From abd5d8fbef7085499ba7785622da4e8288068f46 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 19 Feb 2016 13:05:11 -0500 Subject: [PATCH] Disable EXPORT and LOW SSLv3+ ciphers by default MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper --- CHANGES | 5 ++++ Configure | 5 ++++ NEWS | 1 + doc/apps/ciphers.pod | 30 ++++++++++++++++-------- ssl/s3_lib.c | 54 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 86 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index f209b3e0d3..213b017b5e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.1r and 1.0.1s [xx XXX xxxx] + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + [Viktor Dukhovni] + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, diff --git a/Configure b/Configure index ea74c91537..93c4cc15fb 100755 --- a/Configure +++ b/Configure @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -729,6 +733,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "ssl2" => "default", "store" => "experimental", "unit-test" => "default", + "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); diff --git a/NEWS b/NEWS index ce256aeb6a..da17c1e39e 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [under development] + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. o Disable SSLv2 default build, default negotiation and weak ciphers. Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 7b01c3b09b..888b8ed943 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -136,34 +136,46 @@ than 128 bits, and some cipher suites with 128-bit keys. =item B -"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms -but excluding export cipher suites. +Low strength encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B, B -export encryption algorithms. Including 40 and 56 bits algorithms. +Export strength encryption algorithms. Including 40 and 56 bits algorithms. +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B -40 bit export encryption algorithms +40-bit export encryption algorithms +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B -56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of +56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of 56 bit export ciphers is empty unless OpenSSL has been explicitly configured with support for experimental ciphers. +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B, B -the "NULL" ciphers that is those offering no encryption. Because these offer no -encryption at all and are a security risk they are disabled unless explicitly -included. +The "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +B or B cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +B or B as these do overlap with the B ciphers. +When in doubt, include B in your cipherlist. =item B -the cipher suites offering no authentication. This is currently the anonymous +The cipher suites offering no authentication. This is currently the anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable to a "man in the middle" attack and so their use is normally discouraged. +These are excluded from the B ciphers, but included in the B +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +B or B as these do overlap with the B ciphers. +When in doubt, include B in your cipherlist. =item B, B diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 167e3cc9e4..a48f2b652a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -203,6 +203,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 03 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC4_40_MD5, @@ -217,6 +218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 04 */ { @@ -251,6 +253,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 06 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC2_40_MD5, @@ -265,6 +268,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA @@ -285,6 +289,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #endif /* Cipher 08 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_40_CBC_SHA, @@ -299,8 +304,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 09 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_64_CBC_SHA, @@ -315,6 +322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 0A */ { @@ -334,6 +342,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The DH ciphers */ /* Cipher 0B */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, @@ -348,8 +357,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 0C */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_DSS_DES_64_CBC_SHA, @@ -364,6 +375,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 0D */ { @@ -382,6 +394,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 0E */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_40_CBC_SHA, @@ -396,8 +409,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 0F */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_64_CBC_SHA, @@ -412,6 +427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 10 */ { @@ -431,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The Ephemeral DH ciphers */ /* Cipher 11 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, @@ -445,8 +462,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 12 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, @@ -461,6 +480,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 13 */ { @@ -479,6 +499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 14 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, @@ -493,8 +514,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 15 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, @@ -509,6 +532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 16 */ { @@ -527,6 +551,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 17 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_RC4_40_MD5, @@ -541,6 +566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 18 */ { @@ -559,6 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 19 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_DES_40_CBC_SHA, @@ -573,8 +600,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 1A */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_DES_64_CBC_SHA, @@ -589,6 +618,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 1B */ { @@ -660,6 +690,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #ifndef OPENSSL_NO_KRB5 /* The Kerberos ciphers*/ /* Cipher 1E */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_64_CBC_SHA, @@ -674,6 +705,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 1F */ { @@ -724,6 +756,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 22 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, @@ -738,6 +771,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 23 */ { @@ -788,6 +822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 26 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_40_CBC_SHA, @@ -802,8 +837,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +# endif /* Cipher 27 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC2_40_CBC_SHA, @@ -818,8 +855,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif /* Cipher 28 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC4_40_SHA, @@ -834,8 +873,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif /* Cipher 29 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_40_CBC_MD5, @@ -850,8 +891,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +# endif /* Cipher 2A */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC2_40_CBC_MD5, @@ -866,8 +909,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif /* Cipher 2B */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC4_40_MD5, @@ -882,6 +927,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif #endif /* OPENSSL_NO_KRB5 */ /* New AES ciphersuites */ @@ -1305,6 +1351,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { # endif /* Cipher 62 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, @@ -1319,8 +1366,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 63 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, @@ -1335,8 +1384,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 64 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, @@ -1351,8 +1402,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 128, }, +# endif /* Cipher 65 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, @@ -1367,6 +1420,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 128, }, +# endif /* Cipher 66 */ { -- 2.25.1