Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL ciphers with Mozilla's "Modern" set are... limited #2194

Open
jordansissel opened this issue Nov 13, 2014 · 6 comments
Open

OpenSSL ciphers with Mozilla's "Modern" set are... limited #2194

jordansissel opened this issue Nov 13, 2014 · 6 comments
Labels

Comments

@jordansissel
Copy link
Contributor

@jordansissel jordansissel commented Nov 13, 2014

Backround: I am trying to ship a library that supports TLS, but I want to ship with strong default security settings. I am also not a TLS expert.

Mozilla maintains a recommendation set for various security levels. Their "modern" one is documented here: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

If I use this cipher suite in JRuby, it basically whittles down the acceptable ciphers to just two. Two is... small. So small, that when I try connecting to https://google.com/ the ssl handshake fails because (I think) this cipher suite selection isn't supported by Google's servers.

If I compare MRI 2.1.4 on OSX 10.9 with Jruby 1.7.16.1 on OpenJDK 1.7.0_45, MRI has many ciphers, JRuby has 2 left.

% rvm ruby,jruby do ruby -rap -ropenssl -e 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"; ap "#{RUBY_ENGINE}-#{RUBY_VERSION}" => c.ciphers.collect { |x| x.first }.sort'
{
  "ruby-2.1.4" => [
    [ 0] "DHE-DSS-AES128-GCM-SHA256",
    [ 1] "DHE-DSS-AES128-SHA256",
    [ 2] "DHE-DSS-AES256-GCM-SHA384",
    [ 3] "DHE-DSS-AES256-SHA",
    [ 4] "DHE-RSA-AES128-GCM-SHA256",
    [ 5] "DHE-RSA-AES128-SHA",
    [ 6] "DHE-RSA-AES128-SHA256",
    [ 7] "DHE-RSA-AES256-GCM-SHA384",
    [ 8] "DHE-RSA-AES256-SHA",
    [ 9] "DHE-RSA-AES256-SHA256",
    [10] "ECDHE-ECDSA-AES128-GCM-SHA256",
    [11] "ECDHE-ECDSA-AES128-SHA",
    [12] "ECDHE-ECDSA-AES128-SHA256",
    [13] "ECDHE-ECDSA-AES256-GCM-SHA384",
    [14] "ECDHE-ECDSA-AES256-SHA",
    [15] "ECDHE-ECDSA-AES256-SHA384",
    [16] "ECDHE-RSA-AES128-GCM-SHA256",
    [17] "ECDHE-RSA-AES128-SHA",
    [18] "ECDHE-RSA-AES128-SHA256",
    [19] "ECDHE-RSA-AES256-GCM-SHA384",
    [20] "ECDHE-RSA-AES256-SHA",
    [21] "ECDHE-RSA-AES256-SHA384"
  ]
}
{
  "jruby-1.9.3" => [
    [0] "DHE-DSS-AES128-SHA",
    [1] "DHE-RSA-AES128-SHA"
  ]
}

I'm not certain what the right solution is here, or how to resolve this effectively, but it seems weird :)

@jordansissel
Copy link
Contributor Author

@jordansissel jordansissel commented Nov 13, 2014

Testing all ciphers defaulting under TLSv1 while trying to find any cipher that works in JRuby/BouncyCastle against google (and other) web servers.

% rvm jruby do ruby -ropenssl -e 'c = OpenSSL::SSL::SSLContext.new; c.ssl_version = :TLSv1; c.ciphers.each { |cipher, *_| puts cipher }' | xargs -n1 sh -c 'openssl s_client -cipher $1 -connect www.google.com:443 < /dev/null 2>&1 | grep -q "handshake failure"; echo "$? $1"' -
1 DES-CBC3-SHA
0 EDH-RSA-DES-CBC3-SHA
0 EDH-DSS-DES-CBC3-SHA
1 AES128-SHA
0 DHE-RSA-AES128-SHA
0 DHE-DSS-AES128-SHA
1 RC4-SHA
1 RC4-MD5
0 DES-CBC-SHA
0 EDH-RSA-DES-CBC-SHA
0 EXP-DES-CBC-SHA
0 EXP-EDH-RSA-DES-CBC-SHA
0 EXP-EDH-DSS-DES-CBC-SHA
0 EXP-RC4-MD5

@untergeek
Copy link

@untergeek untergeek commented Dec 9, 2014

Is this addressed by #1768 ?

@jordansissel
Copy link
Contributor Author

@jordansissel jordansissel commented Dec 9, 2014

@untergeek 1.7.17 still shows a small set of ciphers under Mozilla's modern cipher set:

  "jruby-1.9.3" => [
    [0] "DHE-DSS-AES128-SHA",
    [1] "DHE-RSA-AES128-SHA"
  ]

I'll take a peak at this in the next few weeks if I can.

@aetherknight
Copy link

@aetherknight aetherknight commented Dec 11, 2014

@jordansissel @untergeek #1768 was not fixed in 1.7.17, I believe it was mistakenly closed. Further #1768 is about a bug in jruby-openssl's processing of a cipher spec. I believe you may be interested in: #1774 #1738 and #1737

@jordansissel
Copy link
Contributor Author

@jordansissel jordansissel commented Dec 11, 2014

@aetherknight indeed! I'm hoping to spend some quality time fixing this soon. Depends on how other logstash work goes, but we can invest energy to make this better :)

@kares
Copy link
Member

@kares kares commented Apr 15, 2015

there's some progress but there seems to be more work needed to again re-view/port the cipherlist matching from OpenSSL code ... lot of "boring" yet timely work ahead, it seems

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants