First off I apologize if this message is delivered twice: The first version I sent doesn't appear to have reached the list.
-----------------------------------------------------------------
Dear list,
this is a follow-up on the interoperability issues between
Windows 2003 servers and OpenSSL versions 1.x [0, 1]. A client
generously gave us access to one of their problematic Win 2003
machines for testing purposes.
The system was patched appropriately and capable of making 3DES
connections. It did, however fail to accept connections without
tweaking due to the multitude of additional cipher suites
available in OpenSSL 1.0.1g.
Unfortunately customizing the TLS policy per host is not an
option for us. The strategy that we came up with is similar to
Victor's recommendation in the referenced posts, except that
rather than excluding certain ciphers we push them to the end of
the list. Thus we keep the same total (111) of cipher suites
advertised to the server as with the default settings
("ALL:+RC4:@STRENGTH"). What we ended up using is
tls_export_cipherlist =
ALL:RC4:+3DES:+DSS:+IDEA:+SEED:+PSK:+DES:+RC2:+aNULL:+ADH
(the export list being the default for outgoing connections). The
goal is to stay as accepting as possible so as to avoid offending
even weirder setups.
Also while there definitely is a maximum index up to which Win
2003 will recognize RC4 in the list of cipher suites, it appears
to be higher than 64: In our tests the server would prefer
RC4-SHA even with the first suite containing RC4 at index 65 and
RC4-SHA at 69; ("ALL:RC4:+SEED:+PSK:+DES:+RC2:+aNULL"). We did
not track down the exact limit.
We would welcome suggestions for better workarounds.
Unfortunately we don't have access to the machine in question any
longer so we won't be able to run further tests against a live
system.
Best regards,
Philipp
[0] http://thread.gmane.org/gmane.mail.postfix.user/239780/focus=239800
[1] http://www.ietf.org/mail-archive/web/tls/current/msg10471.html
pgpLrN0jO2EDl.pgp
Description: PGP signature
