Re: Preparing openvpn3 packaging for review - openssl challenges
by Tomas Mraz
On Wed, 2020-02-19 at 11:06 +0100, David Sommerseth wrote:
> On 19/02/2020 08:25, Tomas Mraz wrote:
> > > if (!SSL_CTX_set_cipher_list(ctx,
> > > /* default list as a
> > > basis
> > > */
> > > "DEFAULT"
> > > /* Disable export
> > > ciphers,
> > > low and medium */
> > > ":!EXP:!LOW:!MEDIUM"
> > > /* Disable static
> > > (EC)DH
> > > keys (no forward secrecy) */
> > > ":!kDH:!kECDH"
> > > /* Disable DSA private
> > > keys */
> > > ":!DSS"
> > > /* Disable RC4 cipher
> > > */
> > > ":!RC4"
> > > /* Disable MD5 */
> > > ":!MD5"
> > > /* Disable unsupported
> > > TLS
> > > modes */
> > > ":!PSK:!SRP:!kRSA"
> > > /* Disable SSLv2
> > > cipher
> > > suites*/
> > > ":!SSLv2"
> > > ))
> > > OPENVPN_THROW(ssl_context_error,
> > > "OpenSSLContext:
> > > The second block should really be fine too, it just strictly
> > > enforces
> > > a fairly
> > > strict default set of ciphers.
> > No, the second call is not correct. Basically there should be no
> > call
> > to SSL_CTX_set_cipher_list() unless the user explicitly wants to
> > override the defaults. The default in Fedora is already sane and
> > safe
> > and ensures the crypto policy is properly applied.
> I brought your argument up internally, and added Arne Schwabe on Cc
> as he
> knows both OpenVPN and OpenSSL and how they integrate even better.
> We understand and agree that the system running OpenVPN should be
> able to
> define the defaults and avoid hard-coding it. But we explicitly want
> remove any non-PFS compliant ciphers (like kDH, kECDH, kRSA), which
> in most
> cases makes the setup stricter than the system
> configuration. Currently we
> see that Fedora's default ciphers allow some non-DH/ECDH and non-PFS
> Another aspect is that since OpenVPN is talking strictly to other
> capable products (where SoftEther is the only product we're aware of
> not being
> under the fold of OpenVPN Inc or the OpenVPN community). This
> results in
> OpenVPN being able to further reduce the available ciphers further
> than the
> more standard TLS defaults, thus increasing the security level of the
> channel for the VPN tunnel.
> At the same time we also see the argument where someone wants an even
> set of ciphers. In OpenVPN 2, we have that capability via --tls-
> cipher and
> --tls-ciphersuites (for TLSv1.3). I do see that OpenVPN 3 lacks
> options, but that is something we are looking into.
This would not be an issue if these options are used only when user
explicitly configures them.
> If there is a better way to narrow down the list of ciphers we allow
> OpenVPN instead of replacing the cipher list, that would be even
> better from
> our point of view. We are really reluctant to implicitly open up for
> which reduces the security level of OpenVPN, where PFS ability is a
> part of the ciphers being used.
You can use "PROFILE=SYSTEM" instead of "DEFAULT" as a start. However
this special string is downstream-only.
No matter how far down the wrong road you've gone, turn back.
[You'll know whether the road is wrong if you carefully listen to your
3 years, 3 months
Preparing openvpn3 packaging for review - openssl challenges
by David Sommerseth
I'm running rpmlint against packages built based on the Fedora Copr  build
I've provided for some time. I'm planning to move this forward for the standard
Fedora and EPEL repositories. But rpmlint complains about the usage of
SSL_CTX_set_cipher_list(), which I in this case would call a false-positive
The code which trips this warning is:
if (!SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"))
OPENVPN_THROW(ssl_context_error, "OpenSSLContext: SSL_CTX_set_cipher_list failed for force_aes_cbc_ciphersuites");
/* default list as a basis */
/* Disable export ciphers, low and medium */
/* Disable static (EC)DH keys (no forward secrecy) */
/* Disable DSA private keys */
/* Disable RC4 cipher */
/* Disable MD5 */
/* Disable unsupported TLS modes */
/* Disable SSLv2 cipher suites*/
OPENVPN_THROW(ssl_context_error, "OpenSSLContext: SSL_CTX_set_cipher_list failed");
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_ecdh_auto(ctx, 1); // this method becomes a no-op in OpenSSL 1.1
These calls can be found in openvpn/openssl/ssl/sslctx.hpp
The first SSL_CTX_set_cipher_list() is being slate for removal, as the
"force_aes_cbc_ciphersuits" feature is not considered needed any more;
negotiation works much better nowadays than when this was added
about 5 years ago. But the cipher-list here shouldn't be of that much
The second block should really be fine too, it just strictly enforces a fairly
strict default set of ciphers.
So my question is if this will be a show-stopper for getting the openvpn3
package into the standard Fedora + EPEL repositories?
3 years, 3 months