Re: [openssl-users] How to disable all EXPORT Ciphers?

Tue, 10 Mar 2015 01:48:00 -0700 

Hi Viktor,

please help me to understand your sentence:

        "Note that doing so does not address the FREAK CVE in SSL clients.  
Even with EXPORT ciphers disabled they are still vulnerable, unless patched!"

I understand that the downgrading of the ciphersuites is a bug in the library 
that should be patched. Doing this can however be dificult when talking about 
mobile apps that use OS Libraries. 
>From my understanding the bug only works within the limit of chipersuites 
>permitted by both the client and the server.

Therefore my asumption is if the server side does only offer strong ciphers I 
do not have to worry too much about the ability to exploit the FREAK 
vulnerability e.g. in android clients.
I am very aware that on older Androids there are other things to worry about 
like missing TLS 1.2 support,... but with regards to freak SSL a quick fix to 
secure the communication between a mobile app and the server side webservice 
should be disabeling weak ciphers on the server.

Is this assumption wrong ?

Thanks for your help

Chris


-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von 
Viktor Dukhovni
Gesendet: Montag, 9. März 2015 17:47
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] How to disable all EXPORT Ciphers?

On Mon, Mar 09, 2015 at 02:23:53PM +0530, Deepak wrote:

> How to I disable all EXPORT Ciphers from OpenSSL?
> 
> Will the use of string "kEDH:ALL:!ADH:!DES:!LOW:!EXPORT:+SSLv2:@STRENGTH"
> with SSL_CTX_set_cipher_list() be good enough to disable EXPORT40, 56 and 
> 1024?

Note that doing so does not address the FREAK CVE in SSL clients.  Even with 
EXPORT ciphers disabled they are still vulnerable, unless patched!

As for your proposed cipherlist it is too exotic.

    * ALL:!ADH is simply DEFAULT.  DEFAULT already prefers PFS (including
      ECDHE) and is sorted by strength.

    * DES is a subset of LOW 

    * I would also disable SSLv2, which is a subset of MD5, so I generally
      disable that instead which also drops the SSLv3's RC4-MD5 leaving RC4-SHA
      for interop.  Note for many applications RC4 is no longer supposed to be
      used, consider whether disabling RC4 is appropriate for you.

Therefore, I'd suggest:

        DEFAULT:!EXPORT:!LOW:!MD5

Which keeps things simple by starting with DEFAULT and removing what you want 
to disable.

-- 
        Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to