Get the most out of your Centmin Mod LEMP stack
Become a Member

OpenSSL [PATCH] OpenSSL 1.1 Equal-preference groups of cipher suites

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Jul 8, 2017.

  1. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    This patch implements BoringSSL's equal-preference groups of cipher suites in OpenSSL 1.1.

    Why?
    One of the best parts of BoringSSL + Nginx in contrast to OpenSSL 1.1 + Nginx is equal-preference groups of cipher suites (If you ask me). As upstream OpenSSL 1.1 won't support equal-preference groups of cipher suites.

    BoringSSL not interesting to use?
    Not that really as BoringSSL is not supporting: Online Certificate Status Protocol (OCSP) on the server side (i.e. Nginx).
    Also developers do not recommend it:

    Whats about Cloudflare's patch?
    Cloudflare's (current opensource) OpenSSL 1.0.2 + OpenSSL 1.1 patch is, in fact a hack.
    It hacks the OpenSSL code to ensure it (ChaCha) is only taken if it is the client's top cipher choice.


    As shown to the latest Cloudlare, Nginx configuration file on GitHub.
    Cloudflare recently switched to a similar type, decent 'non hack' solution of equal-preference groups solution.

    But their patch is not (yet) released (Opensourced).
    Therefore my patch, and of course, Im using it myself for a while now.

    Howto
    Patch the OpenSSL 1.1f code with this patch before you are compiling Nginx with OpenSSL 1.1f.
    Change your Nginx ssl_ciphers parameter to Cloudflare's latest config.

    Done.

    As I am using other sources then my own i.e. Google BoringSSL's opensource-source, please note that all glory and fame goes to them.
    Not to the undersigned (me).

    The purpose of this project is to implement and use the feature equal-preference groups of cipher suites in Nginx with the latest OpenSSL 1.1. stable.
    Initially for own use.

    Nothing less, noting more.
     
    Last edited: Jul 8, 2017
  2. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    Didn't know Cloudflare switched to BoringSSL.
    BoringSSL is releasing new features a lot faster then OpenSSL.
    For example TLS 1.3.

    Seems Cloudflare is using BoringSSL as branch with backported OpenSSL features (OSCP, old chacha etc).
    They should have a good reason to use BoringSSL as foundation.

    This is not a good prospect for the fans of their patches.
    As code can change everywhere, every release, so patch code must change to prevent code breaks.

    Looking at BoringSSL's release window, almost every month a new release: 3071, 3112 etc.

    No reason for Cloudflare to release new patches as one single patch already generates a lot questions via Github's issues.
    And patch code breaking again and again a whole lot more.
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Indeed it's confusing especially when Cloudflare doesn't fully explain their commits on their sslconfig github repo.
     
  5. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    It's double of thought.
    Everyone is a little spoiled with their patches ;)

    But I agree with you. If you decide to release something (What they obviously decide for themselves), you should also do it well.
    An thats code + documentation.
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah we are spoiled with all their shared hard work :)

    Shame it's so fragmented too OpenSSL vs LibreSSL vs BoringSSL
     
  7. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    Bit of own fault. attitude etc of the OpenSSL team.
    Although it has been improved lately.
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah .. though LibreSSL doesn't seem that better i.e. last LibreSSL security bug fix release version wasn't even announced or mentioned as a security release and passed over as bug. It's like LibreSSL is afraid to alert to security bugs as they claim to be more secure than OpenSSL. It maybe not their intention, but that's how it came across to me.
     
  9. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    Many start a fork in an upwelling. But later, it will be remembered that it takes a lot and a lot of time, and after that you see the majority of forks flow away slowly.
     
  10. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    @eva2000 I have read the twitter page of Cloudflare CTO John Graham-Cumming.
    They are working on a blog post detailing the BoringSSL process and reasoning.

    Maybe with Cloudflare patches for upstream BoringSSL. But I do not think so.
    Too important inside information. Enough competitors who would analyze there patch code, blogs etc. Too expensive (In the greatest sense of the word) to release all of this.
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah just wait and see :)
     
  12. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    On the other side, it does not matter for us.
    BoringSSL, OpenSSL, 1 patch more or less.
    1 % optimization is for Cloudflare big business ( go or no go), but for us, small users, with all due respect, not mission critical.
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    indeed, though being a speed performance addict it matters :D
     
  14. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    I like edgie software like the latest OpenSSL with TLS 1.3, Nginx and to push it to the limit with patches and settings.
    But for mission critical I am of course way more conservative.

    I.e. stability over speed.
    Quality over quantity.

    And more of that kind of rules.
    Customer first.
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    True.. though for me, I am both the supplier and the customer :D
     
  16. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
    You are the one ;)
     
  17. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:34 AM
  18. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    sweet almost gave up hope of ever seeing this on OpenSSL 1.1.x code base (actually forgot about your original patch) :D
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    this patch seems to conflict with the Cloudflare Smart ChaCha patch which prefers ChaCha if it's client's preferred ciphers. So that patch is not needed with this Equal Cipher Preference Group patch ?

