]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1826c42)
OpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM
authorpeter.mueller@ipfire.org <peter.mueller@ipfire.org>
Mon, 4 Nov 2019 18:24:00 +0000 (18:24 +0000)
committerArne Fitzenreiter <arne_f@ipfire.org>
Wed, 13 Nov 2019 19:01:19 +0000 (19:01 +0000)
As hardware acceleration for AES is emerging (Fireinfo indicates
30.98% of reporting installations support this, compared to
28.22% in summer), there is no more reason to manually prefer
Chacha20/Poly1305 over it.

Further, overall performance is expected to increase as server
CPUs usually come with AES-NI today, where Chacha/Poly would
be an unnecessary bottleneck. Small systems without AES-NI,
however, compute Chacha/Poly measurable, but not significantly faster,
so there only was a small advantage of this.

This patch changes the OpenSSL default ciphersuite to:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
lfs/openssl patch | blob | blame | history
src/patches/openssl-1.1.1c-default-cipherlist.patch [deleted file] patch | blob | blame | history
src/patches/openssl-1.1.1d-default-cipherlist.patch [new file with mode: 0644] patch | blob

diff --git a/lfs/openssl b/lfs/openssl
index f5aa7c3f9474418f9900822c45b30c4926ff170d..8d978f1710fd2f2098538f7953be86f7b35142f7 100644 (file)
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -117,7 +117,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1c-default-cipherlist.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1d-default-cipherlist.patch
 
        # Apply our CFLAGS
        cd $(DIR_APP) && sed -i Configure \
diff --git a/src/patches/openssl-1.1.1c-default-cipherlist.patch b/src/patches/openssl-1.1.1c-default-cipherlist.patch
deleted file mode 100644 (file)
index 72f6ce3..0000000
--- a/src/patches/openssl-1.1.1c-default-cipherlist.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -Naur openssl-1.1.1c.orig/include/openssl/ssl.h openssl-1.1.1c/include/openssl/ssl.h
---- openssl-1.1.1c.orig/include/openssl/ssl.h  2019-06-10 20:41:21.209140012 +0200
-+++ openssl-1.1.1c/include/openssl/ssl.h       2019-06-10 20:42:26.733973129 +0200
-@@ -170,11 +170,11 @@
-  * an application-defined cipher list string starts with 'DEFAULT'.
-  * This applies to ciphersuites for TLSv1.2 and below.
-  */
--# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_CIPHER_LIST "CHACHA20:HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
- /* This is the default set of TLSv1.3 ciphersuites */
- # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
--#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
--                                   "TLS_CHACHA20_POLY1305_SHA256:" \
-+#  define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
-+                                   "TLS_AES_256_GCM_SHA384:" \
-                                    "TLS_AES_128_GCM_SHA256"
- # else
- #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
diff --git a/src/patches/openssl-1.1.1d-default-cipherlist.patch b/src/patches/openssl-1.1.1d-default-cipherlist.patch
new file mode 100644 (file)
index 0000000..5ad7829
--- /dev/null
+++ b/src/patches/openssl-1.1.1d-default-cipherlist.patch
@@ -0,0 +1,11 @@
+--- openssl-1.1.1d.orig/include/openssl/ssl.h  2019-11-04 19:13:08.801905796 +0100
++++ openssl-1.1.1d/include/openssl/ssl.h       2019-11-04 19:14:05.229896747 +0100
+@@ -170,7 +170,7 @@
+  * an application-defined cipher list string starts with 'DEFAULT'.
+  * This applies to ciphersuites for TLSv1.2 and below.
+  */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
++# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
Peter's tree of IPFire 2.x