Re: Disable SSLv3 and set cipher list for bozohttpd

[Jean-Yves Migeon <jym%NetBSD.org@localhost>]

Le 2015-12-08 21:58, christos%astron.com@localhost a écrit :
> In article <504100d17986e1e22da8954be8153879%vispaul.me@localhost>,
>  <tr%vispaul.me@localhost> wrote:
> > Hi tech-security,
> [snip]
> > +#ifndef BOZO_SSL_CIPHERS
> > +#define BOZO_SSL_CIPHERS
> > "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3
> -SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
> > +#endif
>
> Why not supply the ! list (the ones you want to remove)... It is 
> shorter
> and easier to understand and maintain...

+1. And gives choice for other possible ciphers (like poly1305 and 
chacha20).

I would dump 3DES and CAMELLIA (less review + hardware acceleration 
support) and also dump TLS 1.0 (SSL_OP_NO_TLSv1) due to BEAST.

Le 2015-12-08 23:23, Joerg Sonnenberger a écrit :
> I have some serious concerns about the cipher order. AES-GCM should 
> only
> be used as default choice if there is hardware acceleration for it.
> The resistence against timing attacks is very questionable otherwise.

This argument may apply to CBC with lucky 13, somehow. TBH the proposed 
modification does not make things worse compared to the previous state

Cheers,

--
Jean-Yves Migeon