Roger Tinembart 0 Posted August 22 Dear ICS Team First of all, thank you very much for making this great package available. This is an immense effort! I am experimenting with ICS 9.2. I am supposed to program a TLS 1.3 connection between a server and a client program. This basically works. But our security department has required me to only allow certain ciphers and groups. I tried to fulfill this using the SslCipherList and SslCryptoGroups properties (TSslContext) and to test it with the OverbyteIcsSslWebServ example. Unfortunately, it only works partially. 1. Ciphers: in the 'New Ciphers' field I enter 'ECDHE-ECDSA-AES256-GCM-SHA384'. When starting ('Start HTTPS' button), only this one value is actually passed to OpenSSL. I can see this clearly in OverbyteIcsSslBase.pas, line 6675 (SSL_CTX_set_cipher_list). Here only the string 'ECDHE-ECDSA-AES256-GCM-SHA384' is passed to OpenSSL. However, after starting, the program window shows that the following four ciphers are used: TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, ECDHE-ECDSA-AES256-GCM-SHA384. According to our security department, I am not allowed to use the ciphers with CHACHA20. 2. Groups: TSslContext has a property SslCryptoGroups. I assume that this property is intended to specify the groups to use. However, I don't see any effect, no matter what value I specify here. Interestingly, I don't see any use of this property in the code (in OverbyteIcsSslBase.pas). I determined the ciphers and groups that are actually used using the test program sslscan-2.1.4. Please find attached the output of sslscan. Question: How can I exclude the CHACHA cipher and the ffdhe2048 group? Is this possible via ICS or do I have to control this somehow via an openssl configuration file? Thank you very much for the helpful information! sslscan-result.txt Share this post Link to post
Angus Robertson 577 Posted August 22 Can you please confirm your query only relates to the ICS SSL server, and not clients? From your comments, I assume you are not using IcsHosts to specify certificates and SSL parameters? Angus Share this post Link to post
Roger Tinembart 0 Posted August 22 1. yes, my question relates to ICS SSL server. But i hope that i can limit the ciphers and groups also in the client which i will program later. I started with the server part. 2. i will use TSslWSocketServer with one entry in IcsHost to specify the parameters for a secured and an unsecured connection (two different ports). I added an SslContextBeforeInit-Handler which gets called after 'Listen'. There i set the SslCipherList, SslMinVersion, SslMaxVersion, SslCryptoGroups and the settings to verify the peer. But to be sure that the "problem" with ciphers and groups is not based on my code and to make it easier for you to reproduce it, i double-tested it with the original demos (OverbyteIcsSslWebServ). Share this post Link to post
Angus Robertson 577 Posted August 22 (edited) If you are using IcsHosts, you can not set any SslContext options, they are set by the component according to the SslSrvSecurity level you set, which uses internal cipher lists with Mozilla recommended cipher suites according to how much backward compatibility you want with older clients on ancient versions of Windows of Android. For TLS/1.3, it always adds the sslCipherTLS13 constant ciphers, which include CHACHA20. So perhaps the answer to your problem is one or more SslSrvSecurity levels that only have AES ciphers? Meanwhile, you could edit that constant to remove the first cipher in the list to fix your problem. Beware the TLS/1.2 ciphers also include CHACHA20. I probably have to revisit ciphers again since newer OpenSSL versions are adding newer ciphers, which we currently ignore. Angus Edited August 22 by Angus Robertson Share this post Link to post
Roger Tinembart 0 Posted August 23 (edited) Hi Angus Thanks for your suggestions. 1. Yes, I know that when I use IcsHosts, a new SslContext is created and the ciphers are set based on FSslSrvSecurty. This is done in the OverbyteIcsWSocketS.pas file, ValidateHosts on lines 3965 to 4020. However, later, on line 4053, I have the option to change these ciphers: { V8.66 allows application to change IcsHost and SslContext for special ciphers or protocols } if Assigned(FonBeforeContextInit) then begin FOnBeforeContextInit(self, FIcsHosts ); end; So I think it should be possible to change the SslContext even if I use IcsHosts? Anyway, I could work without IcsHosts if it simplifies my task. 2. I changed the constant sslCipherTLS13 in the OverbyteIcsSslBase file, line 296, to "TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:". This did not change the behavior of using the CHACHA20 cipher. I double checked it with the OverbyteIcsSslWebServ example. I experimented with all the identifiers (DHE-DSS-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-SHA384, ...) and found out that whatever identifier(s) i use, it doesnt change the ciphers for TLS 1.3. Additionally, the identifiers TLS_* are not working at all ("Error loading cipher suites - error:0A0000B9:SSL routines::no cipher match") I then found out by reading the documentation of SSL_CTX_set_cipher_list in https://docs.openssl.org/master/man3/SSL_CTX_set_cipher_list/#synopsis , that the command SSL_CTX_set_cipher_list sets the list of available ciphers for TLSv1.2 and below! SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites. An empty list is permissible. The default value for this setting is: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" Thats exactly what i observed. I then added the function SSL_CTX_set_ciphersuites manually to GSSLEAYImports1 (OverbyteIcsSSLEAY.pas) and was able to control the ciphersuites used for TLS 1.3. Here (SSL_CTX_set_ciphersuites) the TLS_* - identifiers are working as expected 🙂 Of course this was just a test to verify the behaviour. I dont have enough background knowledge to extend your code. But i think this would be the official way to go. 3. I also tested setting the groups. I see that you prepared this option by adding the property SslCryptoGroups to TSslContext, but in OverbyteIcsSslBase, the value of this property is not used. As a test, i then added the following lines at the end of TSslContext.SetProtoSec: if SSL_CTX_set1_groups_list(FSslCtx, PAnsiChar(AnsiString(FSslCryptoGroups))) = 0 then RaiseLastOpenSslError(ESslContextException, TRUE, 'Error settomg groups list'); Now the list of configured CryptoGroups is getting used by OpenSSL. Would you be so kind to verify my findings and include them in the proper way to your codebase? Thanks again and best regards, Roger Edited August 23 by Roger Tinembart Share this post Link to post
Angus Robertson 577 Posted August 23 Thanks for the comments, not all features get fully tested provided they don't break anything, I'll see what I can do improve matters, but it may be a couple of weeks. Angus Share this post Link to post
Roger Tinembart 0 Posted August 23 Thank you very much for your support! Roger Share this post Link to post