pyopenssl icon indicating copy to clipboard operation
pyopenssl copied to clipboard

Published 20 hours ago verified publisher icon pyca

Added set_ciphersuites() API

Open schlenk opened this issue 5 years ago • 6 comments

Add the set_ciphersuites API to set TLS 1.3 ciphersuites properly.

See: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites

schlenk avatar Nov 26 '20 16:11 schlenk

What's the motivation? All the TLS 1.3 ciphersuites are secure (and good) which removes a lot of the motivation that exists in TLS<=1.2 for micromanaging them.

alex avatar Nov 26 '20 16:11 alex

Motivation is three part: a) Cannot configure the CCM variants b) Looked at the Twisted API for cipher suites and it is broken due to not understanding the existing API (https://twistedmatrix.com/trac/ticket/10058) c) Fixing some in-house enterprise stuff where people want to configure that stuff...

schlenk avatar Nov 26 '20 16:11 schlenk

IMHO it's bad practice to configure any TLS and crypto-related settings in an application. Cipher suites, key strength, TLS versions, and trust store should be configured globally on operating system level. In the past few years Linux distributions have invested into better infrastructure for system-wide crypto policies.

What's the motivation? All the TLS 1.3 ciphersuites are secure (and good) which removes a lot of the motivation that exists in TLS<=1.2 for micromanaging them.

I have used the same argument to object against SSL_CTX_set_ciphersuites for Python's ssl module.

tiran avatar Nov 26 '20 17:11 tiran

IMHO it's bad practice to configure any TLS and crypto-related settings in an application. Cipher suites, key strength, TLS versions, and trust store should be configured globally on operating system level. In the past few years Linux distributions have invested into better infrastructure for system-wide crypto policies.

I don't agree with this at all. This is a very sysadmin/distro centric view of the world, and I think it maps quite poorly to lots of real world applications.

Nevertherless, I'm loathe to expand the pyOpenSSL API here.

alex avatar Nov 26 '20 17:11 alex

Hi @tiran

yes, agreed that it should be done on the OS level usually and that TLS 1.3 ciphers are great and all that. I basically ship a whole python distro/openssl with custom options/apache httpd etc. as part of some framework. So probably should tweak the "framework global" openssl settings instead. I can fork/patch my local versions as needed.

schlenk avatar Nov 26 '20 17:11 schlenk

There is also the use that might need to configure to a different default when the distribution changes the default setting. E.g. Centos8 does this:

cat ./crypto-policies/back-ends/opensslcnf.config

CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.2

So is probably more a feature parity between TLS <=1.2 and TLS 1.3+ than anything else.

schwabe avatar Nov 27 '20 15:11 schwabe