Bug 1127577 - IO::Socket::SSL overrides OpensSSL default cipher list undermining aim for system-wide settings
IO::Socket::SSL overrides OpensSSL default cipher list undermining aim for sy...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: perl-IO-Socket-SSL (Show other bugs)
rawhide
Unspecified Linux
unspecified Severity medium
: ---
: ---
Assigned To: Paul Howarth
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1076390
  Show dependency treegraph
 
Reported: 2014-08-07 03:53 EDT by Petr Pisar
Modified: 2014-08-07 10:00 EDT (History)
11 users (show)

See Also:
Fixed In Version: perl-IO-Socket-SSL-1.997-2.fc21
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1127322
Environment:
Last Closed: 2014-08-07 10:00:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
CPAN 97816 None None None Never

  None (edit)
Description Petr Pisar 2014-08-07 03:53:51 EDT
+++ This bug was initially created as a clone of Bug #1127322 +++
+++ This bug was initially created as a clone of Bug #1091316 +++
+++ This bug was initially created as a clone of Bug #1090966 +++
+++ This bug was initially created as a clone of Bug #1044401 +++

[...]
--- Additional comment from Tomas Mraz on 2014-04-24 12:55:23 GMT ---

The SSL_version setting is probably no problem. However the ALL cipher list string really should not be used. Either the cipher list should not be set at all or the 'DEFAULT' string could be used.

[...]
--- Additional comment from Petr Pisar on 2014-04-25 07:08:43 GMT ---

How to test:

(1) Start an SSL server.
(2) Run a simple Net::LDAPS client without `ciphers' option against the server.
(3) Compare list of ciphers advertised by the client to the server against DEFAULT OpenSSL list (see `openssl ciphers DEFAULT' command output).
Before:
  The lists differ.
After:
  The lists are identical.

[...]
--- Additional comment from Petr Pisar on 2014-08-06 16:08:46 GMT ---

See bug #1090966 for testing instructions.

However please note that current IO::Socket:SSL Perl module (perl-IO-Socket-SSL-1.94-3.el7.noarch) does not respect OpenSSL defaults and overrides it:

        SSL_cipher_list
          If this option is set the cipher list for the connection will be set
          to the given value, e.g. something like 'ALL:!LOW:!EXP:!ADH'. Look
          into the OpenSSL documentation
          (<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>) for
          more details.

          If this option is not set 'ALL:!LOW' will be used. To use OpenSSL
          builtin default (whatever this is) set it to ''.

This undermines this perl-Net-LDAP fix and causes sneaking some ciphers into Net::LDAP application:

--- default.sorted      2014-08-06 16:36:58.176000000 +0200
+++ fixed.sorted        2014-08-06 16:35:23.573000000 +0200
@@ -1,3 +1,18 @@
+ADH-AES128-GCM-SHA256
+ADH-AES128-SHA
+ADH-AES128-SHA256
+ADH-AES256-GCM-SHA384
+ADH-AES256-SHA
+ADH-AES256-SHA256
+ADH-CAMELLIA128-SHA
+ADH-CAMELLIA256-SHA
+ADH-DES-CBC3-SHA
+ADH-RC4-MD5
+ADH-SEED-SHA
+AECDH-AES128-SHA
+AECDH-AES256-SHA
+AECDH-DES-CBC3-SHA
+AECDH-RC4-SHA
 AES128-GCM-SHA256
 AES128-SHA
 AES128-SHA256
@@ -59,17 +74,15 @@
 ECDH-RSA-RC4-SHA
 EDH-DSS-DES-CBC3-SHA
 EDH-RSA-DES-CBC3-SHA
+EXP-ADH-DES-CBC-SHA
+EXP-ADH-RC4-MD5
+EXP-DES-CBC-SHA
+EXP-EDH-DSS-DES-CBC-SHA
+EXP-EDH-RSA-DES-CBC-SHA
+EXP-RC2-CBC-MD5
+EXP-RC4-MD5
 IDEA-CBC-SHA
-KRB5-DES-CBC3-MD5
-KRB5-DES-CBC3-SHA
-KRB5-IDEA-CBC-MD5
-KRB5-IDEA-CBC-SHA
-KRB5-RC4-MD5
-KRB5-RC4-SHA
- -3DES-EDE-CBC-SHA
-PSK-AES128-CBC-SHA
-PSK-AES256-CBC-SHA
-PSK-RC4-SHA
 RC4-MD5
 RC4-SHA
 SEED-SHA

The erroneous cipher-suites are the ADH and AECDH and EXP ones. I will report bug against perl-IO-Socket-SSL.

(The KRB5 and PSK ones are not present in the Net::LDAP client because no Kerberos, nor PSK TLS authentication has been available when running the client. These misses are fine.)

----

Fedora (perl-IO-Socket-SSL-1.997-1) is affected too. Current IO::Socket::SSL uses stronger cipher list than ALL:!LOW, but it still diverts from the OpenSSL default:

          [...] The
          default setting prefers ciphers with forward secrecy, disables
          anonymous authentication and disables known insecure ciphers like
          MD5, DES etc. This gives a grade A result at the tests of SSL Labs.
          To use the less secure OpenSSL builtin default (whatever this is)
          set SSL_cipher_list to ''.
Comment 1 Paul Howarth 2014-08-07 10:00:14 EDT
Should be fixed in -2.

Note You need to log in before you can comment on or make changes to this bug.