Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL ciphers with Mozilla's "Modern" set are... limited #2194

Open
jordansissel opened this issue Nov 13, 2014 · 6 comments
Open

OpenSSL ciphers with Mozilla's "Modern" set are... limited #2194

jordansissel opened this issue Nov 13, 2014 · 6 comments
Labels
openssl

Comments

@jordansissel
Copy link
Contributor

Backround: I am trying to ship a library that supports TLS, but I want to ship with strong default security settings. I am also not a TLS expert.

Mozilla maintains a recommendation set for various security levels. Their "modern" one is documented here: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

If I use this cipher suite in JRuby, it basically whittles down the acceptable ciphers to just two. Two is... small. So small, that when I try connecting to https://google.com/ the ssl handshake fails because (I think) this cipher suite selection isn't supported by Google's servers.

If I compare MRI 2.1.4 on OSX 10.9 with Jruby 1.7.16.1 on OpenJDK 1.7.0_45, MRI has many ciphers, JRuby has 2 left.

% rvm ruby,jruby do ruby -rap -ropenssl -e 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"; ap "#{RUBY_ENGINE}-#{RUBY_VERSION}" => c.ciphers.collect { |x| x.first }.sort'
{
  "ruby-2.1.4" => [
    [ 0] "DHE-DSS-AES128-GCM-SHA256",
    [ 1] "DHE-DSS-AES128-SHA256",
    [ 2] "DHE-DSS-AES256-GCM-SHA384",
    [ 3] "DHE-DSS-AES256-SHA",
    [ 4] "DHE-RSA-AES128-GCM-SHA256",
    [ 5] "DHE-RSA-AES128-SHA",
    [ 6] "DHE-RSA-AES128-SHA256",
    [ 7] "DHE-RSA-AES256-GCM-SHA384",
    [ 8] "DHE-RSA-AES256-SHA",
    [ 9] "DHE-RSA-AES256-SHA256",
    [10] "ECDHE-ECDSA-AES128-GCM-SHA256",
    [11] "ECDHE-ECDSA-AES128-SHA",
    [12] "ECDHE-ECDSA-AES128-SHA256",
    [13] "ECDHE-ECDSA-AES256-GCM-SHA384",
    [14] "ECDHE-ECDSA-AES256-SHA",
    [15] "ECDHE-ECDSA-AES256-SHA384",
    [16] "ECDHE-RSA-AES128-GCM-SHA256",
    [17] "ECDHE-RSA-AES128-SHA",
    [18] "ECDHE-RSA-AES128-SHA256",
    [19] "ECDHE-RSA-AES256-GCM-SHA384",
    [20] "ECDHE-RSA-AES256-SHA",
    [21] "ECDHE-RSA-AES256-SHA384"
  ]
}
{
  "jruby-1.9.3" => [
    [0] "DHE-DSS-AES128-SHA",
    [1] "DHE-RSA-AES128-SHA"
  ]
}

I'm not certain what the right solution is here, or how to resolve this effectively, but it seems weird :)
@jordansissel
Copy link
Contributor Author

Testing all ciphers defaulting under TLSv1 while trying to find any cipher that works in JRuby/BouncyCastle against google (and other) web servers.

% rvm jruby do ruby -ropenssl -e 'c = OpenSSL::SSL::SSLContext.new; c.ssl_version = :TLSv1; c.ciphers.each { |cipher, *_| puts cipher }' | xargs -n1 sh -c 'openssl s_client -cipher $1 -connect www.google.com:443 < /dev/null 2>&1 | grep -q "handshake failure"; echo "$? $1"' -
1 DES-CBC3-SHA
0 EDH-RSA-DES-CBC3-SHA
0 EDH-DSS-DES-CBC3-SHA
1 AES128-SHA
0 DHE-RSA-AES128-SHA
0 DHE-DSS-AES128-SHA
1 RC4-SHA
1 RC4-MD5
0 DES-CBC-SHA
0 EDH-RSA-DES-CBC-SHA
0 EXP-DES-CBC-SHA
0 EXP-EDH-RSA-DES-CBC-SHA
0 EXP-EDH-DSS-DES-CBC-SHA
0 EXP-RC4-MD5

@untergeek
Copy link

Is this addressed by #1768 ?

@jordansissel
Copy link
Contributor Author

@untergeek 1.7.17 still shows a small set of ciphers under Mozilla's modern cipher set:

  "jruby-1.9.3" => [
    [0] "DHE-DSS-AES128-SHA",
    [1] "DHE-RSA-AES128-SHA"
  ]

I'll take a peak at this in the next few weeks if I can.

@aetherknight
Copy link

@jordansissel @untergeek #1768 was not fixed in 1.7.17, I believe it was mistakenly closed. Further #1768 is about a bug in jruby-openssl's processing of a cipher spec. I believe you may be interested in: #1774 #1738 and #1737

@jordansissel
Copy link
Contributor Author

@aetherknight indeed! I'm hoping to spend some quality time fixing this soon. Depends on how other logstash work goes, but we can invest energy to make this better :)

@rtyler rtyler added the openssl label Jan 15, 2015
@kares kares mentioned this issue Apr 15, 2015
Closed
@kares
Copy link
Member

kares commented Apr 15, 2015

there's some progress but there seems to be more work needed to again re-view/port the cipherlist matching from OpenSSL code ... lot of "boring" yet timely work ahead, it seems

@kares kares mentioned this issue Jun 23, 2015
Open
@delwaterman delwaterman mentioned this issue May 10, 2016
Open
@bbozo bbozo mentioned this issue Jun 27, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
openssl
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rtyler @kares @aetherknight @jordansissel @untergeek