You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
304 lines
11 KiB
304 lines
11 KiB
From 87887a7a658bf305bfe6619eedcbc6c3972cc188 Mon Sep 17 00:00:00 2001 |
|
From: Hubert Kario <hkario@redhat.com> |
|
Date: Tue, 10 Jun 2014 14:13:33 +0200 |
|
Subject: [PATCH] backport changes to ciphers(1) man page |
|
|
|
Backport of the patch: |
|
add ECC strings to ciphers(1), point out difference between DH and ECDH |
|
and few other changes applicable to the 1.0.1 code base. |
|
|
|
* Make a clear distinction between DH and ECDH key exchange. |
|
* Group all key exchange cipher suite identifiers, first DH then ECDH |
|
* add descriptions for all supported *DH* identifiers |
|
* add ECDSA authentication descriptions |
|
* add example showing how to disable all suites that offer no |
|
authentication or encryption |
|
* backport listing of elliptic curve cipher suites. |
|
* backport listing of TLS 1.2 cipher suites, add note that DH_RSA |
|
and DH_DSS is not implemented in this version |
|
* backport of description of PSK and listing of PSK cipher suites |
|
* backport description of AES128, AES256 and AESGCM options |
|
* backport description of CAMELLIA128, CAMELLIA256 options |
|
--- |
|
doc/apps/ciphers.pod | 195 ++++++++++++++++++++++++++++++++++++++++++++------ |
|
1 file changed, 173 insertions(+), 22 deletions(-) |
|
|
|
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod |
|
index f44aa00..6086d0a 100644 |
|
--- a/doc/apps/ciphers.pod |
|
+++ b/doc/apps/ciphers.pod |
|
@@ -36,7 +36,7 @@ SSL v2 and for SSL v3/TLS v1. |
|
|
|
=item B<-V> |
|
|
|
-Like B<-V>, but include cipher suite codes in output (hex format). |
|
+Like B<-v>, but include cipher suite codes in output (hex format). |
|
|
|
=item B<-ssl3> |
|
|
|
@@ -116,8 +116,8 @@ specified. |
|
=item B<COMPLEMENTOFDEFAULT> |
|
|
|
the ciphers included in B<ALL>, but not enabled by default. Currently |
|
-this is B<ADH>. Note that this rule does not cover B<eNULL>, which is |
|
-not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary). |
|
+this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>, |
|
+which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary). |
|
|
|
=item B<ALL> |
|
|
|
@@ -165,21 +165,58 @@ included. |
|
=item B<aNULL> |
|
|
|
the cipher suites offering no authentication. This is currently the anonymous |
|
-DH algorithms. These cipher suites are vulnerable to a "man in the middle" |
|
-attack and so their use is normally discouraged. |
|
+DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable |
|
+to a "man in the middle" attack and so their use is normally discouraged. |
|
|
|
=item B<kRSA>, B<RSA> |
|
|
|
cipher suites using RSA key exchange. |
|
|
|
+=item B<kDHr>, B<kDHd>, B<kDH> |
|
+ |
|
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA |
|
+and DSS keys or either respectively. Not implemented. |
|
+ |
|
=item B<kEDH> |
|
|
|
-cipher suites using ephemeral DH key agreement. |
|
+cipher suites using ephemeral DH key agreement, including anonymous cipher |
|
+suites. |
|
|
|
-=item B<kDHr>, B<kDHd> |
|
+=item B<EDH> |
|
|
|
-cipher suites using DH key agreement and DH certificates signed by CAs with RSA |
|
-and DSS keys respectively. Not implemented. |
|
+cipher suites using authenticated ephemeral DH key agreement. |
|
+ |
|
+=item B<ADH> |
|
+ |
|
+anonymous DH cipher suites, note that this does not include anonymous Elliptic |
|
+Curve DH (ECDH) cipher suites. |
|
+ |
|
+=item B<DH> |
|
+ |
|
+cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH. |
|
+ |
|
+=item B<kECDHr>, B<kECDHe>, B<kECDH> |
|
+ |
|
+cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA |
|
+keys or either respectively. |
|
+ |
|
+=item B<kEECDH> |
|
+ |
|
+cipher suites using ephemeral ECDH key agreement, including anonymous |
|
+cipher suites. |
|
+ |
|
+=item B<EECDHE> |
|
+ |
|
+cipher suites using authenticated ephemeral ECDH key agreement. |
|
+ |
|
+=item B<AECDH> |
|
+ |
|
+anonymous Elliptic Curve Diffie Hellman cipher suites. |
|
+ |
|
+=item B<ECDH> |
|
+ |
|
+cipher suites using ECDH key exchange, including anonymous, ephemeral and |
|
+fixed ECDH. |
|
|
|
=item B<aRSA> |
|
|
|
@@ -194,30 +231,39 @@ cipher suites using DSS authentication, i.e. the certificates carry DSS keys. |
|
cipher suites effectively using DH authentication, i.e. the certificates carry |
|
DH keys. Not implemented. |
|
|
|
+=item B<aECDH> |
|
+ |
|
+cipher suites effectively using ECDH authentication, i.e. the certificates |
|
+carry ECDH keys. |
|
+ |
|
+=item B<aECDSA>, B<ECDSA> |
|
+ |
|
+cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA |
|
+keys. |
|
+ |
|
=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA> |
|
|
|
ciphers suites using FORTEZZA key exchange, authentication, encryption or all |
|
FORTEZZA algorithms. Not implemented. |
|
|
|
-=item B<TLSv1>, B<SSLv3>, B<SSLv2> |
|
- |
|
-TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. |
|
+=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2> |
|
|
|
-=item B<DH> |
|
- |
|
-cipher suites using DH, including anonymous DH. |
|
+TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note: |
|
+there are no ciphersuites specific to TLS v1.1. |
|
|
|
-=item B<ADH> |
|
+=item B<AES128>, B<AES256>, B<AES> |
|
|
|
-anonymous DH cipher suites. |
|
+cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES. |
|
|
|
-=item B<AES> |
|
+=item B<AESGCM> |
|
|
|
-cipher suites using AES. |
|
+AES in Galois Counter Mode (GCM): these ciphersuites are only supported |
|
+in TLS v1.2. |
|
|
|
-=item B<CAMELLIA> |
|
+=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA> |
|
|
|
-cipher suites using Camellia. |
|
+cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit |
|
+CAMELLIA. |
|
|
|
=item B<3DES> |
