From 25b096450de21fd143007792cfcc566575ae1e29 Mon Sep 17 00:00:00 2001 From: Daniel Roethlisberger Date: Fri, 25 Mar 2016 16:28:30 +0100 Subject: [PATCH] Modernize DHE and ECDHE support Enable full strength DHE and ECDHE by default in order to allow modern browsers to connect without weak crypto warnings. Issue: #119 Reported by: @curioustwo --- defaults.h | 2 +- main.c | 2 +- pxyconn.c | 4 ++-- sslsplit.1 | 18 ++++-------------- 4 files changed, 8 insertions(+), 18 deletions(-) diff --git a/defaults.h b/defaults.h index 30a1331..28334b4 100644 --- a/defaults.h +++ b/defaults.h @@ -60,7 +60,7 @@ /* * Default elliptic curve for EC cipher suites. */ -#define DFLT_CURVE "secp160r2" +#define DFLT_CURVE "prime256v1" #endif /* !DEFAULTS_H */ diff --git a/main.c b/main.c index c5f34ff..6d0b944 100644 --- a/main.c +++ b/main.c @@ -151,7 +151,7 @@ main_usage(void) #define OPT_g #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH -" -G curve use ECDH named curve (default: " DFLT_CURVE " for non-RSA leafkey)\n" +" -G curve use ECDH named curve (default: " DFLT_CURVE ")\n" #define OPT_G "G:" #else /* OPENSSL_NO_ECDH */ #define OPT_G diff --git a/pxyconn.c b/pxyconn.c index f51f39f..3240ce1 100644 --- a/pxyconn.c +++ b/pxyconn.c @@ -714,7 +714,7 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain, #ifndef OPENSSL_NO_DH if (ctx->opts->dh) { SSL_CTX_set_tmp_dh(sslctx, ctx->opts->dh); - } else if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { + } else { SSL_CTX_set_tmp_dh_callback(sslctx, ssl_tmp_dh_callback); } #endif /* !OPENSSL_NO_DH */ @@ -723,7 +723,7 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain, EC_KEY *ecdh = ssl_ec_by_name(ctx->opts->ecdhcurve); SSL_CTX_set_tmp_ecdh(sslctx, ecdh); EC_KEY_free(ecdh); - } else if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { + } else { EC_KEY *ecdh = ssl_ec_by_name(NULL); SSL_CTX_set_tmp_ecdh(sslctx, ecdh); EC_KEY_free(ecdh); diff --git a/sslsplit.1 b/sslsplit.1 index 76de487..2762231 100644 --- a/sslsplit.1 +++ b/sslsplit.1 @@ -140,24 +140,14 @@ Use Diffie-Hellman group parameters from \fIpemfile\fP for Ephemereal Diffie-Hellman (EDH/DHE) cipher suites. If \fB-g\fP is not given, SSLsplit first tries to load DH parameters from the PEM files given by \fB-K\fP, \fB-k\fP or \fB-c\fP. If no DH parameters are found in the key files, built-in -512 or 1024 bit group parameters are automatically used iff a non-RSA private -key is given with \fB-K\fP. -This is because DSA/DSS private keys can by themselves only be used for signing -and thus require DH to exchange an SSL/TLS session key. -If \fB-g\fP is given, the parameters from the given \fIpemfile\fP will always -be used, even with RSA private keys (within the cipher suites available in -OpenSSL). +group parameters are automatically used. The \fB-g\fP option is only available if SSLsplit was built against a version of OpenSSL which supports Diffie-Hellman cipher suites. .TP .B \-G \fIcurve\fP -Use the named \fIcurve\fP for Ephemereal Elliptic Curve Diffie-Hellman (EECDH) -cipher suites. If \fB-G\fP is not given, a default curve (\fBsecp160r2\fP) is -used automatically iff a non-RSA private key is given with \fB-K\fP. -This is because ECDSA/ECDSS private keys can by themselves only be used for -signing and thus require ECDH to exchange an SSL/TLS session key. -If \fB-G\fP is given, the named \fIcurve\fP will always be used, even with RSA -private keys (within the cipher suites available in OpenSSL). +Use the named \fIcurve\fP for Ephemereal Elliptic Curve Diffie-Hellman (ECDHE) +cipher suites. If \fB-G\fP is not given, a default curve (\fBprime256v1\fP) is +used automatically. The \fB-G\fP option is only available if SSLsplit was built against a version of OpenSSL which supports Elliptic Curve Diffie-Hellman cipher suites. .TP