[Cryptography] OpenSSL minimal "safe" configuration?
Viktor Dukhovni
cryptography at dukhovni.org
Sun Jan 10 23:18:56 EST 2016
On Sun, Jan 10, 2016 at 12:09:48PM -0800, Henry Baker wrote:
> I was trying to build OpenSSL with a minimal, "safe" configuration.
>
> By "safe", I mean using the latest/best algorithms, and *deleting* all the known-to-be-unsafe algorithms.
>
> However, I can't seem to build OpenSSL w/o DES, w/o MD5, etc.
OpenSSL includes two libraries:
* A general purpose crypto library that must be able to handle
data at rest, including the ability to read 10 or 20-year
old S/MIME messages, even ones that have MD5 signatures. and
* An SSL/TLS library that can support a broad or narrow range
of cipher suites depending on your needs.
Compiling OpenSSL without MD5 breaks the crypto library, and rather
cripples the MD5+SHA1 construction required for TLS 1.0 and TLS
1.1. It is more sensible to control which algorithms are enabled
for use with SSL/TLS than to try to excise them from the library.
> I'd also like to kill off the shorter versions -- e.g., AES-128.
The DEFAULT SSL cipher-site can be tuned at compile time. Since you
want bleeding-edge, try the master version from Github with:
$ openssl ciphers -s -v 'DEFAULT:!aDSS:!CAMELLIA:@SECLEVEL=4'
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
Be prepared for significant interoperability barriers.
--
Viktor.
More information about the cryptography
mailing list