openssl: use OpenSSL's default ciphers by default #1846
Conversation
|
+1 for this approach. |
lib/vtls/openssl.c
Outdated
| @@ -154,8 +154,16 @@ static unsigned long OpenSSL_version_num(void) | |||
| #define OSSL_PACKAGE "OpenSSL" | |||
| #endif | |||
|
|
|||
| #if (OPENSSL_VERSION_NUMBER >= 0x10002000L) | |||
There was a problem hiding this comment.
I wouldn't change it for at least for OpenSSL 1.0.2, which includes RC4 MD5 support and maybe other things depending on how it was built. By default our current cipher settings disable RC4, but this would change that so -1 for that specific thing.
The commit referred to in that thread you quoted probably concerns just 1.1, and it does say RC4 is not part of the default cipher list when built in. So my suggestion is do it for OpenSSL 1.1 and above. The only other thing is @STRENGTH, I really don't know how important that is for 1.1.
There was a problem hiding this comment.
Oh right, the @STRENGTH. I added that back in commit 0d1060f as a sort of work-around for HTTP/2 since back then OpenSSL would otherwise happily negotiate using ciphers that are deemed "illegal" for HTTP/2 ...
There was a problem hiding this comment.
Using OPENSSL_VERSION_NUMBER >= 0x10100000L should be of course OK. However I do not see how using @strength would help to eliminate "illegal" ciphers. This just sorts the ciphersuite list so all AES256 ciphers (including the CBC ones) would come before the AES128 ciphers. I do not think this is right for most use cases. Also the black list of the ciphers should apply mostly to the HTTP/2 servers - the clients are allowed to include them.
There was a problem hiding this comment.
Still, @STRENGTH did help for HTTP/2 and that's why we have it there. Unfortunately I can't recall the picky servers I tried against back then so I can't really check right now what happens against them if/when we drop it.
There was a problem hiding this comment.
Also you did not make the experiment with OpenSSL 1.1, did you?
There was a problem hiding this comment.
This is the actual difference between curl(-) and upstream default(+) https://paste.fedoraproject.org/paste/XPMGLMTvd4d-BI9~CYU1tw
There was a problem hiding this comment.
This is of course with OpenSSL 1.1.0 - to me the upstream default looks like more sane.
lib/vtls/openssl.c
Outdated
| @@ -2116,7 +2124,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) | |||
| ciphers = SSL_CONN_CONFIG(cipher_list); | |||
| if(!ciphers) | |||
| ciphers = (char *)DEFAULT_CIPHER_SELECTION; | |||
| if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) { | |||
| if(ciphers && !SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) { | |||
| failf(data, "failed setting cipher list: %s", ciphers); | |||
| return CURLE_SSL_CIPHER; | |||
| } | |||
There was a problem hiding this comment.
The line below needs to be corrected infof(data, "Cipher selection: %s\n", ciphers); but now ciphers can be NULL . Github won't let me select the line because it's too far out of the common area. There may be a n easy way to get it in OpenSSL but I think it would be ok to just do ciphers ? ciphers : "<default>" or something like that
There was a problem hiding this comment.
The if(ciphers ... condition surely should make sure that ciphers can't be NULL there... ?
There was a problem hiding this comment.
yeah it's confusing, github won't let me select the line, it's the line 2131
There was a problem hiding this comment.
@jay Thanks for review! The infof() should be fixed now, will ask OpenSSL experts about a suitable version of OpenSSL for the condition.
Btw. you can refer to any location in any revision by the Github URL: https://github.com/kdudka/curl/blob/0b613865/lib/vtls/openssl.c#L2131
kdudka
force-pushed
the
openssl-default-ciphers
branch
from
0b61386
to
5bcb700
Compare
Up2date versions of OpenSSL maintain the default reasonably secure without breaking compatibility, so it is better not to override the default by curl. Suggested at https://bugzilla.redhat.com/1483972 Closes curl#1846
Up2date versions of OpenSSL maintain the default reasonably secure without breaking compatibility, so it is better not to override the default by curl. Suggested at https://bugzilla.redhat.com/1483972 Closes curl#1846
kdudka
force-pushed
the
openssl-default-ciphers
branch
from
5bcb700
to
85583a3
Compare
Up2date versions of OpenSSL maintain the default reasonably secure
without breaking compatibility, so it is better not to override the
default by curl. Suggested at https://bugzilla.redhat.com/1483972