLSv1 Kx=ECDH     Au=ECDSA Enc=RC4(128) Mac=SHA1
    ECDHE-RSA-RC4-SHA       TLSv1 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
    RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1

I find too many people cargo-culting poorly thought cipher lists from
some random HOWTO.  Over optimising your cipherlist is subject to
rapid bitrot, resist the temptation...

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Junaid Mukhtar
Hi, we have a requirement to enable tlsv1 for an edge case. When we enable that via Tomas recommendation it enables rc4 cipher.

We want to disable rc4 but keep tlsv1 and that's why the ask for the process 

Thanks, 

On Fri, 17 Apr 2020 at 18:04, Viktor Dukhovni <[hidden email]> wrote:
On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:

> Or you could modify the /etc/pki/tls/openssl.cnf:
> Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> line in it and insert something like:
>
> CipherString = @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!DES:!RC2:!RC4:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8

How did this particular contraption become a recommended cipherlist?
What's wrong with "DEFAULT"?  In OpenSSL 1.1.1 it already excludes
RC4 (if RC4 is at all enabled at compile time):

    $ openssl ciphers -v 'COMPLEMENTOFDEFAULT+RC4'
    ECDHE-ECDSA-RC4-SHA     TLSv1 Kx=ECDH     Au=ECDSA Enc=RC4(128) Mac=SHA1
    ECDHE-RSA-RC4-SHA       TLSv1 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
    RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1

I find too many people cargo-culting poorly thought cipher lists from
some random HOWTO.  Over optimising your cipherlist is subject to
rapid bitrot, resist the temptation...

--
    Viktor.
--
Sent from Gmail Mobile
Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Viktor Dukhovni
On Fri, Apr 17, 2020 at 06:06:56PM +0100, Junaid Mukhtar wrote:

> Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
> that via Tomas recommendation it enables rc4 cipher.

Yes, but in OpenSSL 1.1.1, it is not clear why enabling the protocol has
any impact on the cipher selection.  These are separate concernts in the
underlying OpenSSL library.  The "DEFAULT" cipherlist does not include
RC4.  

If the CentOS policies for enabling TLS 1.0 also have the side effect of
enabling weak ciphers, set the cipherlist back to "DEFAULT", which for
TLS 1.0 includes only:

    $ openssl ciphers -s -tls1 -v DEFAULT
    ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Tomas Mraz-2
In reply to this post by Viktor Dukhovni
On Fri, 2020-04-17 at 13:03 -0400, Viktor Dukhovni wrote:

> On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
>
> > Or you could modify the /etc/pki/tls/openssl.cnf:
> > Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> > line in it and insert something like:
> >
> > CipherString =
> > @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!DES:!RC2:!RC4:
> > !IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
>
> How did this particular contraption become a recommended cipherlist?

To explain - this is basically autogenerated value from the crypto
policy definiton of the LEGACY crypto policy with just added the !RC4.


> What's wrong with "DEFAULT"?  In OpenSSL 1.1.1 it already excludes
> RC4 (if RC4 is at all enabled at compile time):

Nothing wrong with DEFAULT. For manual configuration. This is however
something that is autogenerated.

>     $ openssl ciphers -v 'COMPLEMENTOFDEFAULT+RC4'
>     ECDHE-ECDSA-RC4-SHA     TLSv1 Kx=ECDH     Au=ECDSA Enc=RC4(128)
> Mac=SHA1
>     ECDHE-RSA-RC4-SHA       TLSv1
> Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
>     RC4-SHA                 SSLv3
> Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>
> I find too many people cargo-culting poorly thought cipher lists from
> some random HOWTO.  Over optimising your cipherlist is subject to
> rapid bitrot, resist the temptation...

Yeah, I should have probably suggested just: CipherString = DEFAULT

There is not much point in being as close to the autogenerated policy
as possible for this particular user's use-case.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Junaid Mukhtar
Hi Tomas/Team

I have managed to block the RC4 and enable tlsv1 as per our requirements.

We have a requirement to match cipher list on the internal server to match the native browser cipher list as shown by the https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

I have tried setting up different combinations on the CipherString but none helped. Do you have any suggestions as to how to do achieve this?

