#4415 Perfect Forward Secrecy does not work

1.660
open
nobody
None
5
2014-07-05
2014-05-21
Sage
No

Enabling the: "Only strong ciphers with perfect forward secrecy" option in the Webmin Configuration->SSL Encryption module appears to have no effect. Also, manually specifying "Listed Ciphers" appears to have no effect. Regardless of the settings, I have been unable to force PFS. I am connecting with both Firefox 29.0.1, and Safari 7.0.3. Firefox reports the following Cipher: TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys

Discussion

1 2 3 > >> (Page 1 of 3)
  • Jamie Cameron
    Jamie Cameron
    2014-05-21

    How are you determining that this has no effect exactly? Does the setting in Webmin not get saved, or does Firefox not show that PFS ciphers are being used.

     
  • Sage
    Sage
    2014-05-21

    Hi Jamie,

    The setting appears to be taken, since I can return to the config page, and the correct setting is there, but it is not effective.

    As noted above, Firefox reports: TLS_RSA_WITH_AES_128_CBC_SHA

    I am expecting it to report a cipher with ECDHE, or DHE. See this list: https://wiki.mozilla.org/Security/Server_Side_TLS

    Also, I'm using the SSleuth add-on for Firefox, which has a friendly display that clearly states: "Perfect Forward Secrecy: No"

    Regards,
    Sage

     
    Last edit: Sage 2014-05-21
  • Sage
    Sage
    2014-05-21

    I'm sorry. I just realized I filed this against 1.660, but I am using 1.680.

     
  • Jamie Cameron
    Jamie Cameron
    2014-05-22

    Ok, it sounds like PFS really isn't being used.

    Which openssl version is your Webmin system running?

     
  • Steven Page
    Steven Page
    2014-05-23

    i have also filed a ticket within regard to this issue, and someone else also confirmed it. it appears that using your own cipher list also has no effect. i have only been able to get a lower level of security (i.e. upgrading to new ciphers or PFS does not work).

    could a library of some sort be built against an older version of openssl? I am using the latest avaiable version that comes with Ubuntu 12.04 LTS. i think this is 1.0.1e

     
  • Jamie Cameron
    Jamie Cameron
    2014-05-23

    If you check the log file /var/webmin/miniserv.error on your system after changing the cipher list, do you see any error like "SSL cipher .... failed" ?

     
  • Sage
    Sage
    2014-05-24

    Here's what's in my miniserv.log after changing the cipher and pressing "Save":

    Pre-loaded WebminCore
    [23/May/2014:20:25:27 -0400] miniserv.pl started
    [23/May/2014:20:25:27 -0400] Using MD5 module Digest::MD5
    [23/May/2014:20:25:27 -0400] PAM authentication enabled
    Failed to initialize SSL connection
    Failed to initialize SSL connection

     
  • Sage
    Sage
    2014-05-24

    FYI, I am running on Centos 6.5, using system Net::SSLeay:

    [root@tango ~]# rpm -qi perl-Net-SSLeay
    Name : perl-Net-SSLeay Relocations: (not relocatable)
    Version : 1.35 Vendor: CentOS
    Release : 9.el6 Build Date: Fri 20 Aug 2010 02:11:15 PM EDT
    Install Date: Wed 21 May 2014 12:11:53 PM EDT Build Host: c6b3.bsys.dev.centos.org
    Group : Development/Libraries Source RPM: perl-Net-SSLeay-1.35-9.el6.src.rpm
    Size : 603530 License: OpenSSL
    Signature : RSA/8, Sun 03 Jul 2011 12:56:03 AM EDT, Key ID 0946fca2c105b9de
    Packager : CentOS BuildSystem http://bugs.centos.org
    URL : http://search.cpan.org/dist/Net-SSLeay/
    Summary : Perl extension for using OpenSSL
    Description :

     
  • Jamie Cameron
    Jamie Cameron
    2014-05-24

    That looks pretty recent, so it should support PFS. I've been doing some searching, but haven't yet found a reliable source of info on which are the ciphers required for PFS or how to verify if it is being used or not other than looking at the cipher currently in use by Firefox :-(

     
  • Steven Page
    Steven Page
    2014-05-26

    hmm... well, im certainly not an expert in the area, but ill chime in my two cents.

    I am fairly certain that you need to generate a session parameter file, once every few days. either that, or using a stronger/longer keg length, using:

    openssl dhparam -out dhparam.pem LENGTH

    some nginx SSL tutorials reccomend using 4096, but this can take quite a long time (and is very CPU intensive). this is why it seems to make more sense to use a shorter one (2048), that regenerates it's self every X days. the standards has a generic 1024 bit length key for use (see my following post). for example, Dovecot has a parameter called

    ssl_parameters_regenerate = HOURS

    anyways... the whole idea, to my understanding, is that the key exchange uses this ephemeral key. from what I have gathered using the official documentation @ https://www.openssl.org/docs/apps/ciphers.html

    the cipher string needed to specify the ephemeral key exchange is

    kDHE

    cipher suites using ephemeral DH key agreement.

    the entire cipher string I have been using to get an ranking or score of "A" (using the online SSL test), including PFS, is:

    kDHE:DH:HIGH:MEDIUM:!LOW:!SSLv2:!MD5:!aNULL:!eNULL:!NULL:@STRENGTH

    where @STRENGTH sorts the resulting list by strength. this may not be necessary on some machines, considering some people prefer 128 over 256, for example.

    all though I have not yet looked into the Elliptical Curved format, this will achieve basic perfect forward secrecy.

    hopefully this helps. i expect that you already understand most of this, but i figured that it couldn't hurt to elaborate on at-least my understanding.

     
    Last edit: Steven Page 2014-05-26
1 2 3 > >> (Page 1 of 3)