I want to secure my server from FREAK attack so I want to disable all the cipher suites that uses export grade RSA key from Openssl. Is there a way to disable a particular cipher suite in openssl? If yes, how do i do it?
问题:
回答1:
Is there a way to disable a particular cipher suite in openssl? If yes, how do i do it?
To answer the direct question of disabling a particular cipher suite, do so by removing it from the cipher suite list passed to SSL_CTX_set_cipher_list
or SSL_CTX_set_cipher_list
:
int rc = SSL_CTX_set_cipher_list(ctx, "ALL:!NULL-MD5:!NULL-SHA"); assert(0 != rc);
You can do it on a SSL*
with:
int rc = SSL_set_cipher_list(ssl, "ALL:!NULL-MD5:!NULL-SHA"); assert(0 != rc);
In the above, NULL-MD5
is SSL_RSA_WITH_NULL_MD5
and NULL-SHA
is SSL_RSA_WITH_NULL_SHA
. You can get the list of mappings from the openssl ciphers
command.
You can also disable export ciphers with !EXP
:
int rc = SSL_CTX_set_cipher_list(ctx, "ALL:!EXP"); assert(0 != rc);
And you can do it on a SSL*
with:
int rc = SSL_set_cipher_list(ssl, "ALL:!EXP"); assert(0 != rc);
You can see what "ALL:!EXP"
equates to with the OpenSSL command (note the single quote so the shell does not get a hold of the bang):
$ openssl ciphers 'ALL:!EXP' ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384: ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA: SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384...
You can count the number of cipher suites with:
$ openssl ciphers 'ALL:!EXP' | tr ':' ' ' | wc -w 124
That tells you your ClientHello
will use at least 248 bytes due to the 124 cipher suites. Ideally, you should advertise the 16 or so suites you really want.
You usually configure your cipher suites using "HIGH"
only. It excludes "MEDIUM"
, "LOW"
and "EXP"
. Here's how my call sometimes look:
int rc = SSL_CTX_set_cipher_list(ctx, "HIGH:!ADH:!MD5:!RC4:!SRP:!PSK:!DSS"); assert(0 != rc);
Be sure to exclude the anonymous gear (!ADH
) because its included by default. !MD5
and !RC4
are used because they are weak/wounded. !SRP
, !PSK
, and !DSS
are used to trim the list of ciphers further because they are not usually used.
You can also do the same with a SSL*
and SSL_set_cipher_list
.
If you call SSL_CTX_set_cipher_list
and SSL_set_cipher_list
on a server, the the cipher suite list will be trimmed further depending on the type of key in the certificate.
In the previous block, I said ... how my call sometimes look. Usually, I like to specify the 16 or so I want to use with:
string GetCipherSuites() { static string ciphers = "" #if defined(ALLOW_ECDSA) "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-ECDSA-AES128-GCM-SHA256:" #endif "ECDHE-RSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" #if defined(ALLOW_DSA) "DHE-DSS-AES256-GCM-SHA384:" #endif "DHE-RSA-AES256-GCM-SHA384:" #if defined(ALLOW_DSA) "DHE-DSS-AES128-GCM-SHA256:" #endif "DHE-RSA-AES128-GCM-SHA256:" #if defined(ALLOW_DSA) "DHE-DSS-AES256-SHA:" #endif "DHE-RSA-AES256-SHA:" #if defined(ALLOW_DSA) "DHE-DSS-AES128-SHA:" #endif "DHE-RSA-AES128-SHA:" #if defined(ALLOW_DSA) "EDH-DSS-DES-CBC3-SHA:" #endif "EDH-RSA-DES-CBC3-SHA:" #if defined(ALLOW_DSA) "DH-DSS-DES-CBC3-SHA:" #endif "DH-RSA-DES-CBC3-SHA:"; return ciphers; }