Best cipher restriction settings BEAST/LOGJAM/SWEET32

[Nello]

Hello everybody,

i'm trying to figure out what could be the best setup to adopt for the cipher restriction argument in order to solve some flaws we have still open.

I thought i could resolve most of the vulnerabilities upgrading to latest version of openssl ( i m having test environment) but tests performed showed that it was not like this.

Indeed even if i updated to OpenSSL 1.1.0b  26 Sep 2016 that claims to have removed all DES vulnerabile ciphers I'm still able to perform a openssl s_client connection to my rabbitmq server using for example DES-CBC3-SHA 

The weird thing is that some of the 3DES ciphers of the encryption family were disabled and the handshake did not happen.

Im not sure how to approach on this situation, i thought RMQ Erlang sticks with the openssl version reason for which i should have all the ciphers from DES/3DES removed.

What is your thought on this ?  Thanks you all.

[Michael Klishin]

Erlang TLS implementation uses openssl for crypto functions only AFAIK.

In any case, you can control what cipher suites are enabled, see http://www.rabbitmq.com/ssl.html.

You can also list what cipher suites are available to the runtime and from OpenSSL:

`rabbitmqctl eval 'ssl:cipher_suites().'`

`rabbitmqctl eval 'ssl:cipher_suites(openssl).'`

which reminds me we should add separate commands for those to rabbitmq-diagnostics in master/3.7.0.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

[Antonio Cascella]

Thanks for your prompt answer Micheal, i really appreciate it.

I made some tests on my configuration using the cipher restriction argument within the rabbitmq configuration file , however i did find some discrepancies between what i was restricting and what in reality during an openssl s_client call specifying a specific cipher a was previously restricting, i had the connection established.

My purpose would be to remove the 3DES/DES family from my configuration , particularly removing the SWEET32 vulnerability.

I've already closed some flaws upgrading the cluster to new version and restricting the protocol family to TLSv.1.2 However there is still something more to do , would you suggest a correct configuration to implement like in the case i explained on top ? I'm bit struggling with my tests honestly

This is my current configuration :

rabbitmqctl eval 'ssl:cipher_suites().'

