Using Implement at ions of T LS

Re d Hat Ente rpris e Linux 7 is dis tribute d with s e ve ral full-fe ature d imple me ntations of TLS.

In this s e ction, the configuration of OpenSSL and GnuT LS is de s cribe d. Se e

Se ction 4.11.3, “Configuring Spe cific Applications ” for ins tructions on how to configure TLS s upport in individual applications .

The available TLS imple me ntations offe r s upport for various cipher suites that de fine all the e le me nts that come toge the r whe n e s tablis hing and us ing TLS-s e cure d

communications .

Us e the tools include d with the diffe re nt imple me ntations to lis t and s pe cify ciphe r s uite s that provide the be s t pos s ible s e curity for your us e cas e while cons ide ring the

re comme ndations outline d in Se ction 4.11.1, “Choos ing Algorithms to Enable ”. The re s ulting ciphe r s uite s can the n be us e d to configure the way individual applications ne gotiate and s e cure conne ctions .

Important

Be s ure to che ck your s e ttings following e ve ry update or upgrade of the TLS imple me ntation you us e or the applications that utilize that imple me ntation. Ne w ve rs ions may introduce ne w ciphe r s uite s that you do not want to have e nable d and that your curre nt configuration doe s not dis able .

4.11.2.1. Working with Cipher Suites in OpenSSL

OpenSSL is a toolkit and a cryptography library that s upport the SSL and TLS protocols . On Re d Hat Ente rpris e Linux 7, a configuration file is provide d at /etc/pki/tls/openssl.cnf.

The format of this configuration file is de s cribe d in config(1). Se e als o Se ction 4.8.9,

“Configuring Ope nSSL”.

To ge t a lis t of all ciphe r s uite s s upporte d by your ins tallation of OpenSSL, us e the openssl command with the ciphers s ubcommand as follows :

~]$ openssl ciphers -v 'ALL:COMPLEMENTOFALL'

Pas s othe r parame te rs (re fe rre d to as cipher strings and keywords in OpenSSL

docume ntation) to the ciphers s ubcommand to narrow the output. Spe cial ke ywords can be us e d to only lis t s uite s that s atis fy a ce rtain condition. For e xample , to only lis t s uite s that are de fine d as be longing to the HIGH group, us e the following command:

~]$ openssl ciphers -v 'HIGH'

Se e the ciphe rs (1) manual page for a lis t of available ke ywords and ciphe r s trings . To obtain a lis t of ciphe r s uite s that s atis fy the re comme ndations outline d in

Se ction 4.11.1, “Choos ing Algorithms to Enable ”, us e a command s imilar to the following:

~]$ openssl ciphers -v 'kEECDH+aECDSA+AES:kEECDH+AES+aRSA:kEDH+aRSA+AES'

| column -t

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD

ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384

ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1

ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD

ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256

ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD

ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384

ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1

ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD

DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256

DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1

The above command omits all ins e cure ciphe rs , give s pre fe re nce to ephemeral elliptic curve Diffie-Hellman ke y e xchange and ECDSA ciphe rs , and omits RSA ke y e xchange (thus e ns uring perfect forward secrecy).

Note that this is a rathe r s trict configuration, and it might be ne ce s s ary to re lax the conditions in re al-world s ce narios to allow for a compatibility with a broade r range of clie nts .

4.11.2.2. Working with Cipher Suites in GnuT LS

GnuT LS is a communications library that imple me nts the SSL and TLS protocols and re late d te chnologie s .

Note

The GnuT LS ins tallation on Re d Hat Ente rpris e Linux 7 offe rs optimal de fault configuration value s that provide s ufficie nt s e curity for the majority of us e cas e s . Unle s s you ne e d to s atis fy s pe cial s e curity re quire me nts , it is re comme nde d to us e the s upplie d de faults .

Us e the gnutls-cli command with the -l (or --list) option to lis t all s upporte d ciphe r s uite s :

~]$ gnutls-cli -l

To narrow the lis t of ciphe r s uite s dis playe d by the -l option, pas s one or more

parame te rs (re fe rre d to as priority strings and keywords in GnuT LS docume ntation) to the --priority option. Se e the GnuT LS docume ntation at

http://www.gnutls .org/manual/gnutls .html#Priority-Strings for a lis t of all available priority s trings . For e xample , is s ue the following command to ge t a lis t of ciphe r s uite s that offe r at le as t 128 bits of s e curity:

~]$ gnutls-cli --priority SECURE128 -l

To obtain a lis t of ciphe r s uite s that s atis fy the re comme ndations outline d in

Se ction 4.11.1, “Choos ing Algorithms to Enable ”, us e a command s imilar to the following:

~]$ gnutls-cli --priority SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC -l

Cipher suites for SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC

TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2

TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2

TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0

TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b

TLS1.2

TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 0xc0, 0x23 TLS1.2

TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0

TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2

TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0

TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2

TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.2

TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0

TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2

TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0

TLS_DHE_RSA_AES_128_GCM_SHA256 0x00, 0x9e TLS1.2

TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2

TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0

Certificate types: CTYPE-X.509 Protocols: VERS-TLS1.2

Compression: COMP-NULL

Elliptic curves: CURVE-SECP384R1, CURVE-SECP521R1, CURVE-SECP256R1 PK-signatures: SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512, SIGN-RSA-SHA256, SIGN-DSA-SHA256, SIGN-ECDSA-SHA256 The above command limits the output to ciphe rs with at le as t 128 bits of s e curity while giving pre fe re nce to the s tronge r one s . It als o forbids RSA ke y e xchange and DSS authe ntication.

Note that this is a rathe r s trict configuration, and it might be ne ce s s ary to re lax the conditions in re al-world s ce narios to allow for a compatibility with a broade r range of clie nts .