How do I disable a particular cipher suite in openssl?

Question

I want to secure my server from FREAK attack so I want to disable all the cipher suites that uses export grade RSA key from Openssl. Is there a way to disable a particular cipher suite in openssl? If yes, how do i do it?

Answer 1

Is there a way to disable a particular cipher suite in openssl? If yes, how do i do it?

To answer the direct question of disabling a particular cipher suite, do so by removing it from the cipher suite list passed to SSL_CTX_set_cipher_list or SSL_CTX_set_cipher_list:

int rc = SSL_CTX_set_cipher_list(ctx, "ALL:!NULL-MD5:!NULL-SHA");
assert(0 != rc);

You can do it on a SSL* with:

int rc = SSL_set_cipher_list(ssl, "ALL:!NULL-MD5:!NULL-SHA");
assert(0 != rc);

In the above, NULL-MD5 is SSL_RSA_WITH_NULL_MD5 and NULL-SHA is SSL_RSA_WITH_NULL_SHA. You can get the list of mappings from the openssl ciphers command.

---

You can also disable export ciphers with !EXP:

int rc = SSL_CTX_set_cipher_list(ctx, "ALL:!EXP");
assert(0 != rc);

And you can do it on a SSL* with:

int rc = SSL_set_cipher_list(ssl, "ALL:!EXP");
assert(0 != rc);

---

You can see what "ALL:!EXP" equates to with the OpenSSL command (note the single quote so the shell does not get a hold of the bang):

$ openssl ciphers 'ALL:!EXP'
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:
SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384...

You can count the number of cipher suites with:

$ openssl ciphers 'ALL:!EXP' | tr ':' ' ' | wc -w
     124

That tells you your ClientHello will use at least 248 bytes due to the 124 cipher suites. Ideally, you should advertise the 16 or so suites you really want.

---

You usually configure your cipher suites using "HIGH" only. It excludes "MEDIUM", "LOW" and "EXP". Here's how my call sometimes look:

int rc = SSL_CTX_set_cipher_list(ctx, "HIGH:!ADH:!MD5:!RC4:!SRP:!PSK:!DSS");
assert(0 != rc);

Be sure to exclude the anonymous gear (!ADH) because its included by default. !MD5 and !RC4 are used because they are weak/wounded. !SRP, !PSK, and !DSS are used to trim the list of ciphers further because they are not usually used.

You can also do the same with a SSL* and SSL_set_cipher_list.

If you call SSL_CTX_set_cipher_list and SSL_set_cipher_list on a server, the the cipher suite list will be trimmed further depending on the type of key in the certificate.

---

In the previous block, I said ... how my call sometimes look. Usually, I like to specify the 16 or so I want to use with:

string GetCipherSuites()
{
    static string ciphers = ""

#if defined(ALLOW_ECDSA)
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
#endif

    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"

#if defined(ALLOW_DSA)
    "DHE-DSS-AES256-GCM-SHA384:"
#endif

    "DHE-RSA-AES256-GCM-SHA384:"

#if defined(ALLOW_DSA)
    "DHE-DSS-AES128-GCM-SHA256:"
#endif

    "DHE-RSA-AES128-GCM-SHA256:"

#if defined(ALLOW_DSA)
    "DHE-DSS-AES256-SHA:"
#endif

    "DHE-RSA-AES256-SHA:"

#if defined(ALLOW_DSA)
    "DHE-DSS-AES128-SHA:"
#endif

    "DHE-RSA-AES128-SHA:"

#if defined(ALLOW_DSA)
    "EDH-DSS-DES-CBC3-SHA:"
#endif

    "EDH-RSA-DES-CBC3-SHA:"

#if defined(ALLOW_DSA)
    "DH-DSS-DES-CBC3-SHA:"
#endif

    "DH-RSA-DES-CBC3-SHA:";

    return ciphers;
}