--------
Regards,

Junaid



On Fri, Apr 17, 2020 at 6:22 PM Tomas Mraz <[hidden email]> wrote:
On Fri, 2020-04-17 at 13:03 -0400, Viktor Dukhovni wrote:
> On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
>
> > Or you could modify the /etc/pki/tls/openssl.cnf:
> > Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> > line in it and insert something like:
> >
> > CipherString =
> > @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!DES:!RC2:!RC4:
> > !IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
>
> How did this particular contraption become a recommended cipherlist?

To explain - this is basically autogenerated value from the crypto
policy definiton of the LEGACY crypto policy with just added the !RC4.


> What's wrong with "DEFAULT"?  In OpenSSL 1.1.1 it already excludes
> RC4 (if RC4 is at all enabled at compile time):

Nothing wrong with DEFAULT. For manual configuration. This is however
something that is autogenerated.

>     $ openssl ciphers -v 'COMPLEMENTOFDEFAULT+RC4'
>     ECDHE-ECDSA-RC4-SHA     TLSv1 Kx=ECDH     Au=ECDSA Enc=RC4(128)
> Mac=SHA1
>     ECDHE-RSA-RC4-SHA       TLSv1
> Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
>     RC4-SHA                 SSLv3
> Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>
> I find too many people cargo-culting poorly thought cipher lists from
> some random HOWTO.  Over optimising your cipherlist is subject to
> rapid bitrot, resist the temptation...

Yeah, I should have probably suggested just: CipherString = DEFAULT

There is not much point in being as close to the autogenerated policy
as possible for this particular user's use-case.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

OpenSSL - User mailing list
That link shows whatever anyone's browser is configured to handle when
clicking
the link.

The important thing is which browsers you need to support, like the ones on
https://www.ssllabs.com/ssltest/clients.html

Beware that the list I just linked is woefully incomplete for those of
us who
actively target "any browser" support, especially when including old stuff
like Windows Mobile 5 and Windows XP.

On 21/04/2020 17:06, Junaid Mukhtar wrote:

> Hi Tomas/Team
>
> I have managed to block the RC4 and enable tlsv1 as per our requirements.
>
> We have a requirement to match cipher list on the internal server to
> match the native browser cipher list as shown by the
> https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
>
> I have tried setting up different combinations on the CipherString but
> none helped. Do you have any suggestions as to how to do achieve this?
>
>
> On Fri, Apr 17, 2020 at 6:22 PM Tomas Mraz <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     On Fri, 2020-04-17 at 13:03 -0400, Viktor Dukhovni wrote:
>     > On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
>     >
>     > > Or you could modify the /etc/pki/tls/openssl.cnf:
>     > > Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
>     > > line in it and insert something like:
>     > >
>     > > CipherString =
>     > >
>     @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!DES:!RC2:!RC4:
>     > > !IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
>     >
>     > How did this particular contraption become a recommended cipherlist?
>
>     To explain - this is basically autogenerated value from the crypto
>     policy definiton of the LEGACY crypto policy with just added the
>     !RC4.
>
>
>     > What's wrong with "DEFAULT"?  In OpenSSL 1.1.1 it already excludes
>     > RC4 (if RC4 is at all enabled at compile time):
>
>     Nothing wrong with DEFAULT. For manual configuration. This is however
>     something that is autogenerated.
>
>     >     $ openssl ciphers -v 'COMPLEMENTOFDEFAULT+RC4'
>     >     ECDHE-ECDSA-RC4-SHA     TLSv1 Kx=ECDH     Au=ECDSA Enc=RC4(128)
>     > Mac=SHA1
>     >     ECDHE-RSA-RC4-SHA       TLSv1
>     > Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
>     >     RC4-SHA                 SSLv3
>     > Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>     >
>     > I find too many people cargo-culting poorly thought cipher lists
>     from
>     > some random HOWTO.  Over optimising your cipherlist is subject to
>     > rapid bitrot, resist the temptation...
>
>     Yeah, I should have probably suggested just: CipherString = DEFAULT
>
>     There is not much point in being as close to the autogenerated policy
>     as possible for this particular user's use-case.
>

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Viktor Dukhovni
In reply to this post by Junaid Mukhtar
On Tue, Apr 21, 2020 at 04:06:04PM +0100, Junaid Mukhtar wrote:

> I have managed to block the RC4 and enable tlsv1 as per our requirements.
>
> We have a requirement to match cipher list on the internal server to match
> the native browser cipher list as shown by the
> https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

That requirement is likely ill-considered and unwise.  You end up
freezing in a stale list that was somebody's idea of best practice at a
point in time, often for a specific use-case that may not be yours, and
sometimes without understanding what they're doing.

