EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Forward Secrecy

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#30074
Posted: 07/21/2014 03:20:33
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Recently the application that I developed with the SBB components has undergone a penetration test. The results are good, but one point of interest is that the server does not support 'Forward Secrecy'.

I've found some information about this on the web, but couldn't find anything specific related to SBB. Does the SBB TElHTTPSServer support forward secrecy and how can I implement this in my application?
#30075
Posted: 07/21/2014 03:24:34
by Eugene Mayevski (EldoS Corp.)

That is accomplished by using DHE cipher suites in SSL/TLS.

1. Disable all cipher suites and enable the ones with DHE in their names. This is done using CipherSuites property.

2. Use CipherSuitePriorities property to change priorities of the cipher suites to put ECDHE cipher suites to the top.

However, restricting the list of cipher suite can have a consequence of not being able to perform handshake with some clients. So it's possible for the purpose of your test to just move *DHE cipher suites to the top priority, and not disable other cipher suites.


Sincerely yours
Eugene Mayevski
#30101
Posted: 07/22/2014 04:58:52
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

I did the changes mentioned above: all DHE ciphers have priority 5 and the ECDHE ciphers have priority 6. I didn't disable any ciphers.

The strange thing is that now my client won't connect with an error 75778. I thought that the client would pick a cipher from the list of ciphers presented by the server, based on the priority and the supported ciphers. But somehow the client fails now that the DHE ciphers have top priorty.

The client is based on TElHTTPSClient, all cipher settings on default values.

Do I need to make changes to the client as well?
#30103
Posted: 07/22/2014 06:39:05
by Ken Ivanov (EldoS Corp.)

Hi Birger,

1) Could you please put a breakpoint inside the client's OnError event handler and catch the call stack? Besides, please check the value of the client's CipherSuite property from inside the handler.

2) Please try to only promote DHE ciphers (and not ECDHE) up the prioritized list. The problem is likely to be specific to ECDHE ciphers, so not promoting them will probably help to work around the issue straightforwardly. This does not mean that we will not be looking into the problem; this step is only intended for making the things work for you straight away.

Ken
#30107
Posted: 07/22/2014 07:25:01
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Hi Ken,
Quote
Ken Ivanov wrote:
Hi Birger,

1) Could you please put a breakpoint inside the client's OnError event handler and catch the call stack? Besides, please check the value of the client's CipherSuite property from inside the handler.


The stack trace is:
Code
SBSimpleSSL.TElCustomSimpleSSLClient.DoError($360B150,75778,True,True)
SBSSLClient.TElSSLClient.DoError(75778,True,True)
SBSSLClient.TElSSLClient.TLS1ParseOnAlertLayer($35F26F8,2)
SBSSLClient.TElSSLClient.TLS1ParseOnRecordLayer($35F26F8,2,ctAlert,0,0)
SBSSLClient.TElSSLClient.AnalyzeBuffer
SBSSLClient.TElSSLClient.DataAvailable
SBSimpleSSL.TElCustomSimpleSSLClient.DataAvailable
SBSimpleSSL.TElCustomSimpleSSLClient.IntMessageLoop(False)
SBSimpleSSL.TElCustomSimpleSSLClient.DoMessageLoop(False)
SBSimpleSSL.TElCustomSimpleSSLClient.Open
SBHTTPSClient.TElHTTPSClient.PerformRequest(1,'[url]')
SBHTTPSClient.TElHTTPSClient.Get('[url]')

(I replaced the actual url with [ url ])

The procedure TLS1ParseOnAlertLayer fails because PByteArray(P)[0] = 2 which should be 1 according to the code...

The CipherSuite is 146 (SB_SUITE_ECDHE_RSA_AES256_GCM_SHA384?)
If I disable that one I get the same error on 145, 144, 143, 142, ... (stopped testing)

Quote
Ken Ivanov wrote:
2) Please try to only promote DHE ciphers (and not ECDHE) up the prioritized list. The problem is likely to be specific to ECDHE ciphers, so not promoting them will probably help to work around the issue straightforwardly. This does not mean that we will not be looking into the problem; this step is only intended for making the things work for you straight away.

Ken


If I don't promote the ECDHE ciphers or completely disable them I get an exception in TElPublicKeyCrypto.Encrypt:
Code
Project xxx.exe raised exception class EElPublicKeyCryptoError with message 'Public key not found'.

This exception only shows up while running in the debugger.

It is followed by SSL Error 75797 (ERROR_SSL_INTERNAL_ERROR).
#30117
Posted: 07/22/2014 11:03:31
by Ken Ivanov (EldoS Corp.)

Birger, thank you for the detailed answer.

This is really weird and indicates that there is an issue somewhere on the key exchange stage. Do I understand you right that there have been no other changes to the component configuration except promotion of the DHE ciphers?

Besides, as SecureBlackbox 12 has been released this last weekend, could you please upgrade to it and check if it exposes the same issue?

Ken
#30131
Posted: 07/23/2014 04:32:11
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Hi Ken,
Quote

This is really weird and indicates that there is an issue somewhere on the key exchange stage. Do I understand you right that there have been no other changes to the component configuration except promotion of the DHE ciphers?

That is correct. When I disable the code that promotes the ciphers everything works (no other changes have been made). When I enable this code I get the exceptions mentioned above.

Quote

Besides, as SecureBlackbox 12 has been released this last weekend, could you please upgrade to it and check if it exposes the same issue?

I tried with SBB12 and it has the same issue.

I notice a small difference, not sure if it is of any significance:
If I run without the debugger I get this exception:
Code
SSL error: 75797
Connection lost (error code is 100353)

If I run in the debugger I get this exception:
Code
SSL error: 75797
Connection failed due to error (75797)

Can it be a problem with my server certificate, must the certificate somehow also support these ciphers?

Kind regards,
Birger
#30159
Posted: 07/25/2014 04:34:10
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Any updates to this issue?
#30160
Posted: 07/25/2014 06:23:37
by Ken Ivanov (EldoS Corp.)

Hi Birger,

We are sorry for the delayed answer. We are trying to reproduce the issue at the moment.

The exact ciphersuite used by the peers does depend on the public key carried by the server certificate (e.g. you can't use ECDSA ciphersuites with RSA certificate and the other way round), yet, the server should ignore ciphersuites not matching its certificate automatically. I.e. even though you might have promoted some ciphersuites up the priority list, they should just be ignored by the server if they do not match its certificate.

BTW, what algorithm is your certificate's public key of?

Ken
#30161
Posted: 07/25/2014 06:30:16
by Birger Jansen (Standard support level)
Joined: 07/19/2012
Posts: 73

Quote
Ken Ivanov wrote:
BTW, what algorithm is your certificate's public key of?

The public key is RSA (2048 Bits)
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2210 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!