tls 1.1 and tls 1.2

[aykutnet]

How do I enable TLS 1.1 and TLS 1.2

 

[mistwang]

no, you cannot at this moment, since openssl 1.0.1 is not stable, we still use openssl 0.9.8, no TLS 1.1/1.2 support yet.

 

[justme]

And now? Defaulting to TLS_RSA_WITH_RC4_128_SHA is not exactly HIGH as far as ciphers are concerned (although that's what I selected).

 

[mistwang]

We plan to switch to OpenSSL 1.0.1 with our 5.0 release.
could build a special build for 4.2.5 release for people wants it.

 

[justme]

Depending on how far 5.0 is, a 4.2.5 would make sense. Count me in

 

[mistwang]

We have put a build of 4.2.5 with OpenSSL 1.0.1 ,
You can give it a try if you want, with command

/usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.5

 

[justme]

Thank you. Now the only thing missing is being able to tune it with cipher lists, as the hardcoded one doesn't include ECDHE ciphers and TLS_RSA_WITH_RC4_128_SHA being second on the offered list it gets chosen by all browsers but one, IE11 (see www.ssllabs.com/ssltest).
edit: AESNI is useless with non-AES ciphers

 

[mistwang]

Please do a force reinstall of 4.2.5, ECDHE ciphers should work now.

 

[justme]

Great, much better! Now if ciphers could be sorted in strength (or offering an option to toggle @strength or @speed), as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA should be above TLS_RSA* to have a chance to get picked by IE. Almost there 8)
edit: actually TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA should be on top to burry these outdated RC4 ciphers (which only XP requires now).

 

[mistwang]

ECDHE-RSA-AES128-SHA256 has the highest priority on server side, so it must be IE8 not support it. TLSv1.0 with AES CBC is not safe to BEAST attack, it has lower priority than RC4.

And remember that ECDHE ciphers is much slower than AES128-GCM-SHA256 or RC4.

 

[justme]

Indeed, security comes at a cost, which could be user-selectable... like all other web servers allowing cipher-list tuning. By the way, the comment on AESNI going to waste still stands (all browsers using RSA with current build).

 

[mistwang]

AESNI support is enabled in 4.2.5 using OpenSSL 1.0.1e, our test shows that AES128-GCM-SHA256 is faster than RC4-SHA .

 

[justme]

What about real life tests? No browser supports AES128-GCM-SHA256 and since it is below TLS_RSA_WITH_RC4_128_SHA on the cipher list it won't get picked anyway. Not trying to be picky but while we are at improving the cipher list...

 

[mistwang]

We use a default cipher string like "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH", and server's cipher order should be followed. You can customize the XML configuration file directly (not through the web console) to get your preferred cipher order.

 

[justme]

Nice! I didn't notice that feature, you made my day

 

[justme]

Hrm, I need help:
the following suite isn't giving the expected result with 4.2.5:
ECDH+AES256: DH+AES256: DH+AES128: RC4-SHA: !aNULL
DH ciphers are being ignored, along with ECDHE-ECDSA.

openssl ciphers -v 'ECDH+AES256:DH+AES256:DH+AES128:RC4-SHA:!aNULL'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1

 

[joe]

Today I d/l'd 4.2.7 standard and I'm trying to enable TLSv1.1 & TLSv1.2. So far regardless of the configuration items checked on, I cant verify its working. This is running on a Freebsd 9.2 platform. Locally oppenssl is 9.8y but based on the announcement for 4.2.7 its built in isn't it?

Is this possible using my configuration?

 

[mistwang]

Just download again and update your installation, bundled OpenSSL lib has been updated to 1.0.1f for freebsd6 packages.

 

[joe]

I'll give it a shot.... dare I ask why it was just added when it also listed in the release notes?

 

[mistwang]

Freebsd does not get the same level of attentions & cares as Linux.