    Nginx compile fails
    Code (Text):
    4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/svr-setup/nginx-1.13.8/../openssl-1.1.0g/.openssl/ssl\"" -DENGINESDIR="\"/svr-setup/nginx-1.13.8/../openssl-1.1.0g/.openssl/lib/engines-1.1\"" -Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack -fPIC -DOPENSSL_USE_NODELETE -MMD -MF ssl/ssl_ciph.d.tmp -MT ssl/ssl_ciph.o -c -o ssl/ssl_ciph.o ssl/ssl_ciph.c
    ssl/s3_lib.c: In function 'ssl3_choose_cipher':
    ssl/s3_lib.c:3673:58: error: 'use_chacha' undeclared (first use in this function); did you mean 'EVP_chacha20'?
             if (c->algorithm_enc == SSL_CHACHA20POLY1305 && !use_chacha)
                                                              ^~~~~~~~~~
                                                              EVP_chacha20
    ssl/s3_lib.c:3673:58: note: each undeclared identifier is reported only once for each function it appears in
    ssl/s3_lib.c:3763:9: error: label 'retry' used but not defined
             goto retry;
             ^~~~
    make[3]: *** [ssl/s3_lib.o] Error 1
    make[3]: *** Waiting for unfinished jobs....
    make[3]: Leaving directory `/svr-setup/openssl-1.1.0g'
    make[2]: *** [all] Error 2
    make[2]: Leaving directory `/svr-setup/openssl-1.1.0g'
    make[1]: *** [../openssl-1.1.0g/.openssl/include/openssl/ssl.h] Error 2
    make[1]: Leaving directory `/svr-setup/nginx-1.13.8'
    make: *** [build] Error 2
    
    

    patch log
    Code (Text):
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    OpenSSL 1.1.0g Equal Cipher Preference Group patch
    https://community.centminmod.com/posts/57916/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-equal-preference-cipher-groups.patch
    patching file doc/apps/ciphers.pod
    patching file include/openssl/ssl.h
    patching file ssl/s3_lib.c
    patching file ssl/ssl_ciph.c
    patching file ssl/ssl_err.c
    patching file ssl/ssl_lib.c
    patching file ssl/ssl_locl.h
    patching file ssl/statem/statem_srvr.c
    
    patch success, need to change your ssl_cipher config for HTTPS vhost to the following:
    
    ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES';
    
    /svr-setup/openssl-1.1.0g
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    30-40% performance improvement patch for ECDSA
    https://community.centminmod.com/posts/57725/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    patching file crypto/ec/ec_lib.c
    patching file crypto/ec/ecdsa_ossl.c
    patching file crypto/ec/ecp_nistz256.c
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 succeeded at 1389 with fuzz 1.
    /svr-setup/openssl-1.1.0g
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    ECDHX 25519 performance patch
    https://community.centminmod.com/posts/57726/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
    patching file crypto/ec/curve25519.c
    patch unexpectedly ends in middle of line
    Hunk #4 succeeded at 3842 with fuzz 1.
    /svr-setup/openssl-1.1.0g
                                                          
    ######################################################################
    Patching OpenSSL 1.1.0 branch
    ######################################################################
    Cloudflare Smart ChaCha20 patch
    https://community.centminmod.com/posts/35727/
    only support ChaCha20 if client's preferred cipher
    ######################################################################
    /usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
    patching file ssl/s3_lib.c
    Hunk #1 FAILED at 3582.
    Hunk #2 FAILED at 3610.
    Hunk #3 succeeded at 3669 with fuzz 2 (offset 35 lines).
    patch unexpectedly ends in middle of line
    Hunk #4 succeeded at 3755 (offset 64 lines).
    2 out of 4 hunks FAILED -- saving rejects to file ssl/s3_lib.c.rej
    ######################################################################
    OpenSSL 1.1.0 branch Smart Chacha20 patched
    ######################################################################
    
     
  20. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    disabled Cloudflare Smart Chacha20 patch when Cloudflare Equal Cipher Preference Group patch is enabled

    nginx recompile's openssl patch log
    Code (Text):
    cat /root/centminlogs/patch_opensslpatches_060118-045428.log
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    OpenSSL 1.1.0g Equal Cipher Preference Group patch
    https://community.centminmod.com/posts/57916/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-equal-preference-cipher-groups.patch
    patching file doc/apps/ciphers.pod
    patching file include/openssl/ssl.h
    patching file ssl/s3_lib.c
    patching file ssl/ssl_ciph.c
    patching file ssl/ssl_err.c
    patching file ssl/ssl_lib.c
    patching file ssl/ssl_locl.h
    patching file ssl/statem/statem_srvr.c
    
    patch success, need to change your ssl_cipher config for HTTPS vhost to the following:
    
    ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES';
    
    /svr-setup/openssl-1.1.0g
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    30-40% performance improvement patch for ECDSA
    https://community.centminmod.com/posts/57725/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    patching file crypto/ec/ec_lib.c
    patching file crypto/ec/ecdsa_ossl.c
    patching file crypto/ec/ecp_nistz256.c
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 succeeded at 1389 with fuzz 1.
    /svr-setup/openssl-1.1.0g
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    ECDHX 25519 performance patch
    https://community.centminmod.com/posts/57726/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
    patching file crypto/ec/curve25519.c
    patch unexpectedly ends in middle of line
    Hunk #4 succeeded at 3842 with fuzz 1.
    /svr-setup/openssl-1.1.0g
    


    ssllabs

    before Cloudflare Equal Cipher Preference Group patch

    before-patch-01.png before-patch-02.png

    after Cloudflare Equal Cipher Preference Group patch - looks like this allows, Android 2.3.7, Java 6u45 and OpenSSL 0.9.8y backwards compatibility with the patch

    after-patch-01.png

    after-patch-02.png