From: Steffan Karger Date: Sun, 17 Apr 2016 18:23:32 +0000 (+0200) Subject: Restrict default TLS cipher list X-Git-Tag: v2.3.11~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a399cd30ae19f521794f3dfe7ef194abd440d1b;p=thirdparty%2Fopenvpn.git Restrict default TLS cipher list In the past years, the internet has been moving forward wrt deprecating older and less secure ciphers. Let's follow this example in OpenVPN and also restrict the default list of negotiable TLS ciphers in 2.3.x. This disables the following: * Export ciphers (these are broken on purpose...) * Ciphers in the LOW and MEDIUM security cipher list of OpenSSL The LOW suite will be completely removed from OpenSSL in 1.1.0, the MEDIUM suite contains ciphers like RC4 and SEED. * Ciphers that are not supported by OpenVPN anyway (cleans up the list) Note that users are able to override this default, using --tls-cipher, if they for some reason need ciphers that are now disabled by default. v2: add Changes.rst entry. Signed-off-by: Steffan Karger Acked-by: Arne Schwabe Message-Id: <1460917412-29741-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11455 Signed-off-by: Gert Doering --- diff --git a/Changes.rst b/Changes.rst index 813d92f5f..40fd9df6a 100644 --- a/Changes.rst +++ b/Changes.rst @@ -100,6 +100,21 @@ Behavioral changes - Do not randomize resolving of IP addresses in getaddr() + +Version 2.3.11 +============== + +Behavioral changes +------------------ + +- Stricter default TLS cipher list (override with ``--tls-cipher``), that now + also disables: + + * Non-ephemeral key exchange using static (EC)DH keys + * DSS private keys + + + Version 2.3.10 ============= diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 148a62a07..1cad9bed4 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4555,8 +4555,9 @@ is an expert feature, which - if used correcly - can improve the security of your VPN connection. But it is also easy to unwittingly use it to carefully align a gun with your foot, or just break your connection. Use with care! -The default for --tls-cipher is to use PolarSSL's default cipher list -when using PolarSSL or "DEFAULT:!EXP:!PSK:!SRP:!kRSA" when using OpenSSL. +The default for \-\-tls\-cipher is to use PolarSSL's default cipher list +when using PolarSSL or "DEFAULT:!EXP:!LOW:!MEDIUM:!PSK:!SRP:!kRSA" when using +OpenSSL. .\"********************************************************* .TP .B \-\-tls\-timeout n diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 067989042..9e31c3c37 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -561,10 +561,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) tls_ctx_check_cert_time(new_ctx); /* Allowable ciphers */ - if (options->cipher_list) - { - tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); - } + tls_ctx_restrict_ciphers(new_ctx, options->cipher_list); #ifdef ENABLE_CRYPTO_POLARSSL /* Personalise the random by mixing in the certificate */ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index e67f60ed3..1dfbb23e2 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -267,6 +267,20 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags) void tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { + if (ciphers == NULL) + { + /* Use sane default TLS cipher list */ + if(!SSL_CTX_set_cipher_list(ctx->ctx, + /* Use openssl's default list as a basis */ + "DEFAULT" + /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */ + ":!EXP:!LOW:!MEDIUM" + /* Disable unsupported TLS modes */ + ":!PSK:!SRP:!kRSA")) + crypto_msg (M_FATAL, "Failed to set default TLS cipher list."); + return; + } + size_t begin_of_cipher, end_of_cipher; const char *current_cipher; @@ -1383,8 +1397,7 @@ show_available_tls_ciphers (const char *cipher_list) if (!ssl) crypto_msg (M_FATAL, "Cannot create SSL object"); - if (cipher_list) - tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); + tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); printf ("Available TLS Ciphers,\n"); printf ("listed in order of preference:\n\n");