proposed text for crypto-policies in Packaging Guidelines

Hubert Kario hkario at redhat.com
Fri Aug 8 15:32:46 UTC 2014 

----- Original Message -----
> From: "Reindl Harald" <h.reindl at thelounge.net>
> To: security at lists.fedoraproject.org
> Sent: Friday, 8 August, 2014 4:45:02 PM
> Subject: Re: proposed text for crypto-policies in Packaging Guidelines
> 
> 
> Am 08.08.2014 um 16:30 schrieb Eric H. Christensen:
> > On Fri, Aug 08, 2014 at 04:11:51PM +0200, Reindl Harald wrote:
> >> Am 08.08.2014 um 15:44 schrieb Eric H. Christensen:
> >>> On Fri, Aug 08, 2014 at 03:36:51PM +0200, Reindl Harald wrote:
> >>>> Am 08.08.2014 um 15:21 schrieb Nikos Mavrogiannopoulos:
> >>>>> Postfix is a different kind of beast though. It does not typically use
> >>>>> TLS, but uses some kind of opportunistic security that allows anonymous
> >>>>> ciphersuites. So it's a bit hard to enforce anything there, as
> >>>>> man-in-the-middle attacks are possible by design
> >>>
> >>>> and keep in mind in case of opportunistic TLS if you restrict
> >>>> ciphers and the SMTP client don't support what you offer it
> >>>> falls back to completly plaintext which defeats the intention
> >>>
> >>> Falling back to an insecure cipher only provides a false sense of
> >>> security
> >>> which isn't any better than plaintext.
> > 
> >> you *can not* enforce ciphers for opportunistic TLS - period
> >> because that is the nature of *opportunistic*
> > 
> > I agree with your assessment, however, ordering the ciphers that are to be
> > used can still be done
> 
> agreed, with caution below, that is still an issue and
> 64 is sadly exceeded with defaults and in future versions
> of openssl that will grow (new cipher types)
> 
> [harry at srv-rhsoft:~]$ openssl ciphers -v | wc -l
> 75
> 
> 71: RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
> 
> http://www.ietf.org/mail-archive/web/tls/current/msg10554.html
> The Windows 2003 TLS stack (still used by a non-trivial number of
> Microsoft Exchange SMTP servers) only looks at the first 64 elements
> of the cipherlist. If neither RC4-SHA nor RC4-MD5 are among these,

Which wasn't the case since openssl 1.0.1:

$ openssl ciphers -v | cat -n | grep RC4
    67  ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
    68  ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
    69  ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
    70  ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  Mac=SHA1
    71  RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
    72  RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
    73  PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
    74  KRB5-RC4-SHA            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=SHA1
    75  KRB5-RC4-MD5            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=MD5

(and is only worse for the ALL cipherstring)

maybe that means that they have been falling back to plaintext since 1.0.1 release
but I'd say that admins of Win2003 have much more pressing issues than security of their
SMTP connections...
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario at redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

More information about the security mailing list