[{ecdhe_ecdsa,aes_256_gcm,null,sha384},

 {ecdhe_rsa,aes_256_gcm,null,sha384},

 {ecdhe_ecdsa,aes_256_cbc,sha384,sha384},

 {ecdhe_rsa,aes_256_cbc,sha384,sha384},

 {ecdh_ecdsa,aes_256_gcm,null,sha384},

 {ecdh_rsa,aes_256_gcm,null,sha384},

 {ecdh_ecdsa,aes_256_cbc,sha384,sha384},

 {ecdh_rsa,aes_256_cbc,sha384,sha384},

 {dhe_rsa,aes_256_gcm,null,sha384},

 {dhe_dss,aes_256_gcm,null,sha384},

 {dhe_rsa,aes_256_cbc,sha256},

 {dhe_dss,aes_256_cbc,sha256},

 {rsa,aes_256_gcm,null,sha384},

 {rsa,aes_256_cbc,sha256},

 {ecdhe_ecdsa,aes_128_gcm,null,sha256},

 {ecdhe_rsa,aes_128_gcm,null,sha256},

 {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},

 {ecdhe_rsa,aes_128_cbc,sha256,sha256},

 {ecdh_ecdsa,aes_128_gcm,null,sha256},

 {ecdh_rsa,aes_128_gcm,null,sha256},

 {ecdh_ecdsa,aes_128_cbc,sha256,sha256},

 {ecdh_rsa,aes_128_cbc,sha256,sha256},

 {dhe_rsa,aes_128_gcm,null,sha256},

 {dhe_dss,aes_128_gcm,null,sha256},

 {dhe_rsa,aes_128_cbc,sha256},

 {dhe_dss,aes_128_cbc,sha256},

 {rsa,aes_128_gcm,null,sha256},

 {rsa,aes_128_cbc,sha256},

 {ecdhe_ecdsa,aes_256_cbc,sha},

 {ecdhe_rsa,aes_256_cbc,sha},

 {dhe_rsa,aes_256_cbc,sha},

 {dhe_dss,aes_256_cbc,sha},

 {ecdh_ecdsa,aes_256_cbc,sha},

 {ecdh_rsa,aes_256_cbc,sha},

 {rsa,aes_256_cbc,sha},

 {ecdhe_ecdsa,'3des_ede_cbc',sha},

 {ecdhe_rsa,'3des_ede_cbc',sha},

 {dhe_rsa,'3des_ede_cbc',sha},

 {dhe_dss,'3des_ede_cbc',sha},

 {ecdh_ecdsa,'3des_ede_cbc',sha},

 {ecdh_rsa,'3des_ede_cbc',sha},

 {rsa,'3des_ede_cbc',sha},

 {ecdhe_ecdsa,aes_128_cbc,sha},

 {ecdhe_rsa,aes_128_cbc,sha},

 {dhe_rsa,aes_128_cbc,sha},

 {dhe_dss,aes_128_cbc,sha},

 {ecdh_ecdsa,aes_128_cbc,sha},

 {ecdh_rsa,aes_128_cbc,sha},

 {rsa,aes_128_cbc,sha}]

rabbitmqctl eval 'ssl:cipher_suites(openssl).'

["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",

 "ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",

 "ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",

 "ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",

 "DHE-RSA-AES256-GCM-SHA384","DHE-DSS-AES256-GCM-SHA384",

 "DHE-RSA-AES256-SHA256","DHE-DSS-AES256-SHA256","AES256-GCM-SHA384",

 "AES256-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256",

 "ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES128-SHA256",

 "ECDHE-RSA-AES128-SHA256","ECDH-ECDSA-AES128-GCM-SHA256",

 "ECDH-RSA-AES128-GCM-SHA256","ECDH-ECDSA-AES128-SHA256",

 "ECDH-RSA-AES128-SHA256","DHE-RSA-AES128-GCM-SHA256",

 "DHE-DSS-AES128-GCM-SHA256","DHE-RSA-AES128-SHA256","DHE-DSS-AES128-SHA256",

 "AES128-GCM-SHA256","AES128-SHA256","ECDHE-ECDSA-AES256-SHA",

 "ECDHE-RSA-AES256-SHA","DHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA",

 "ECDH-ECDSA-AES256-SHA","ECDH-RSA-AES256-SHA","AES256-SHA",

 "ECDHE-ECDSA-DES-CBC3-SHA","ECDHE-RSA-DES-CBC3-SHA","EDH-RSA-DES-CBC3-SHA",

 "EDH-DSS-DES-CBC3-SHA","ECDH-ECDSA-DES-CBC3-SHA","ECDH-RSA-DES-CBC3-SHA",

 "DES-CBC3-SHA","ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA",

 "DHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA","ECDH-ECDSA-AES128-SHA",

 "ECDH-RSA-AES128-SHA","AES128-SHA"]

cat /etc/rabbitmq/rabbitmq.config

[

 {rabbit, [

             {tcp_listeners, []},

             {ssl_listeners, [{"0.0.0.0", 5673}]},

             {ssl_options, [

             {cacertfile, "/etc/pki/tls/test.chain.pem"},

             {certfile, "/etc/pki/tls/test.cert.pem"},

             {keyfile, "/etc/pki/tls/rmq/test.key"},

             {versions, ['tlsv1.2']}]}

           ]

 },

   {rabbitmq_management,

    [

      {listener,

      [{port, 8080},

       {ssl, true},

       {ssl_opts, [{cacertfile, "/etc/pki/tls/test.chain.pem"},

             {certfile, "/etc/pki/tls/test.cert.pem"},

             {keyfile, "/etc/pki/tls/rmq/test.key"},

                   {versions, ['tlsv1.2']}]}

      ]

    }]

  },

  {rabbitmq_stomp,

    [{tcp_listeners, [{"0.0.0.0", 6163}]}]

  }

].

Im using RabbitMQ 3.4.5 Erlang OTP 19

To post to this group, send email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/wIgyhs_TWQs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.

