From a44eac2bf47416b35609c37b10eb803dd61945ed Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Sun, 17 Apr 2016 20:32:07 +0200 Subject: [PATCH] Further restrict default cipher list In the past years, the internet has been moving forward wrt deprecating older and less secure ciphers. Let's follow this example in OpenVPN and further restrict the default list of negotiable TLS ciphers. Compared to earlier, this disables the following: * Ciphers in the LOW and MEDIUM security cipher list of OpenSSL The LOW suite will be completely removed from OpenSSL in 1.1.0, the MEDIUM suite contains ciphers like RC4 and SEED. * Ciphers that do not provide forward secrecy (static DH/ECDH keys) * DSA private keys (rarely used, and usually restricted to 1024 bits) v2: added Changes.rst entry. Signed-off-by: Steffan Karger Acked-by: Arne Schwabe Message-Id: <1460917927-31645-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11457 Signed-off-by: Gert Doering --- Changes.rst | 7 +++++++ doc/openvpn.8 | 4 +++- src/openvpn/ssl_openssl.c | 14 ++++++++++++-- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index af70d1419..93e4bd9da 100644 --- a/Changes.rst +++ b/Changes.rst @@ -86,6 +86,13 @@ User-visible Changes - Removed --enable-password-save from configure. This option is now always enabled. +- Stricter default TLS cipher list (override with ``--tls-cipher``), that now + also disables: + + * Non-ephemeral key exchange using static (EC)DH keys + * DSS private keys + + Maintainer-visible changes -------------------------- - OpenVPN no longer supports building with crypto support, but without TLS diff --git a/doc/openvpn.8 b/doc/openvpn.8 index decffc776..6f4f21f99 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4696,7 +4696,9 @@ your VPN connection. But it is also easy to unwittingly use it to carefully align a gun with your foot, or just break your connection. Use with care! The default for \-\-tls\-cipher is to use PolarSSL's default cipher list -when using PolarSSL or "DEFAULT:!EXP:!PSK:!SRP:!kRSA" when using OpenSSL. +when using PolarSSL or +"DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:!SRP:!kRSA" when using +OpenSSL. .\"********************************************************* .TP .B \-\-tls\-timeout n diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index e390f4d0e..ca9b67ba7 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -272,8 +272,18 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) { if (ciphers == NULL) { - /* Use sane default (disable export, and unsupported cipher modes) */ - if(!SSL_CTX_set_cipher_list(ctx->ctx, "DEFAULT:!EXP:!PSK:!SRP:!kRSA")) + /* Use sane default TLS cipher list */ + if(!SSL_CTX_set_cipher_list(ctx->ctx, + /* Use openssl's default list as a basis */ + "DEFAULT" + /* Disable export ciphers and openssl's 'low' and 'medium' ciphers */ + ":!EXP:!LOW:!MEDIUM" + /* Disable static (EC)DH keys (no forward secrecy) */ + ":!kDH:!kECDH" + /* Disable DSA private keys */ + ":!DSS" + /* Disable unsupported TLS modes */ + ":!PSK:!SRP:!kRSA")) crypto_msg (M_FATAL, "Failed to set default TLS cipher list."); return; } -- 2.47.2