Skip to content

Commit

Permalink
SSL: add MumbleSSL::defaultOpenSSLCipherString().
Browse files Browse the repository at this point in the history 
This commit adds a new method to MumbleSSL that returns Mumble's
preferred cipher suites represented in the OpenSSL cipher list format.

This commit does not hook up the function to anything. It merely
implements it.

Previously, Mumble relied on OpenSSL's default cipher suites. However,
that decision has increasingly turned out to be unwise. Often, new TLS
vulnerabilities require server admins and users to be able to change the
cipher suites advertised by their software to help mitigate the damage.
This was not previously possible in Mumble.

The other thing that prompted this change is the Logjam TLS vulnerablity
(https://weakdh.org/, CVE-2015-4000). Mumble is not vulnerable to Logjam,
because Mumble has never allowed export grade DH groups. However, one of
the other key takeaways from the Logjam paper, "Imperfect Forward Secrecy:
How Diffie-Hellman Fails in Practice", is that the Internet community
should move towards DH groups bigger than 1024 bits, and preferably use
unique groups on a per-server basis. Unfortunately, neither of these two
solutions are possible with API that Qt provides for TLS.

To remedy this, we instead drop support for non-Elliptic Curve DH
in the default cipher configuration. We don't have any legacy clients
to support that can only use DH, so this is fine.

The OpenSSL cipher list in MumbleSSL::defaultOpenSSLCipherString()
evaluates to the following set of cipher suites, in order of preference:

  ECDHE-RSA-AES256-GCM-SHA384    (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
  ECDHE-ECDSA-AES256-GCM-SHA384  (TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
  ECDHE-RSA-AES128-GCM-SHA256    (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
  ECDHE-ECDSA-AES128-GCM-SHA256  (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
  AES256-SHA                     (TLS_RSA_WITH_AES_256_CBC_SHA)
  AES128-SHA                     (TLS_RSA_WITH_AES_128_CBC_SHA)

The CBC-mode cipher suites are included for backwards compatibility with
older 1.2.x Mumble clients and other implementations that only use
TLSv1.0.
  • Loading branch information
@mkrautz
mkrautz committed May 22, 2015
1 parent 1dc6ecc commit 49f57d3
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/SSL.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@

#include "Version.h"

QString MumbleSSL::defaultOpenSSLCipherString() {
return QLatin1String("EECDH+AESGCM:AES256-SHA:AES128-SHA");
}

QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) {
QList<QSslCipher> chosenCiphers;

Expand Down
1 change: 1 addition & 0 deletions src/SSL.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@

class MumbleSSL {
public:
static QString MumbleSSL::defaultOpenSSLCipherString();
static QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString);
static void addSystemCA();
};
Expand Down

0 comments on commit 49f57d3

Please sign in to comment.