[Michael Klishin]

Is it really 3.4.5? I doubt it runs on Erlang 19.1.

I don't see any cipher suites listed in your config.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.

[Antonio Cascella]

Correction RMQ version 3.6.5 OTP 19.1

2016-12-06 16:35 GMT+01:00 Michael Klishin <mkli...@pivotal.io>:

Is it really 3.4.5? I doubt it runs on Erlang 19.0.4

Here the complete configuration , as i said i tried to remove just the DES/3DES family but had some issues and was not completely restricting the mentioned ciphers.

[

 {rabbit, [

             {tcp_listeners, []},

             {ssl_listeners, [{"0.0.0.0", 5673}]},

             {ssl_options, [

             {cacertfile, "/etc/pki/tls/test.chain.pem"},

             {certfile, "/etc/pki/tls/test.cert.pem"},

             {keyfile, "/etc/pki/tls/rmq/test.key"},

             {versions, ['tlsv1.2’]},

    {ciphers,  [{ecdhe_ecdsa,aes_256_gcm,null,sha384},

 {ecdhe_ecdsa,aes_128_cbc,sha},

 {ecdhe_rsa,aes_128_cbc,sha},

 {dhe_rsa,aes_128_cbc,sha},

 {dhe_dss,aes_128_cbc,sha},

 {ecdh_ecdsa,aes_128_cbc,sha},

 {ecdh_rsa,aes_128_cbc,sha},

 {rsa,aes_128_cbc,sha}]}]}

           ]

 },

   {rabbitmq_management,

    [

      {listener,

      [{port, 8080},

       {ssl, true},

       {ssl_opts, [{cacertfile, "/etc/pki/tls/test.chain.pem"},

             {certfile, "/etc/pki/tls/test.cert.pem"},

             {keyfile, "/etc/pki/tls/rmq/test.key"},

                   {versions, ['tlsv1.2’]},

  {ciphers,  [{ecdhe_ecdsa,aes_256_gcm,null,sha384},

 {ecdhe_ecdsa,aes_128_cbc,sha},

 {ecdhe_rsa,aes_128_cbc,sha},

 {dhe_rsa,aes_128_cbc,sha},

 {dhe_dss,aes_128_cbc,sha},

 {ecdh_ecdsa,aes_128_cbc,sha},

 {ecdh_rsa,aes_128_cbc,sha},

 {rsa,aes_128_cbc,sha}]}]}

[Antonio Cascella]

Erlang OTP 19.0.4

[Michael Klishin]

Well, can you be more specific than "some issues"?

RabbitMQ itself doesn't provide a TLS implementation, Erlang/OTP does.

So if you run a recent 3.6.x release, you can switch to 19.1.6.

I'm afraid I cannot suggest anything beyond the above without knowing

what kind of tests you conduct with `openssl s_client` and what exactly isn't up to your expectations.

Erlang OTP 19.0.4

To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Antonio Cascella]

Thanks Michael ill come back to you with more precise informations and tests given using the new OTP version.

[Antonio Cascella]

Just to clarify, when you say "Erlang TLS implementation uses openssl for crypto functions only AFAIK." it means that for part of the handshake process they rely on their erl ssl module while on the encryption part Erlang uses the openssl library ? Thanks

[Michael Klishin]

Yes, the state machine parts are all implemented in Erlang without relying on OpenSSL. The user facing part of it
is primarily in the ssl module. 

