Comments (10)
Unless you use SSL_OP_CIPHER_SERVER_PREFERENCE, the first matching cipher based on the client's preference should be used - are you suggesting this is not the case?
That said, it is currently true that a LibreSSL client will prefer ChaCha20-Poly1305 to any other cipher suite.
from portable.
When not explicitly using SSL_OP_CIPHER_SERVER_PREFERENCE
, the client decides which of server's supported cipher suites he wants to use. Generally speaking, it's a very bad idea to leave that task to the client.
We assume that the server administrator will be much faster to react when it comes to new flaws in cipher suites. That's why the first thing you want/have to do if you set up a secure web server is to enable SSL_OP_CIPHER_SERVER_PREFERENCE
.
Also see Mitigating the BEAST attack on TLS: http://www.net-security.org/article.php?id=1638
I really like BoringSSL's approach to equally group ciphers.
A server should be able to let a client decide which cipher suite to use iff the server lists multiple ciphers as equally secure.
Are there plans to support group-like cipherlists in the near future?
from portable.
CloudFlares approach is a hack, I like the BoringSSL equal-preference groups approach. I'm crossing fingers that LibreSSL picks this up too, if so then I can stop using BoringSSL :)
It's described in more detail here: include/openssl/ssl.h#638
Rationale and blog posts:
https://www.imperialviolet.org/2014/02/27/tlssymmetriccrypto.html
https://www.zeitgeist.se/2014/08/23/optimize-aes-and-chacha20-usage-with-boringssl/
from portable.
Since r1.81 of ssl_ciph.c, AES has been preferred over Chacha20+Poly1305, if the host has hardware support for AES. That said, we're still looking at supporting equal preference groups.
from portable.
👍 Also see this commit: libressl/openbsd@1958d57
Anyway, imo this is just a hack until we get support for equal-preference ciphersuite groups.
I've just recompiled nginx + libressl (r 1.83 of ssl_ciph.c), but my AES-NI capable server still uses CHACHA20_POLY1305.. What am I doing wrong?
EDIT:
Turns out this change only prefers AES suites in the output of openssl ciphers
.
nginx' ssl_ciphers
directive overwrites this preference, of course. Stupid me.
from portable.
We assume that the server administrator will be much faster to react when it comes to new flaws in cipher suites. That's why the first thing you want/have to do if you set up a secure web server is to enable SSL_OP_CIPHER_SERVER_PREFERENCE.
History disproves the hypothesis; See below.
Also see Mitigating the BEAST attack on TLS: http://www.net-security.org/article.php?id=1638
Then many lazy server administrators left their servers RC4-preferred or even RC4-only even after 1/n-1 record splitting mitigated the BEAST and many attacks to RC4 are reported.
from portable.
Do we have any update or ETA on this feature ?
from portable.
I'd love to know the status of this as well.
from portable.
btw: nginx now supports setting arbitrary SSL_CONF_cmd
options, e.g. PrioritizeChaCha
. See nginx/nginx@ac9c162
from portable.
btw: nginx now supports setting arbitrary
SSL_CONF_cmd
options, e.g.PrioritizeChaCha
. See nginx/nginx@ac9c162
Great! Should be released on 27/10/2020 with nginx 1.19.4 release: https://trac.nginx.org/nginx/milestone/nginx-1.19.4.
from portable.
Related Issues (20)
- TS_VERIFY_CTX_init is required by yara >= 4.3.0 HOT 5
- can we consider adding SSL_set_quic_early_data_enabled ? HOT 2
- libressl-3.8.3.tar.gz.asc key is expired? HOT 5
- re-enable chocolatey package HOT 5
- 3.8.3, 3.9.0 mingw-w64 x86_64 clang ASM CET builds crash on startup HOT 13
- Building 3.9.0 on windows, with cmake+visual studio HOT 1
- libressl fails to build after 2024-04-01 HOT 3
- libressl 3.8.3 build fail with error: invalid instruction mnemonic 'endbr64' HOT 3
- LibreSSL 3.8.3 fails to build with `syntax error: _CET_ENDBR` (Windows, MSVC, x64) HOT 7
- Windows MinGW build failing with Bad file number HOT 8
- libressl-3.9.0: build fails for ios HOT 13
- Building on MINGW64_NT-10.0-19045 fails with "../../libtool: line 1900: /mingw64/bin/gcc: Argument list too long" in libressl/apps/ocspcheck HOT 1
- Build fail : missing RC4 git HEAD HOT 2
- SIGSEGV in `bn_bitsize` triggerable via remote (s_client) HOT 1
- Use of SHA ISA Extensions
- CI on Solaris started failing whirlpool_test HOT 3
- Expected steps for Visual Studio native build on x64 Windows 10 HOT 4
- BN_mod_exp_mont_word() is not a public symbol HOT 3
- Why was X509V3_EXT_cleanup() removed? HOT 4
- Crosscompile linux to windows: linking fails, undefined reference SSL_library_init 3.9.2 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from portable.