Re: [Bug-wget] cipher_list string when using OpenSSL

[Jeffrey Walton]

I think this is the change that would facilitate the cipher_list
discussed below:

--- a/src/openssl.c
+++ b/src/openssl.c
@@ -267,13 +267,42 @@ ssl_init (void)

   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
    * Since we want a good protection, we also use HIGH (that excludes
MD4 ciphers and some more)
+   * !kRSA removes RSA key exchange (i.e., key transport), but allows
RSA digital signatures.
+   * With RSA key exchange removed, only key agreement schemes remain
(i.e., PFS schemes).
    */
   if (opt.secure_protocol == secure_protocol_pfs)
-    SSL_CTX_set_cipher_list (ssl_ctx,
"HIGH:MEDIUM:!RC4:!SRP:!PSK:!RSA:address@hidden");
+    SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:!aNULL:!kRSA:!RC4:!MD5:!SRP:!PSK");
+  else
+    SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:!aNULL:!RC4:!MD5:!SRP:!PSK");

Jeff


On Wed, Oct 18, 2017 at 6:57 PM, Jeffrey Walton <address@hidden> wrote:
> Hi Everyone,
>
> I believe this has some room for improvement (from src/openssl.c):
>
>     "HIGH:MEDIUM:!RC4:!SRP:!PSK:!RSA:address@hidden"
>
> I think it would be a good idea to provide a `--cipher_list` option to
> allow the user to specify it. It might also be prudent to allow the
> string to be specified in `.wgetrc`.
>
> Regarding the default string, its 2017, and this is probably closer to
> what should be used by default:
>
>     "HIGH:!aNULL:!RC4:!MD5:!SRP:!PSK:!kRSA"
>
> The "!kRSA" means RSA cannot be used for key exchange (i.e., RSA key
> transport), but can be used for digital signatures. MD5 is probably
> another algorithm that should be sunsetted at this point in time
> (though I am not aware of a HMAC/MD5 attack that can be carried out in
> TCP's 2MSL re-transmit time frame).
>
> I use the same cipher_list on the servers under my control. I've never
> received a complaint from them. They cipher_list also helps get one of
> those A+ reports from the various SSL scanners.
>
> Jeff