Jump to content

Recommended Posts

Dear ICS Team

 

First of all, thank you very much for making this great package available. This is an immense effort!

 

I am experimenting with ICS 9.2. I am supposed to program a TLS 1.3 connection between a server and a client program. This basically works. But our security department has required me to only allow certain ciphers and groups. I tried to fulfill this using the SslCipherList and SslCryptoGroups properties (TSslContext) and to test it with the OverbyteIcsSslWebServ example. Unfortunately, it only works partially.

 

1. Ciphers: in the 'New Ciphers' field I enter 'ECDHE-ECDSA-AES256-GCM-SHA384'. When starting ('Start HTTPS' button), only this one value is actually passed to OpenSSL. I can see this clearly in OverbyteIcsSslBase.pas, line 6675 (SSL_CTX_set_cipher_list). Here only the string 'ECDHE-ECDSA-AES256-GCM-SHA384' is passed to OpenSSL. However, after starting, the program window shows that the following four ciphers are used: TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, ECDHE-ECDSA-AES256-GCM-SHA384. According to our security department, I am not allowed to use the ciphers with CHACHA20.

 

2. Groups: TSslContext has a property SslCryptoGroups. I assume that this property is intended to specify the groups to use. However, I don't see any effect, no matter what value I specify here. Interestingly, I don't see any use of this property in the code (in OverbyteIcsSslBase.pas).

 

I determined the ciphers and groups that are actually used using the test program sslscan-2.1.4. Please find attached the output of sslscan.

 

Question: How can I exclude the CHACHA cipher and the ffdhe2048 group? Is this possible via ICS or do I have to control this somehow via an openssl configuration file?

 

Thank you very much for the helpful information!

sslscan-result.txt

Share this post


Link to post

Can you please confirm your query only relates to the ICS SSL server, and not clients? 

 

From your comments, I assume you are not using IcsHosts to specify certificates and SSL parameters? 

 

Angus

 

 

Share this post


Link to post

1. yes, my question relates to ICS SSL server. But i hope that i can limit the ciphers and groups also in the client which i will program later. I started with the server part.

 

2. i will use TSslWSocketServer with one entry in IcsHost to specify the parameters for a secured and an unsecured connection (two different ports). I added an SslContextBeforeInit-Handler which gets called after 'Listen'. There i set the SslCipherList, SslMinVersion, SslMaxVersion, SslCryptoGroups and the settings to verify the peer. But to be sure that the "problem" with ciphers and groups is not based on my code and to make it easier for you to reproduce it, i double-tested it with the original demos (OverbyteIcsSslWebServ).

Share this post


Link to post
Posted (edited)

If you are using IcsHosts, you can not set any SslContext options, they are set by the component according to the SslSrvSecurity level you set, which uses internal cipher lists with Mozilla recommended cipher suites according to how much backward compatibility you want with older clients on ancient versions of Windows of Android.  

 

For TLS/1.3, it always adds the sslCipherTLS13 constant ciphers, which include CHACHA20.  So perhaps the answer to your problem is one or more SslSrvSecurity levels that only have AES ciphers? 

 

Meanwhile, you could edit that constant to remove the first cipher in the list to fix your problem.  Beware the TLS/1.2 ciphers also include CHACHA20.

 

I probably have to revisit ciphers again since newer OpenSSL versions are adding newer ciphers, which we currently ignore. 

 

Angus

 

 

 

Edited by Angus Robertson

Share this post


Link to post
Posted (edited)

Hi Angus

Thanks for your suggestions.

 

1. Yes, I know that when I use IcsHosts, a new SslContext is created and the ciphers are set based on FSslSrvSecurty. This is done in the OverbyteIcsWSocketS.pas file, ValidateHosts on lines 3965 to 4020. However, later, on line 4053, I have the option to change these ciphers:

{ V8.66 allows application to change IcsHost and SslContext for special ciphers or protocols }

if Assigned(FonBeforeContextInit) then begin
    FOnBeforeContextInit(self, FIcsHosts );
end;

So I think it should be possible to change the SslContext even if I use IcsHosts? Anyway, I could work without IcsHosts if it simplifies my task.

 

2. I changed the constant sslCipherTLS13 in the OverbyteIcsSslBase file, line 296, to "TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:". This did not change the behavior of using the CHACHA20 cipher. I double checked it with the OverbyteIcsSslWebServ example. I experimented with all the identifiers (DHE-DSS-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-SHA384, ...) and found out that whatever identifier(s) i use, it doesnt change the ciphers for TLS 1.3. Additionally, the identifiers TLS_* are not working at all ("Error loading cipher suites - error:0A0000B9:SSL routines::no cipher match")

 

I then found out by reading the documentation of SSL_CTX_set_cipher_list in https://docs.openssl.org/master/man3/SSL_CTX_set_cipher_list/#synopsis , that the command SSL_CTX_set_cipher_list sets the list of available ciphers for TLSv1.2 and belowSSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites. An empty list is permissible. The default value for this setting is: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

 

Thats exactly what i observed. I then added the function SSL_CTX_set_ciphersuites manually to GSSLEAYImports1 (OverbyteIcsSSLEAY.pas) and was able to control the ciphersuites used for TLS 1.3. Here (SSL_CTX_set_ciphersuites) the TLS_* - identifiers are working as expected 🙂 Of course this was just a test to verify the behaviour. I dont have enough background knowledge to extend your code. But i think this would be the official way to go.

 

3. I also tested setting the groups. I see that you prepared this option by adding the property SslCryptoGroups to TSslContext, but in OverbyteIcsSslBase, the value of this property is not used. As a test, i then added the following lines at the end of TSslContext.SetProtoSec:

 

        if SSL_CTX_set1_groups_list(FSslCtx, PAnsiChar(AnsiString(FSslCryptoGroups))) = 0 then
            RaiseLastOpenSslError(ESslContextException, TRUE, 'Error settomg groups list');
 

Now the list of configured CryptoGroups is getting used by OpenSSL. 

 

 

Would you be so kind to verify my findings and include them in the proper way to your codebase?

 

Thanks again and best regards, Roger

 

Edited by Roger Tinembart

Share this post


Link to post

Thanks for the comments, not all features get fully tested provided they don't break anything, I'll see what I can do improve matters, but it may be a couple of weeks.

 

Angus

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×