|
|
|
@@ -251,6 +297,10 @@ cipher suites using MD5. |
|
|
|
cipher suites using SHA1. |
|
|
|
+=item B<SHA256>, B<SHA384> |
|
+ |
|
+ciphersuites using SHA256 or SHA384. |
|
+ |
|
=item B<aGOST> |
|
|
|
cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction |
|
@@ -277,6 +327,9 @@ cipher suites, using HMAC based on GOST R 34.11-94. |
|
|
|
cipher suites using GOST 28147-89 MAC B<instead of> HMAC. |
|
|
|
+=item B<PSK> |
|
+ |
|
+cipher suites using pre-shared keys (PSK). |
|
|
|
=back |
|
|
|
@@ -423,7 +476,100 @@ Note: these ciphers can also be used in SSL v3. |
|
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA |
|
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA |
|
|
|
-=head2 SSL v2.0 cipher suites. |
|
+=head2 Elliptic curve cipher suites. |
|
+ |
|
+ TLS_ECDH_RSA_WITH_NULL_SHA ECDH-RSA-NULL-SHA |
|
+ TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA |
|
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA |
|
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA |
|
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA |
|
+ |
|
+ TLS_ECDH_ECDSA_WITH_NULL_SHA ECDH-ECDSA-NULL-SHA |
|
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA |
|
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA |
|
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA |
|
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA |
|
+ |
|
+ TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA |
|
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA |
|
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA |
|
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA |
|
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA |
|
+ |
|
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA |
|
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA |
|
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA |
|
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA |
|
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA |
|
+ |
|
+ TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA |
|
+ TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA |
|
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA |
|
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA |
|
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA |
|
+ |
|
+=head2 TLS v1.2 cipher suites |
|
+ |
|
+ TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 |
|
+ |
|
+ TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 |
|
+ TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 |
|
+ TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 |
|
+ TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 |
|
+ |
|
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Not implemented. |
|
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Not implemented. |
|
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Not implemented. |
|
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Not implemented. |
|
+ |
|
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Not implemented. |
|
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Not implemented. |
|
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Not implemented. |
|
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Not implemented. |
|
+ |
|
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 |
|
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 |
|
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 |
|
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 |
|
+ |
|
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 |
|
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 |
|
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 |
|
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 |
|
+ |
|
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 |
|
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 |
|
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 |
|
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 |
|
+ |
|
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 |
|
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 |
|
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 |
|
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 |
|
+ |
|
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 |
|
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 |
|
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 |
|
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 |
|
+ |
|
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 |
|
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 |
|
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 |
|
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 |
|
+ |
|
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 |
|
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 |
|
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 |
|
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 |
|
+ |
|
+=head2 Pre shared keying (PSK) cipheruites |
|
+ |
|
+ TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA |
|
+ TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA |
|
+ TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA |
|
+ TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA |
|
+ |
|
+=head2 Deprecated SSL v2.0 cipher suites. |
|
|
|
SSL_CK_RC4_128_WITH_MD5 RC4-MD5 |
|
SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 |
|
@@ -452,6 +598,11 @@ strength: |
|
|
|
openssl ciphers -v 'ALL:!ADH:@STRENGTH' |
|
|
|
+Include all ciphers except ones with no encryption (eNULL) or no |
|
+authentication (aNULL): |
|
+ |
|
+ openssl ciphers -v 'ALL:!aNULL' |
|
+ |
|
Include only 3DES ciphers and then place RSA ciphers last: |
|
|
|
openssl ciphers -v '3DES:+RSA' |
|
-- |
|
1.7.9.5 |
|
|
|
|