CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel
Hello,

Trying to get CHACHA20-POLY1305 Server Preference ... Working with tlsv1.2 but NOK with tlsv1.3

** Tried with a Custom OpenSSL.conf ServerPreference,PrioritizeChaCha

OPENSSL_CONF=$HOME/conf/openssl.conf $HOME/bin/nginx.exe

[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
Options = ServerPreference,PrioritizeChaCha

** Tried by patching src/event/ngx_event_openssl.c

-        SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_PRIORITIZE_CHACHA);

** Tried by patching src/event/ngx_event_openssl.c

nginx -s reload
nginx: [emerg] SSL_CTX_set_cipher_list("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3;
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256;

my config is working like a charm with tlsv1.2 but i cannot get CHACHA20 prioritized with tlsv1.3 ... hence my question ...how to do with nginx version: nginx/1.18.0 ?

tx, V.


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin
Hello!

On Sun, May 03, 2020 at 07:04:49PM +0200, Vincent Blondel wrote:

> Hello,
>
> Trying to get CHACHA20-POLY1305 Server Preference ... Working with tlsv1.2
> but NOK with tlsv1.3
>
> ** Tried with a Custom OpenSSL.conf ServerPreference,PrioritizeChaCha
>
> OPENSSL_CONF=$HOME/conf/openssl.conf $HOME/bin/nginx.exe
>
> [default_conf]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Ciphersuites =
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
> Options = ServerPreference,PrioritizeChaCha
>
> ** Tried by patching src/event/ngx_event_openssl.c
>
> -        SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
> +        SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE |
> SSL_OP_PRIORITIZE_CHACHA);
>
> ** Tried by patching src/event/ngx_event_openssl.c

There is no need to patch anything as long as you have Options set
in openssl.conf.

> nginx -s reload
> nginx: [emerg]
> SSL_CTX_set_cipher_list("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256")
> failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
> match)
>
> ssl_prefer_server_ciphers on;
> ssl_protocols TLSv1.3;
> ssl_ciphers
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256;
>
> my config is working like a charm with tlsv1.2 but i cannot get CHACHA20
> prioritized with tlsv1.3 ... hence my question ...how to do with nginx
> version: nginx/1.18.0 ?

The problem is that OpenSSL's SSL_CTX_set_cipher_list() does not
recognize any ciphers in the cipher list you've provided in the
ssl_ciphers directive, hence the error.  You have to provide at
least one valid cipher.

Note that OpenSSL's SSL_CTX_set_cipher_list() does not recognize
any TLSv1.3 ciphers (and instead enables them by default), hence
you have to use at least one TLSv1.2 cipher listed.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel
thanks for the update Maxim but unfortunately still nok ...

my openssl.conf

[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = ServerPreference,PrioritizeChaCha
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = DE
CN = www.example.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.example.com

my nginx.conf

    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.3;
    ssl_ciphers ECDHE+CHACHA20:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305;

nginx is no longe crying on ssl_ciphers syntax but CHACHA20 is still NOT the Cipher challenged :-(

-V.

On Sun, May 3, 2020 at 11:21 PM Maxim Dounin <[hidden email]> wrote:
Hello!

On Sun, May 03, 2020 at 07:04:49PM +0200, Vincent Blondel wrote:

> Hello,
>
> Trying to get CHACHA20-POLY1305 Server Preference ... Working with tlsv1.2
> but NOK with tlsv1.3
>
> ** Tried with a Custom OpenSSL.conf ServerPreference,PrioritizeChaCha
>
> OPENSSL_CONF=$HOME/conf/openssl.conf $HOME/bin/nginx.exe
>
> [default_conf]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Ciphersuites =
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
> Options = ServerPreference,PrioritizeChaCha
>
> ** Tried by patching src/event/ngx_event_openssl.c
>
> -        SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
> +        SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE |
> SSL_OP_PRIORITIZE_CHACHA);
>
> ** Tried by patching src/event/ngx_event_openssl.c

There is no need to patch anything as long as you have Options set
in openssl.conf.

> nginx -s reload
> nginx: [emerg]
> SSL_CTX_set_cipher_list("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256")
> failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
> match)
>
> ssl_prefer_server_ciphers on;
> ssl_protocols TLSv1.3;
> ssl_ciphers
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256;
>
> my config is working like a charm with tlsv1.2 but i cannot get CHACHA20
> prioritized with tlsv1.3 ... hence my question ...how to do with nginx
> version: nginx/1.18.0 ?

