On 07/08/2019 12:19, Chitrang Srivastava wrote: > Hi Matt, > > I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites* > s_ctx = SSL_CTX_new(TLS_method()); > SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION | > SSL_OP_CIPHER_SERVER_PREFERENCE); > SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION); > SSL_CTX_set_ciphersuites(s_ctx, > "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"); > > In the debugger I noticed > > s_ctx :: cipher_list & cipher_list_by_id are both NULL Well, that is very strange. I just tried the code above and it works just fine for me. s_ctx->cipher_list, and s_ctx->cipher_lib_by_id should be populated in the SSL_CTX_new call: https://github.com/openssl/openssl/blob/c50fd0f959de5b256d8eefb8ad2a82fcdcb899c3/ssl/ssl_lib.c#L3091-L3101 So you should never have an SSL_CTX object without those things being set. Matt > However tls13_ciphersuites is populated. > Further in update_cipher_list which is called by SSL_CTX_set_ciphersuites tries > to delete this cipher_list and hence crash ? > > Any pointer what I am missing? > > -Thanks > > > > On Tue, Aug 6, 2019 at 7:48 PM Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx>> wrote: > > > > On 06/08/2019 14:58, Chitrang Srivastava wrote: > > Yeah I mean TLS 1.3 cipher , sorry I haven't pasted exact names. > > So after SSL_OP_CIPHER_SERVER_PREFERENCE, server uses > > TLS_1_3_AES_256_SHA_384. > > While without that it uses TLS_1_3_AES_128_SHA_256, which is better in > terms of > > performance. > > Ah! Right - now I understand. > > So the option SSL_OP_CIPHER_SERVER_PREFERENCE means that the server prefers the > server's ordering of ciphersuites compared to the clients. With that option set > it will use the first ciphersuite that is in the server's list that is also in > the client's list. Without the set it will use the first ciphersuite that is in > the client's list that is also in the server's list. Server operators often > prefer this because it gives more control over which ciphersuite ultimately gets > used. But that's only really useful if you also look at this list of configured > ciphersuites and make sure they are in your preferred order! Otherwise the > option is fairly pointless! > > For TLSv1.3 the default list is: > > # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ > "TLS_CHACHA20_POLY1305_SHA256:" \ > "TLS_AES_128_GCM_SHA256" > > If you want a different order you can use the functions > SSL_CTX_set_ciphersuites() (or SSL_set_ciphersuites()) to amend it: > > https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html > > Matt > > > > > Thanks very much, > > Chitrang > > > > Tuesday, August 6, 2019, Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> wrote: > > > > > > > > On 06/08/2019 12:20, Chitrang Srivastava wrote: > > > Noticed that if I set SSL_OP_CIPHER_SERVER_PREFERENCE, > > TLS_1_3_AES_256_SHA_384 > > > is being used while without that > > > AES_128_SHA256 is being used and I see client(Chrome) send this as first > > preference. > > > Is there anyway where I can always prefer AES-128-SHA256 cipher suite of > > TLS 1.3? > > > > Hmmm...are you sure? > > > > Those names don't look like OpenSSL names for those ciphersuites. I > guess you > > mean TLS_AES_256_GCM_SHA384 and AES128-SHA256. The former is a TLSv1.3 > > ciphersuite and the latter is for TLSv1.2 and below. They are mutually > > exclusive. If you negotiate TLSv1.3 then you can't use TLSv1.2 > ciphersuites and > > vice versa. > > > > SSL_OP_CIPHER_SERVER_PREFERENCE should not affect the protocol version > > negotiated. OpenSSL negotiates the version *first* before deciding what > > ciphersuite to use. So it should not be the case that > > SSL_OP_CIPHER_SERVER_PREFERENCE suddenly causes a TLSv1.3 ciphersuite > to be used > > when a TLSv1.2 ciphersuite was used without it. > > > > Matt > > > > > > > > > > On Tue, Aug 6, 2019 at 3:53 PM Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>>> wrote: > > > > > > > > > > > > On 06/08/2019 11:21, Chitrang Srivastava wrote: > > > > Yes , since in my case mostly browser will be used to access > > webserver running > > > > on embedded platform. > > > > Another question, since my webserver is running on embedded > platform and > > > it has > > > > limited memory , I have disabled > > > > ARIA/CAMELLIA and few others, is that OK ? because I don't > see any > > ciphers > > > > suites which is used in practice. > > > > > > Yes, that should be fine. > > > > > > Matt > > > > > > > > > > > > > > > > > > > On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> > > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>>>> wrote: > > > > > > > > > > > > > > > > On 06/08/2019 11:07, Chitrang Srivastava wrote: > > > > > Thanks Matt, > > > > > > > > > > So now I have, which i believe is enough ? > > > > > > > > > > SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION | > > > > > SSL_OP_CIPHER_SERVER_PREFERENCE); > > > > > SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION); > > > > > > > > This is fine although it obviously prevents connections from > > very old > > > clients > > > > that don't support TLSv1.2. This might not be a problem > for you > > > depending on > > > > your situation. > > > > > > > > Matt > > > > > > > > > > > > > > On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell > <matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> > > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>>> > > > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>> > > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> > > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx> > <mailto:matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>>>>>> wrote: > > > > > > > > > > > > > > > > > > > > On 06/08/2019 09:42, Chitrang Srivastava wrote: > > > > > > Hi, > > > > > > > > > > > > I am implementing HTTPs server using openssl 1.1.1b. > > > > > > Is it mandatory to setup these API's while > creating ssl > > context ? > > > > > > > > > > > > SSL_CTX_set_tmp_ecdh > > > > > > > > > > > > SSL_CTX_set_tmp_dh > > > > > > > > > > By default OpenSSL will automatically use ECDH if > appropriate > > > and choose a > > > > > suitable group so there is no need to call > > SSL_CTX_set_tmp_ecdh() > > > > unless you > > > > > want more control over which specific group is used. > > > > > > > > > > OpenSSL will not use DH unless you specifically > configure > > it. If you > > > > want to > > > > > make use of DH based ciphersuites then you must > either call > > > > SSL_CTX_set_tmp_dh() > > > > > or SSL_CTX_set_dh_auto() (or the SSL_* equivalents). > > Calling the > > > > former enables > > > > > you to configure any arbitrary DH group that you choose. > > Calling the > > > > latter will > > > > > enable the built-in DH groups. > > > > > > > > > > It is not mandatory to call any of the above. > > > > > > > > > > > > > > > > > Also any suggestion what all options one should > set while > > > setting up > > > > > server like > > > > > > SSL_CTX_set_options like SSL_OP_NO_SSLv2 > |SSL_OP_NO_SSLv3 > > > > > > > > > > Don't use the protocol version specific options at > all. Use > > > > > SSL_CTX_set_min_proto_version() if you want to specify a > > minimum > > > protocol > > > > > version. SSLv2 is no longer supported at all. SSLv3 is > > compiled > > > out by > > > > default. > > > > > > > > > > Other options that are worth considering are > > > SSL_OP_NO_RENEGOTIATION and > > > > > (possibly) SSL_OP_CIPHER_SERVER_PREFERENCE. > Generally you > > don't need > > > > the others > > > > > unless there is a specific problem you are trying to > solve. > > > > > > > > > > Matt > > > > > > > > > > > > > > >
