Bug 1019972

Summary: socat: needs to specify OpenSSL cipher suites
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: socatAssignee: Paul Wouters <pwouters>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: gerhard
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-24 08:35:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1019961    

Description Florian Weimer 2013-10-16 17:27:37 UTC 
socat currently does not seem to set the cipher suites, so it ends up using insecure ciphers such as 40 bit RC4.  Not sure if the full elaborate cipher suite setting logic of <http://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX> is needed.  Hard-coding "HIGH:RC4-SHA:RC4-MD5:-PSK:-ADH:-AECDH" is probably okay if we're prepared to patch socat if we need to retire RC4 support.
Comment 2 Gerhard 2014-04-03 08:29:54 UTC 
To my best knowledge the peers agree on one of the most secure ciphers they share. On the other hand, socat OPENSSL provides the 'cipher' option that allows to set a list of allowed ciphers.

Please explain what you want to gain or which scenario you are concerned about!
Comment 3 Florian Weimer 2014-04-07 07:41:54 UTC 
(In reply to Gerhard from comment #2)
> To my best knowledge the peers agree on one of the most secure ciphers they
> share. On the other hand, socat OPENSSL provides the 'cipher' option that
> allows to set a list of allowed ciphers.
> 
> Please explain what you want to gain or which scenario you are concerned
> about!

There is increased risk of downgrade attacks if both ends support weak cipher suites.

I think a default of "HIGH:-NULL:-PSK:-aNULL" would make sense for the cipher suite selector.  If users need RC4, they'd have to enable it explicitly (which increasingly makes sense).
Comment 5 Gerhard 2015-01-24 20:37:13 UTC 
With Socat 1.7.3.0 "HIGH:-NULL:-PSK:-aNULL" is the default cipherlist.
Comment 7 Florian Weimer 2015-09-24 08:35:47 UTC 
OpenSSL defaults in Red Hat Enterprise Linux 7 were changed in OpenSSL, so this is no longer an issue.