The problem is that OpenSSL's SSL_CTX_set_cipher_list() does not
recognize any ciphers in the cipher list you've provided in the
ssl_ciphers directive, hence the error.  You have to provide at
least one valid cipher.

Note that OpenSSL's SSL_CTX_set_cipher_list() does not recognize
any TLSv1.3 ciphers (and instead enables them by default), hence
you have to use at least one TLSv1.2 cipher listed.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin
Hello!

On Mon, May 04, 2020 at 07:49:26AM +0200, Vincent Blondel wrote:

> thanks for the update Maxim but unfortunately still nok ...
>
> my openssl.conf
>
> [default_conf]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Options = ServerPreference,PrioritizeChaCha
> [req]
> distinguished_name = req_distinguished_name
> req_extensions = v3_req
> prompt = no
> [req_distinguished_name]
> C = DE
> CN = www.example.com
> [v3_req]
> keyUsage = keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth
> subjectAltName = @alt_names
> [alt_names]
> DNS.1 = www.example.com

The openssl.conf looks wrong to me.  See
https://trac.nginx.org/nginx/ticket/1445#comment:8 for a working
example.  Quoting it here:

: openssl_conf = default_conf
:
: [default_conf]
: ssl_conf = ssl_sect
:
: [ssl_sect]
: system_default = system_default_sect
:
: [system_default_sect]
: Options = PrioritizeChaCha

Note the "openssl_conf = default_conf" before the first named
section.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel
I just copy/pasted/replaced the content of my openssl.conf with the proposal in this mail ... still OK with tslv1.2 and NOK with tlsv1.3 ...

openssl is up to date and seems working fine ...

$ openssl version
OpenSSL 1.1.1f  31 Mar 2020

$ openssl ciphers -v
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(256) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM          TLSv1.2 Kx=PSK      Au=PSK  Enc=AESCCM(128) Mac=AEAD
PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256
PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(256) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM      TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESCCM(128) Mac=AEAD
DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1

On Mon, May 4, 2020 at 5:54 PM Maxim Dounin <[hidden email]> wrote:
Hello!

On Mon, May 04, 2020 at 07:49:26AM +0200, Vincent Blondel wrote:

> thanks for the update Maxim but unfortunately still nok ...
>
> my openssl.conf
>
> [default_conf]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Options = ServerPreference,PrioritizeChaCha
> [req]
> distinguished_name = req_distinguished_name
> req_extensions = v3_req
> prompt = no
> [req_distinguished_name]
> C = DE
> CN = www.example.com
> [v3_req]
> keyUsage = keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth
> subjectAltName = @alt_names
> [alt_names]
> DNS.1 = www.example.com

The openssl.conf looks wrong to me.  See
https://trac.nginx.org/nginx/ticket/1445#comment:8 for a working
example.  Quoting it here:

: openssl_conf = default_conf
:
: [default_conf]
: ssl_conf = ssl_sect
:
: [ssl_sect]
: system_default = system_default_sect
:
: [system_default_sect]
: Options = PrioritizeChaCha

Note the "openssl_conf = default_conf" before the first named
section.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin
Hello!

On Mon, May 04, 2020 at 08:10:38PM +0200, Vincent Blondel wrote:

> I just copy/pasted/replaced the content of my openssl.conf with the
> proposal in this mail ... still OK with tslv1.2 and NOK with tlsv1.3 ...
>
> openssl is up to date and seems working fine ...

Some things to consider:

- Make sure the openssl.conf you are editing is the one which is
  actually used.  No errors are produced if loading openssl conf
  fails, and this somewhat complicates things.

  Given that your first message in this thread suggests you are
  trying to do this on Windows, trying to use variables when
  starting nginx might complicate things.

  Also it might not be trivial to trace if the file is actually
  used (on unix you can use things like ktrace / strace / truss).

- Make sure there are no non-text things in the openssl.conf such
  as byte order marks.  Some editors tend to add them, and this
  often breaks things.

- Make sure you are testing things correctly.  Testing cipher
  preference, especially for TLSv1.3 ciphers, might be
  non-trivial.

  Simplier test might be to disable some Ciphersuites in the
  openssl.conf, and make sure these are actually disabled.  And
  once you see them disabled, start playing with PrioritizeChaCha.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx