[Cryptography] OpenSSL minimal "safe" configuration?

Viktor Dukhovni cryptography at dukhovni.org
Sun Jan 10 23:18:56 EST 2016 

On Sun, Jan 10, 2016 at 12:09:48PM -0800, Henry Baker wrote:

> I was trying to build OpenSSL with a minimal, "safe" configuration.
> 
> By "safe", I mean using the latest/best algorithms, and *deleting* all the known-to-be-unsafe algorithms.
> 
> However, I can't seem to build OpenSSL w/o DES, w/o MD5, etc.

OpenSSL includes two libraries:

    * A general purpose crypto library that must be able to handle
      data at rest, including the ability to read 10 or 20-year
      old S/MIME messages, even ones that have MD5 signatures. and

    * An SSL/TLS library that can support a broad or narrow range
      of cipher suites depending on your needs.

Compiling OpenSSL without MD5 breaks the crypto library, and rather
cripples the MD5+SHA1 construction required for TLS 1.0 and TLS
1.1.  It is more sensible to control which algorithms are enabled
for use with SSL/TLS than to try to excise them from the library.

> I'd also like to kill off the shorter versions -- e.g., AES-128.

The DEFAULT SSL cipher-site can be tuned at compile time.  Since you
want bleeding-edge, try the master version from Github with:

    $ openssl ciphers -s -v 'DEFAULT:!aDSS:!CAMELLIA:@SECLEVEL=4'
    ECDHE-ECDSA-AES256-CCM8       TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
    ECDHE-ECDSA-AES256-CCM        TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256)  Mac=AEAD
    ECDHE-RSA-AES256-GCM-SHA384   TLSv1.2 Kx=ECDH Au=RSA   Enc=AESGCM(256)  Mac=AEAD
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256)  Mac=AEAD
    ECDHE-RSA-AES256-SHA384       TLSv1.2 Kx=ECDH Au=RSA   Enc=AES(256)     Mac=SHA384
    ECDHE-ECDSA-AES256-SHA384     TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256)     Mac=SHA384
    DHE-RSA-AES256-CCM8           TLSv1.2 Kx=DH   Au=RSA   Enc=AESCCM8(256) Mac=AEAD
    DHE-RSA-AES256-CCM            TLSv1.2 Kx=DH   Au=RSA   Enc=AESCCM(256)  Mac=AEAD
    DHE-RSA-AES256-GCM-SHA384     TLSv1.2 Kx=DH   Au=RSA   Enc=AESGCM(256)  Mac=AEAD
    DHE-RSA-AES256-SHA256         TLSv1.2 Kx=DH   Au=RSA   Enc=AES(256)     Mac=SHA256
    ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
    ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 Kx=ECDH Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
    DHE-RSA-CHACHA20-POLY1305     TLSv1.2 Kx=DH   Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD

Be prepared for significant interoperability barriers.

-- 
	Viktor.

More information about the cryptography mailing list