[erlang-patches] elliptic curve support

Andreas Schultz aschultz@REDACTED
Fri Oct 19 13:36:43 CEST 2012


Hi,

----- Original Message -----
> Hi!
> 
> Is it not enough that you can specify to the client and server which
> ciphers you want to use?

Not really, this is a bit like the sha256 selection for TLS 1.2. If openssl
has no EC support compiled in, the user can specify what he wants, there will
still be no EC support.
That means that we should at least be able to detect the problem on ssl startup.

Also, the default list of ciphers is an issue. The RFC says:

>   The cipher suite list, passed from the client to the server in the
>   ClientHello message, contains the combinations of cryptographic
>   algorithms supported by the client in order of the client's
>   preference (favorite choice first).

Naturally, you want the strongest ciphers first. So you end up in
ssl_tls1:suites with:

    [ 
      ?TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      ?TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
      ?TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
      ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
      ?TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
      ?TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
      ?TLS_RSA_WITH_AES_256_CBC_SHA,

      ?TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
      ?TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
      ?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
      ?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,...

Simply pre- or appending the EC ciphers would not get you the desired
ordering. There are a couple of options:

- filter the list
- provide a cipher sort function base on cipher strength
- always rely on the user to know if he can and should specify EC ciphers

Or maybe a filter function like openssl has (see man ciphers).

Andreas

> I suppose we could have an option to automatically filter a special
> type
> of suites without you
> having to make a list of all others, but if your client does not
> specify
> elliptic-curve suites
> they will not be negotiated even if the server supports them and vice
> versa.
> 
> Regards Ingela Erlang/OTP team - Ericsson AB
> 
> Andreas Schultz wrote:
> > ----- Original Message -----
> >   
> >> 2012/10/18 Andreas Schultz <aschultz@REDACTED>:
> >>     
> >>> Hi,
> >>>
> >>> Here is the elliptic curve support rebased to master-pu.
> >>>
> >>> https://github.com/RoadRunnr/otp/compare/master-pu...tls-ecc-suites
> >>> https://github.com/RoadRunnr/otp/compare/master-pu...tls-ecc-suites.patch
> >>>       
> >> Could you, please, make them switchable (something like
> >> --with-ec-ssl
> >> or with #ifdef..#endif)? Otherwise this is a no-go addon for all
> >> US
> >> Linux distributions due to software patents.
> >>     
> >
> > "all US Linux distributions" is a bit strong, it seems that only
> > Redhat/Fedora
> > is disabling EC
> > (https://bugzilla.redhat.com/show_bug.cgi?id=319901), Debian
> > and its cousins have it enabled.
> > Also, RFC6090 (http://tools.ietf.org/html/rfc6090#section-9) claims
> > that it is
> > not patented.
> >
> > Anyhow since Erlang should build everywhere and ciphers could be
> > disable
> > for a myriad of other reasons, I'm going to work something out. A
> > simple
> > #ifdef in crypto.c will not enough, SSL will have to filter the
> > supported
> > cipher suites as well.
> >
> > Andreas
> >
> >   
> >> --
> >> With best regards, Peter Lemenkov.
> >>
> >>     
> >
> >   
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz



More information about the erlang-patches mailing list