On 6 December 2016 at 19:51:36, Antonio Cascella (info.c...@gmail.com) wrote:
> Just to clarify, when you say "Erlang TLS implementation uses openssl for
> crypto functions only AFAIK." it means that for part of the handshake
> process they rely on their erl ssl module while on the encryption part
> Erlang uses the openssl library ? Thanks
>

> >>>>>> wrote:
> >>>>>>
> >>>>>>> Hello everybody,
> >>>>>>>
> >>>>>>> i'm trying to figure out what could be the best setup to adopt for
> >>>>>>> the cipher restriction argument in order to solve some flaws we have still
> >>>>>>> open.
> >>>>>>>
> >>>>>>> I thought i could resolve most of the vulnerabilities upgrading to
> >>>>>>> latest version of openssl ( i m having test environment) but tests
> >>>>>>> performed showed that it was not like this.
> >>>>>>>
> >>>>>>> Indeed even if i updated to OpenSSL 1.1.0b 26 Sep 2016 that claims
> >>>>>>> to have removed all DES vulnerabile ciphers I'm still able to perform a
> >>>>>>> openssl s_client connection to my rabbitmq server using for example
> >>>>>>> DES-CBC3-SHA
> >>>>>>>
> >>>>>>> The weird thing is that some of the 3DES ciphers of the encryption
> >>>>>>> family were disabled and the handshake did not happen.
> >>>>>>>
> >>>>>>> Im not sure how to approach on this situation, i thought RMQ Erlang
> >>>>>>> sticks with the openssl version reason for which i should have all the
> >>>>>>> ciphers from DES/3DES removed.
> >>>>>>>
> >>>>>>> What is your thought on this ? Thanks you all.
> >>>>>>>
> >>>>>>> --
> >>>>>>> You received this message because you are subscribed to the Google
> >>>>>>> Groups "rabbitmq-users" group.
> >>>>>>> To unsubscribe from this group and stop receiving emails from it,

> >>>>>>> send an email to rabbitmq-user...@googlegroups.com.

> >>>>>>> To post to this group, send email to rabbitm...@googlegroups.com
> >>>>>>> .
> >>>>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> MK
> >>>>>>
> >>>>>> Staff Software Engineer, Pivotal/RabbitMQ
> >>>>>>
> >>>>>> --
> >>>>>> You received this message because you are subscribed to a topic in
> >>>>>> the Google Groups "rabbitmq-users" group.
> >>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
> >>>>>> pic/rabbitmq-users/wIgyhs_TWQs/unsubscribe.
> >>>>>> To unsubscribe from this group and all its topics, send an email to

> >>>>>> rabbitmq-user...@googlegroups.com.

> >>>>>> To post to this group, send email to rabbitm...@googlegroups.com.
> >>>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>>>
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to the Google
> >>>>> Groups "rabbitmq-users" group.
> >>>>> To unsubscribe from this group and stop receiving emails from it, send

> >>>>> an email to rabbitmq-user...@googlegroups.com.

> >>>>> To post to this group, send email to rabbitm...@googlegroups.com.
> >>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to a topic in the
> >>>>> Google Groups "rabbitmq-users" group.
> >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
> >>>>> pic/rabbitmq-users/wIgyhs_TWQs/unsubscribe.

> >>>>> To unsubscribe from this group and all its topics, send an email to

> >>>>> rabbitmq-user...@googlegroups.com.

> >>>>> To post to this group, send email to rabbitm...@googlegroups.com.
> >>>>> For more options, visit https://groups.google.com/d/optout.
> >>>>>
> >>>>
> >>>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> >>> Groups "rabbitmq-users" group.
> >>> To unsubscribe from this group and stop receiving emails from it, send

> >>> an email to rabbitmq-user...@googlegroups.com.

> >>> To post to this group, send email to rabbitm...@googlegroups.com.
> >>> For more options, visit https://groups.google.com/d/optout.
> >>>
> >>
> >>
> >>
> >> --
> >> MK
> >>
> >> Staff Software Engineer, Pivotal/RabbitMQ
> >>
> >> --
> >> You received this message because you are subscribed to a topic in the
> >> Google Groups "rabbitmq-users" group.
> >> To unsubscribe from this topic, visit https://groups.google.com/d/to
> >> pic/rabbitmq-users/wIgyhs_TWQs/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to

> >> rabbitmq-user...@googlegroups.com.

> >> To post to this group, send email to rabbitm...@googlegroups.com.
> >> For more options, visit https://groups.google.com/d/optout.
> >>
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups "rabbitmq-users"
> group.

> To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
> To post to this group, send an email to rabbitm...@googlegroups.com.