Enable ECDH cipher support #987

Merged
merged 1 commit into from Jul 27, 2013

Conversation

Projects
None yet
2 participants
Contributor

alanswanson commented Jul 25, 2013

Fixes issue #984 by enabling OpenSSL to advertise ECDH and ECDSA support in Cherokee. Tested with various clients and Qualys SSL Labs server test.

Similar to the recent Dovecot ECDH patch, I chose default key parameter as NIST P-384 rather than NIST P-256 (default for Apache) to ensure RFC 6460 compliance for AES-256 encryption. Also considered adding a configuration option to select curve but since OpenSSL 1.0.2 automatically selects temporary key parameter, not really needed in short term.

Alan Swanson Enable ECDH cipher support
With OpenSSL 1.0.0, default key parameter is NIST P-384 rather than NIST P-256
(default for Apache) to ensure RFC 6460 compliance for AES-256 encryption.
With OpenSSL 1.0.2, the key parameter is automatically chosen.
a88c564
Member

skinkie commented Jul 25, 2013

Hi, thanks for this fantastic contribution. I do have a question regarding this NIST stuff. Are they in any way related to the cryptor_libssl_dh_* stuff?

skinkie was assigned Jul 25, 2013

Contributor

alanswanson commented Jul 25, 2013

Yes but as generating Eccliptic Curve Diffie-Hellman parameters is quick it can be done at startup whereas generating normal Diffie-Hellman parameters is very, very slow you use the pre-made files.

Member

skinkie commented Jul 25, 2013

Thanks for your answer. I'll shortly merge your code, need to close another bug first.

Member

skinkie commented Jul 25, 2013

As of the suggestion in the original ticket, I have enabled "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA256:RC4-SHA:AES256-SHA:AES128-SHA". What should I expect to see in Chrome if your patch is working?

Never mind got to work.

Member

skinkie commented Jul 25, 2013

So to enable this code use:

Ciphers: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA256:RC4-SHA:AES256-SHA:AES128-SHA
Server Preference: yes

Which results on the client (Chrome) in:
RC4_128
ECDHE_RSA

Can you confirm this is what is expected? So I can update the documentation accordingly.

Contributor

alanswanson commented Jul 26, 2013

You don't have to specify ECDH ciphers in Cherokee to enable them after this patch is applied, except for preference order. Note the option SSL_OP_SINGLE_ECDH_USE enables ECDHE over ECDH similar to the existing option SSL_OP_SINGLE_DH_USE enabling DHE over DH.

For clients, you also shouldn't need to specify ECDH ciphers as Chrome and Firefox for example both have ECDHE-RSA-AES256-SHA as one of the more preferred ciphers. Firefox unfortunately only shows the encryption method and not key exchange but your Chrome results looks correct though I'd have thought RC4 should be less preferred?

And still to come, support for using ECDSA certificates simultaneously with RSA certificates in Cherokee.

@skinkie skinkie added a commit that referenced this pull request Jul 27, 2013

@skinkie skinkie Merge pull request #987 from alanswanson/master
Enable ECDH cipher support. Thanks @alanswanson for this patch and fixing #984 !!
760fe7c

@skinkie skinkie merged commit 760fe7c into cherokee:master Jul 27, 2013

Member

skinkie commented Jul 27, 2013

Could you see if you can follow up on the ticket?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment