Re: [edk2-devel] setting TLS ciphers is broken (openssl 3?)

["Laszlo Ersek" <lersek@redhat.com>]

On 9/28/23 16:25, Gerd Hoffmann wrote:

>> The OpenSSL3 update may have restricted set (3), causing the grand
>> intersection to be empty.
>
> That seems to be the case.  Maybe (2) needs an update to enable newer
> ciphers, when logging the mappings I see there are quite a few IDs which
> don't get mapped:
>
> TlsDxe:TlsSetCipherList: skipping CipherId=0x1302
> TlsDxe:TlsSetCipherList: skipping CipherId=0x1303
> TlsDxe:TlsSetCipherList: skipping CipherId=0x1301
> TlsDxe:TlsSetCipherList: skipping CipherId=0x1304
> TlsDxe:TlsSetCipherList: CipherId=0xC030 -> ECDHE-RSA-AES256-GCM-SHA384
> TlsDxe:TlsSetCipherList: skipping CipherId=0xCCA8
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC014
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC02F
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC013
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC012
> TlsDxe:TlsSetCipherList: CipherId=0xC02C -> ECDHE-ECDSA-AES256-GCM-SHA384
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC0AD
> TlsDxe:TlsSetCipherList: skipping CipherId=0xCCA9
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC00A
> TlsDxe:TlsSetCipherList: CipherId=0xC02B -> ECDHE-ECDSA-AES128-GCM-SHA256
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC0AC
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC009
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC008
> TlsDxe:TlsSetCipherList: skipping CipherId=0x009D
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC09D
> TlsDxe:TlsSetCipherList: CipherId=0x0035 -> AES256-SHA
> TlsDxe:TlsSetCipherList: skipping CipherId=0x009C
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC09C
> TlsDxe:TlsSetCipherList: CipherId=0x002F -> AES128-SHA
> TlsDxe:TlsSetCipherList: CipherId=0x000A -> DES-CBC3-SHA
> TlsDxe:TlsSetCipherList: CipherId=0x009F -> DHE-RSA-AES256-GCM-SHA384
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC09F
> TlsDxe:TlsSetCipherList: skipping CipherId=0xCCAA
> TlsDxe:TlsSetCipherList: CipherId=0x0039 -> DHE-RSA-AES256-SHA
> TlsDxe:TlsSetCipherList: skipping CipherId=0x009E
> TlsDxe:TlsSetCipherList: skipping CipherId=0xC09E
> TlsDxe:TlsSetCipherList: CipherId=0x0033 -> DHE-RSA-AES128-SHA
> TlsDxe:TlsSetCipherList: CipherId=0x0016 -> DHE-RSA-DES-CBC3-SHA
> TlsDxe:TlsSetCipherList: skipping CipherId=0x00A3
> TlsDxe:TlsSetCipherList: skipping CipherId=0x0038
> TlsDxe:TlsSetCipherList: skipping CipherId=0x00A2
> TlsDxe:TlsSetCipherList: skipping CipherId=0x0032
> TlsDxe:TlsSetCipherList: skipping CipherId=0x0013

> Not setting ciphers works.

Right, so the default cipher list built into OpenSSL3 (3) is not the
problem in itself, and (1) and (4) have not changed.

I have raised before that TlsCipherMappingTable should be kept in sync
with all the ciphers that we build in from OpenSSL:

* https://bugzilla.tianocore.org/show_bug.cgi?id=915#c0
  (dated 2018-03-30):

> (3) While it is correct that an unrecognized EFI_TLS_CIPHER is rejected with
> EFI_UNSUPPORTED, the table used by TlsGetCipherString(), namely
> "TlsCipherMappingTable", is very lacking -- at commit 9c7d0d499296, it lists
> 23 cipher suites, and even those include "NULL-MD5" and "NULL-SHA".
>
> On my laptop, "openssl ciphers -V ALL" lists 110 cipher suites.
>
> The "TlsCipherMappingTable" array should include all ciphers that are
> supported by the OpenSSL release identified in
>
>   CryptoPkg/Library/OpensslLib/OpenSSL-HOWTO.txt
>
> Whenever edk2 picks up a new OpenSSL release, the cipher table should be
> actualized.

* https://bugzilla.tianocore.org/show_bug.cgi?id=929
  (reported on 2018-04-10; closed as WONTFIX by myself, approx. 5 years
  later, because nobody cared):

> According to the mailing list discussion linked in
> <https://bugzilla.tianocore.org/show_bug.cgi?id=915#c8>,
> "TlsCipherMappingTable" should never offer *more* cipher suites than
> actually supported by OpensslLib (because then the TLS client might
> negotiate a cipher suite with the server that the client ultimately
> won't be able to support). However, for best coverage of the ciphers
> that *are* available, "TlsCipherMappingTable" should reasonably
> approach the set of ciphers that we enable in "OpensslLib.inf". Please
> review the latter set and merge the according cipher suite identifiers
> into "TlsCipherMappingTable".

Also reported by Microsoft separately:

* https://bugzilla.tianocore.org/show_bug.cgi?id=2541
  (reported on 2020-02-20; in CONFIRMED state currently)

... I wonder how TlsCipherMappingTable looks in Project Mu!

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109186): https://edk2.groups.io/g/devel/message/109186
Mute This Topic: https://groups.io/mt/101613778/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-