OpenSSL

ahasenack · March 15, 2023, 5:25pm

Note:
This documentation has moved to a new home! Please update your bookmarks to the new URL for the up-to-date version of this page.

sdeziel1 · March 15, 2023, 7:08pm

Nice doc! There is one part I wasn’t able to reproduce it’s where you try to disable AES128 then AES256. It works for me in the sense that wget can no longer connect once’s you’ve essentially reduced the TLS 1.2 permitted suite to none. In that case, even forcing s_client's cipher doesn’t help.

Just a (long shot) hypothesys but maybe you were altering the CipherSuites instead of CipherString?

ahasenack · March 15, 2023, 7:32pm

I will have to check. What I found out is that consumers of the library (wget, curl, etc) sometimes override defaults without telling the user. See this post of mine for example: https://curl.se/mail/archive-2023-01/0000.html

ahasenack · March 15, 2023, 7:42pm

Were you using two hosts for your test, or localhost? Note it’s best to use two hosts, because the library config change will affect both the server and the client if they are in the same host.

sdeziel1 · March 15, 2023, 7:47pm

Both where on the same machine, I’ll try from a different one now.

sdeziel1 · March 15, 2023, 7:49pm

This effectively results in none ciphers

# tail -n 4 /etc/ssl/openssl.cnf 
[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=2:!AES128:!AES256:!CHACHA20
CipherSuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
MinProtocol = TLSv1.2

Removing one of the ! from the CipherString re-introduces the cipher just fine.

ahasenack · March 16, 2023, 12:04am

Sorry, I’m still unclear on what you are doing.

The config file samples are meant only for the client. The server side we are controlling purely with the s_server command line parameter.

Also, this config you pasted in your comment:

# tail -n 4 /etc/ssl/openssl.cnf 
[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=2:!AES128:!AES256:!CHACHA20
CipherSuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
MinProtocol = TLSv1.2

I’m not seeing it in the document, so I assume it’s something you created yourself (which is fine: that’s the purpose of the document, show how this config works).

That config still allows for AES256 (and CHACHA20) in a TLSv1.3 connection. If your sample server is only providing TLSv1.2, then indeed not much is left. Was that the case?

sdeziel1 · March 16, 2023, 1:34pm

Well, you’ve clearly spot where I got confused. I wrongly assumed you were tweaking the server’s openssl.cnf, my bad!

And yes, that tail openssl.cnf snippet was my failed attempt at reproducing your issue of a wget being able to use AES128-GCM despite this being denied by the config.

Now that you’ve cleared my confusion, I’ll revisit this, sorry for the burden

ahasenack · March 16, 2023, 1:46pm

I was trying to keep things as simple as possible, so the server side I was tweaking with command-line parameters, to know exactly what was being offered, and the client was being tweaked with the config file.