[Bug 1590163] Re: disable export grade ciphers

[Stephan Hennig]

The above mentioned command shows that export grade ciphers are supported.  That doesn't mean they are considered during cipher negotiation or even advertised by the client.  But those ciphers are part of certain cipher strings, like ALL, DES, SHA etc.  A user/developer not explicitly diabbling
export grade ciphers using !EXP in the cipher string argument may advertise those ciphers unintentionally, exposing an app to (yet) future attacks trying to mitigate negotiated cipher strength, like FREAK and Logjam attacks did.

The crux is, end-users have no easy way to monitor cipher negotiation
and file bugs against a particular app.  Even if one sets-up his own
test server to check a particular app, that effort seems wasted, since
many apps can benefit from disabling unsafe ciphers in one central piece
code - the SSL library.

As for the planned 16.04 transition, which updates OpenSSL to a version with export grade ciphers already disabled, I've heard rumours that no decision has been made up until today whether all current devices will take part in the transition to 16.04.  If a new attack is made public after support ended for a particular device that is still on 15.04, users cannot use that device for
trusted communication anymore.

Yes, disabling export grade ciphers is an investment into the future
anticipating new attacks.  But that future may be tomorrow.  I suggest
acting now, disabling export grade ciphers for the next OTA and be on
the safe(er) side.  At least, reasoning of OpenSSL developers seems to
be along these lines (see link given in original bug report).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1590163

Title:
  disable export grade ciphers

Status in openssl package in Ubuntu:
  New

Bug description:
  # System

  device: Aquaris BQ E4.5
  OS: Ubuntu 15.04, OTA-11 
  OpenSSL version:
    $dpkg --list |grep libssl
  ii  libssl1.0.0:armhf                                    1.0.1f-1ubuntu11.6                                         armhf        Secure Sockets Layer toolkit - shared libraries

  
  # Observed behaviour

  OpenSSL provides export grade ciphers:

    $openssl ciphers -v EXP
  EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
  EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
  EXP-ADH-DES-CBC-SHA     SSLv3 Kx=DH(512)  Au=None Enc=DES(40)   Mac=SHA1 export
  EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
  EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
  EXP-ADH-RC4-MD5         SSLv3 Kx=DH(512)  Au=None Enc=RC4(40)   Mac=MD5  export
  EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

  
  # Expected behaviour

  No export grade ciphers are provided in binaries.

  
  # Rationale

  Export grade ciphers are insecure.  By design.  In response to FREAK and
  Logjam attacks, OpenSSL developers disabled export grade ciphers in
  OpenSSL v1.0.1m (March 2015),
  cf. <URL:https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/>.

  To bypass similar future attacks, deactivation of export grade ciphers should be
  backported to 15.04.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1590163/+subscriptions