On 02/04/17 05:26, Joel Sing wrote:
On Wednesday 01 February 2017 15:41:29 Andreas Bartelt wrote:
Hello,
after reading the LibreSSL accouncement from today, I assumed that
specifying ecdhe "auto" in /etc/httpd.conf would enable X25519, P-256
and P-384 on current.
This is correct.
I've noticed that "auto" enables only curves x25519 and P-256 (which is
what I'd want to use - but somehow unexpected with regard to the
announcement).
Why do you believe this is the case?
Tested with a build of today's current:
- httpd started with ecdhe "auto" in /etc/httpd.conf
- then trying to connect via openssl s_client with -groups P-384 option
doesn't negotiate a cipher suite.
However, specifying -groups P-256 works. I don't know how to specify
x25519 with OpenBSD's openssl s_client (it's not yet listed in openssl
ecparam -list_curves output) but SSL Labs successfully negotiates via
x25519 and P-256 (but not P-384). P-384 doesn't seem to be enabled with
"auto".
Another confusing test result:
- httpd started with ecdhe "secp384r1" (P-384)
- then trying to connect via openssl s_client with -groups P-384 option
also doesn't negotiate a cipher suite!
However, SSL Labs successfully connects to httpd and confirms support
for secp384r1.
Can you reproduce this?
Diff is attached which clarifies the meaning of "auto" in httpd.conf.5.
There are some documentation improvements that could be used here, however the
meaning of auto for httpd.conf.5 needs to refer to the meaning of "auto" for
libtls (currently tls_config_set_ecdhecurve()). Otherwise libtls changes and
httpd becomes out of date.
There currently seems to be no way to explicitly specify x25519, or to
specify multiple colon separated curves with the ecdhe statement. Would
it make sense to change semantics and make the ecdhe statement in
httpd.conf consistent with the recent changes to openssl s_client
-groups (e.g., to also allow more common names like P-256 instead of
prime256v1)?
Yes - tls_config_set_ecdhecurve() needs to change to accept the same colon
separate list of priority ordered curve names, that SSL_set1_curves_list()
accepts.
