Disable SSL3 and enable TLS1? / Ambiguous "DES-CBC3-SHA"

drueter@xxxxxxxxxx (David Rueter) · Tue, 7 Apr 2015 10:20:32 -0700

Got it!  Thanks for the detailed explanation.  I did not realize that the
same ciphers were used by both SSL3 and TLS1.  The behavior now makes all
the sense in the world.

Thanks!

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of
Viktor Dukhovni
Sent: Tuesday, April 07, 2015 8:32 AM
To: openssl-users at openssl.org
Subject: Re: Disable SSL3 and enable TLS1? / Ambiguous
"DES-CBC3-SHA"

On Tue, Apr 07, 2015 at 08:09:31AM -0700, David Rueter wrote:

> >> You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
>
> Yes, I admit I am not distinguishing between these.  However, !SSLv3  
> in the cipher list does evidently disable the SSLv3 protocol as 
> well--as evidenced by testing with https://www.ssllabs.com/ssltest

When there are no SSLv3 ciphers left, the protocol is not offerred, but this
also disables TLSv1 and TLSv1.1 as they use the same set of ciphers.

> From the symptoms, it sure seems like OpenSSL mistakenly uses the 
> string "DES-CBC3-SHA" to refer to both TLS and SSL3 (see 
> https://www.openssl.org/docs/apps/ciphers.html )

There is no mistake.  The same cipher-suite:

    DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

applies to SSLv3, TLSv1, TLSv1.1 and TLSv1.2.

> intentional?  In other words, is the SSLv3 cipher 
> SSL_RSA_WITH_3DES_EDE_CBC_SHA actually the same as the TLS cipher 
> TLS_RSA_WITH_[3]DES_[EDE_]CBC_SHA?

Yes, they are one and the same (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2):

    RFC 6101: CipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA         = {
0x00,0x0A };
    RFC 2246: CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA         = {
0x00,0x0A };
    RFC 4346: CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA         = {
0x00,0x0A };
    RFC 5246: CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA         = {
0x00,0x0A };

As for:

    CipherSuite TLS_RSA_WITH_DES_CBC_SHA               = { 0x00,0x09 };

it is not triple DES, it is single-DES, and corresponds (RFC 6101) to:

    CipherSuite SSL_RSA_WITH_DES_CBC_SHA               = { 0x00,0x09 };

which OpenSSL calls:

    DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1

-- 
	Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users