> I have tried setting up different combinations on the CipherString but none
> helped. Do you have any suggestions as to how to do achieve this?

Instead, configure a broadly interoperable list of ciphers that are
known to be safe enough.  The 'DEFAULT' list is a good starting point,
and you can subtract a few types of ciphers from that as needed.

On my FreeBSD 12 system, which has OpenSSL 1.1.1, I get:

    $ openssl ciphers -v -s -tls1_2 DEFAULT
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
    DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
    ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
    ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
    DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
    ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
    ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
    DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
    ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
    DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
    ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
    ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
    DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
    ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
    AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
    AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
    AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

from which you could perhaps remove the kRSA ciphers, if insisting on
forward-secrecy does not break some important-enough pool of clients.

    DEFAULT:!kRSA

Otherwise, I don't see anything on that list I'd be inclined to remove.

For a more advance "performance-optimized" list where AES128 is
preferred over CHACHA20 and AES256, you could go with:

    AES128:CHACHA20:AES256:-ALL:ALL:!COMPLEMENTOFDEFAULT:!kRSA

The idea is to resist the temptation to explicitly order a specific list
of individual ciphers, and instead take the DEFAULT list, and lightly
prune it and/or rearrange it to optimize for some particular features.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

Hubert Kario
In reply to this post by OpenSSL - User mailing list
On Tuesday, 21 April 2020 21:29:58 CEST, Jakob Bohm via openssl-users
wrote:

> That link shows whatever anyone's browser is configured to
> handle when clicking
> the link.
>
> The important thing is which browsers you need to support, like the ones on
> https://www.ssllabs.com/ssltest/clients.html
>
> Beware that the list I just linked is woefully incomplete for
> those of us who
> actively target "any browser" support, especially when including old stuff
> like Windows Mobile 5 and Windows XP.

what good is supporting connections from Windows XP when no browser that
can
run on it will be able to display the web page?

> On 21/04/2020 17:06, Junaid Mukhtar wrote:
>> Hi Tomas/Team
>>
>> I have managed to block the RC4 and enable tlsv1 as per our requirements.
>>
>> We have a requirement to match cipher list on the internal
>> server to match the native browser cipher list as shown by the
>> https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
>>
>> I have tried setting up different combinations on the
>> CipherString but none helped. Do you have any suggestions as to
>> how to do achieve this?
>>
>>
>> On Fri, Apr 17, 2020 at 6:22 PM Tomas Mraz <[hidden email]
>> <mailto:[hidden email]>> wrote: ...
>
> Enjoy
>
> Jakob

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

Reply | Threaded
Open this post in threaded view
|

Re: TLSv1 on CentOS-8

OpenSSL - User mailing list

On 2020-04-22 15:22, Hubert Kario wrote:

> On Tuesday, 21 April 2020 21:29:58 CEST, Jakob Bohm via openssl-users
> wrote:
>> That link shows whatever anyone's browser is configured to handle
>> when clicking
>> the link.
>>
>> The important thing is which browsers you need to support, like the
>> ones on
>> https://www.ssllabs.com/ssltest/clients.html
>>
>> Beware that the list I just linked is woefully incomplete for those
>> of us who
>> actively target "any browser" support, especially when including old
>> stuff
>> like Windows Mobile 5 and Windows XP.
>
> what good is supporting connections from Windows XP when no browser
> that can
> run on it will be able to display the web page?
>
Making the web page itself compatible is another part of that task.
For backward browser compatibility, some pages will have a higher
priority.

Did you by chance encounter a technical issue on our web pages?  If
so, please report to me, webmaster or support.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded