Further restrict default cipher list

In the past years, the internet has been moving forward wrt deprecating
older and less secure ciphers.  Let's follow this example in OpenVPN and
further restrict the default list of negotiable TLS ciphers.

Compared to earlier, this disables the following:
 * Ciphers in the LOW and MEDIUM security cipher list of OpenSSL
   The LOW suite will be completely removed from OpenSSL in 1.1.0,
   the MEDIUM suite contains ciphers like RC4 and SEED.
 * Ciphers that do not provide forward secrecy (static DH/ECDH keys)
 * DSA private keys (rarely used, and usually restricted to 1024 bits)

v2: added Changes.rst entry.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1460917927-31645-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11457
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/Changes.rst b/Changes.rst
index af70d1419feaeb5016f2313c6971917c101e5009..93e4bd9dabb532a54164c3f939f57a266b4de1ee 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -86,6 +86,13 @@ User-visible Changes
 - Removed --enable-password-save from configure. This option is now
   always enabled.
 
+- Stricter default TLS cipher list (override with ``--tls-cipher``), that now
+  also disables:
+
+  * Non-ephemeral key exchange using static (EC)DH keys
+  * DSS private keys
+
+
 Maintainer-visible changes
 --------------------------
 - OpenVPN no longer supports building with crypto support, but without TLS

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index decffc776854206dff97abb122fda9ff8c8c898e..6f4f21f994f6bab798e89059ba61ef9bc7640dc3 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -4696,7 +4696,9 @@ your VPN connection.  But it is also easy to unwittingly use it to carefully
 align a gun with your foot, or just break your connection.  Use with care!
 
 The default for \-\-tls\-cipher is to use PolarSSL's default cipher list
-when using PolarSSL or "DEFAULT:!EXP:!PSK:!SRP:!kRSA" when using OpenSSL.
+when using PolarSSL or
+"DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA" when using
+OpenSSL.
 .\"*********************************************************
 .TP
 .B \-\-tls\-timeout n

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index e390f4d0e4a04c38237fa50e8d32f034762cfacb..ca9b67ba7f193c5ba69927a427ab5e9e90935e2b 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -272,8 +272,18 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 {
   if (ciphers == NULL)
     {
-      /* Use sane default (disable export, and unsupported cipher modes) */
-      if(!SSL_CTX_set_cipher_list(ctx->ctx, "DEFAULT:!EXP:!PSK:!SRP:!kRSA"))
+      /* Use sane default TLS cipher list */
+      if(!SSL_CTX_set_cipher_list(ctx->ctx,
+         /* Use openssl's default list as a basis */
+         "DEFAULT"
+         /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */
+         ":!EXP:!LOW:!MEDIUM"
+         /* Disable static (EC)DH keys (no forward secrecy) */
+         ":!kDH:!kECDH"
+         /* Disable DSA private keys */
+         ":!DSS"
+         /* Disable unsupported TLS modes */
+         ":!PSK:!SRP:!kRSA"))
        crypto_msg (M_FATAL, "Failed to set default TLS cipher list.");
       return;
     }