-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python SSL stack doesn't support DH ciphers #57835
Comments
Python SSL doesn't support DH ciphers in in all version tested. This is a serious security issue because it's not possible to use as a server or client Perfect Forward Secrecy [1] security provided by DHE and ECDH ciphers . In order to enable DH ciphers the SSL implementation the in the file Modules/_ssl.c, it must issue a DH_generate_parameters() if a cipher is DH. For example PHP handling of DH ciphers, look php-5.3.8/ext/openssl/openssl.c : #if !defined(NO_DH)
case OPENSSL_KEYTYPE_DH:
{
DH *dhpar = DH_generate_parameters(req->priv_key_bits, 2, NULL, NULL);
int codes = 0;
if (dhpar) {
DH_set_method(dhpar, DH_get_default_method());
if (DH_check(dhpar, &codes) && codes == 0 && DH_generate_key(dhpar)) {
if (EVP_PKEY_assign_DH(req->priv_key, dhpar)) {
return_val = req->priv_key;
}
} else {
DH_free(dhpar);
}
}
}
break;
#endif
default: An important security fix, to support and enable by default DH ciphers has to be done. |
Other example for DH and ECC from: #ifndef OPENSSL_NO_DH
static int init_dh(SSL_CTX *ctx, const char *cert) {
DH *dh;
BIO *bio;
bio = BIO_new_file(cert, "r");
if (!bio) {
ERR_print_errors_fp(stderr);
return -1;
}
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (!dh) {
ERR("{core} Note: no DH parameters found in %s\n", cert);
return -1;
}
#ifdef NID_X9_62_prime256v1
EC_KEY *ecdh = NULL;
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
EC_KEY_free(ecdh);
LOG("{core} ECDH Initialized with NIST P-256\n");
#endif
return 0;
}
#endif /* OPENSSL_NO_DH */ |
The ssl module doesn't directly handle keys, it just gives a PEM file to OpenSSL's ssl functions. So I don't understand what should be done precisely here, or even if something has to be done at all. |
Please look at how PHP implement the feature. Stud instead, ask the user to generate "offline" the DH parameters and save it into the PEM file. I think that the PHP approach it's better than the STUD one: This is the way to have supported ciphers such as DHE-RSA-AES256-SHA ( |
Well the OpenSSL docs say “DH_generate_parameters() may run for several hours before finding a suitable prime”, which sounds like a good reason not to do it every time your program is run. Anyway, SSL_CTX_set_tmp_dh() should allow us to set DH parameters on a SSL context, PEM_read_DHparams() to read them from a PEM file, and OpenSSL's source tree has a couple of PEM files with "strong" DH parameters for various key sizes. |
Wow, i saw your patch for ECC SSL ciphers on http://bugs.python.org/issue13627 . Do you think we can use the same method/concept as ssl.OP_SINGLE_ECDH_USE but ssl.OP_SINGLE_DH_USE for DH? |
Of course. |
In the meantime i added two other tickets on security and performance improvements of Python SSL support, to make it really complete and comparable to Apache/Dovecot/PHP in terms of configuration and capability: Python SSL stack doesn't support ordering of Ciphers Python SSL stack doesn't support Compression configuration |
Here is a patch adding the load_dh_params method on SSL contexts, and the OP_SINGLE_DH_USE option flag. |
Per the Red Hat problems in bpo-13627 I just tried this patch on Fedora 16. Everything built just fine. However, the patch doesn't apply cleanly to tip an longer: [meadori@motherbrain cpython]$ patch -p1 < ../patches/dh.patch After fixing the unit test hunk everything builds and the SSL unit tests pass. |
New changeset 33dea851f918 by Antoine Pitrou in branch 'default': |
Thank you Meador. I've committed an updated patch. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: