rpms / zarafa

Clone
Source Code
GIT

Files

el4 el5 el6 epel7 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 main rawhide
  1.   el5
  2.   zarafa-7.1.13-ssl_dhe.patch
Blob Blame History Raw 
Patch by Robert Scheck <robert@fedoraproject.org> for Zarafa >= 7.1.13 which implements DHE aka EDH
(diffie-hellman key exchange) support. https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange is
providing more information about Perfect Forward Secrecy (PFS). This implementation might need some
more resources compared to ECDHE, however not all servers and/or clients are supporting it through;
e.g. Red Hat Enterprise Linux 5 (and derivates). The prime length of 1024, 2048, 3072, 4096, 6144
and 8192 bits are based on the private key size to avoid any static DH parameters. Please be aware
that this patch may cause issues with some older SSL/TLS clients, mostly Java 7 or earlier, that do
not support primes larger than 1024 bits.

Suggestions for testing; run the following openssl(1) commands before and after applying this patch:

1. echo QUIT | openssl s_client -cipher 'kEDH:ALL' -connect <host>:110 -starttls pop3 2>&1 | grep Cipher
2. echo QUIT | openssl s_client -cipher 'kEDH:ALL' -connect <host>:143 -starttls imap 2>&1 | grep Cipher
3. echo QUIT | openssl s_client -cipher 'kEDH:ALL' -connect <host>:237 2>&1 | grep Cipher
4. echo QUIT | openssl s_client -cipher 'kEDH:ALL' -connect <host>:993 2>&1 | grep Cipher
5. echo QUIT | openssl s_client -cipher 'kEDH:ALL' -connect <host>:995 2>&1 | grep Cipher
6. echo QUIT | openssl s_client -cipher 'kEDH:ALL' -connect <host>:8443 2>&1 | grep Cipher

After applying this patch the output should contain e.g. "DHE-RSA-AES256-GCM-SHA384" on a Red Hat
Enterprise Linux 6 (and derivates). Without this patch the result is e.g. "AES256-GCM-SHA384". Note
that ZCP-12237 is maybe having influence on the result depending on the exact test case.

Important: As https://www.mail-archive.com/haproxy@formilux.org/msg13274.html is the origin for this
patch (a HAProxy patch suggestion, which itself bases on mod_ssl of Apache httpd), the licensing is
likely a combination out of the Apache License, Version 2.0, the GNU General Public License, version
2 (or later) and the GNU Affero General Public License, version 3 (and thus excludes dual-licensing
situations such as at the upstream of Zarafa).

This patch should be only applied after ZCP-12237 and its dependencies.

--- zarafa-7.1.13/common/ECChannel.cpp					2015-07-30 01:01:07.212313822 +0200
+++ zarafa-7.1.13/common/ECChannel.cpp.ssl_dhe				2015-07-30 02:05:36.045747555 +0200
@@ -85,6 +85,119 @@
 // because of statics
 SSL_CTX* ECChannel::lpCTX = NULL;
 
+#if !defined(OPENSSL_NO_DH)
+static DH *ssl_get_dh_1024(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc2409_prime_1024(NULL);
+		// See RFC 2409, Section 6 "Oakley Groups" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_2048(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_2048(NULL);
+		// See RFC 3526, Section 3 "2048-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_3072(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_3072(NULL);
+		// See RFC 3526, Section 4 "3072-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_4096(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_4096(NULL);
+		// See RFC 3526, Section 5 "4096-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_6144(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_6144(NULL);
+		// See RFC 3526, Section 6 "6144-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_8192(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_8192(NULL);
+		// See RFC 3526, Section 7 "8192-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+// Returns Diffie-Hellman parameters matching the private key length
+static DH *ssl_get_tmp_dh(SSL *ssl, int exporting, int keylen) {
+	DH *dh = NULL;
+	EVP_PKEY *pkey = SSL_get_privatekey(ssl);
+	int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
+
+	if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
+		keylen = EVP_PKEY_bits(pkey);
+	}
+
+	if (keylen >= 8192) {
+		dh = ssl_get_dh_8192();
+	} else if (keylen >= 6144) {
+		dh = ssl_get_dh_6144();
+	} else if (keylen >= 4096) {
+		dh = ssl_get_dh_4096();
+	} else if (keylen >= 3072) {
+		dh = ssl_get_dh_3072();
+	} else if (keylen >= 2048) {
+		dh = ssl_get_dh_2048();
+	} else {
+		dh = ssl_get_dh_1024();
+	}
+
+	return dh;
+}
+#endif
+
 HRESULT ECChannel::HrSetCtx(ECConfig *lpConfig, ECLogger *lpLogger) {
 	HRESULT hr = hrSuccess;
 	char *szFile = NULL;
@@ -116,6 +229,11 @@
 
 	SSL_CTX_set_options(lpCTX, SSL_OP_ALL);			 // enable quirk and bug workarounds
 
+#if !defined(OPENSSL_NO_DH)
+	SSL_CTX_set_options(lpCTX, SSL_OP_SINGLE_DH_USE);
+	SSL_CTX_set_tmp_dh_callback(lpCTX, ssl_get_tmp_dh);
+#endif
+
 #if !defined(OPENSSL_NO_ECDH) && defined(NID_X9_62_prime256v1)
 	ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 
--- zarafa-7.1.13/provider/server/ECSoapServerConnection.cpp		2015-07-30 01:01:07.212313822 +0200
+++ zarafa-7.1.13/provider/server/ECSoapServerConnection.cpp.ssl_dhe	2015-07-30 02:05:54.658626465 +0200
@@ -165,6 +165,119 @@
 	return nRet;
 }
 
+#if !defined(OPENSSL_NO_DH)
+static DH *ssl_get_dh_1024(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc2409_prime_1024(NULL);
+		// See RFC 2409, Section 6 "Oakley Groups" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_2048(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_2048(NULL);
+		// See RFC 3526, Section 3 "2048-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_3072(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_3072(NULL);
+		// See RFC 3526, Section 4 "3072-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_4096(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_4096(NULL);
+		// See RFC 3526, Section 5 "4096-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_6144(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_6144(NULL);
+		// See RFC 3526, Section 6 "6144-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+static DH *ssl_get_dh_8192(void) {
+	DH *dh = DH_new();
+	if (dh) {
+		dh->p = get_rfc3526_prime_8192(NULL);
+		// See RFC 3526, Section 7 "8192-bit MODP Group" for the reason why we use 2 as a generator
+		BN_dec2bn(&dh->g, "2");
+		if (!dh->p || !dh->g) {
+			DH_free(dh);
+			dh = NULL;
+		}
+	}
+	return dh;
+}
+
+// Returns Diffie-Hellman parameters matching the private key length
+static DH *ssl_get_tmp_dh(SSL *ssl, int exporting, int keylen) {
+	DH *dh = NULL;
+	EVP_PKEY *pkey = SSL_get_privatekey(ssl);
+	int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
+
+	if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
+		keylen = EVP_PKEY_bits(pkey);
+	}
+
+	if (keylen >= 8192) {
+		dh = ssl_get_dh_8192();
+	} else if (keylen >= 6144) {
+		dh = ssl_get_dh_6144();
+	} else if (keylen >= 4096) {
+		dh = ssl_get_dh_4096();
+	} else if (keylen >= 3072) {
+		dh = ssl_get_dh_3072();
+	} else if (keylen >= 2048) {
+		dh = ssl_get_dh_2048();
+	} else {
+		dh = ssl_get_dh_1024();
+	}
+
+	return dh;
+}
+#endif
+
 ECSoapServerConnection::ECSoapServerConnection(ECConfig* lpConfig, ECLogger* lpLogger)
 {
 	m_lpConfig = lpConfig;
@@ -271,6 +384,11 @@
 
 	SSL_CTX_set_options(lpsSoap->ctx, SSL_OP_ALL);
 
+#if !defined(OPENSSL_NO_DH)
+	SSL_CTX_set_options(lpsSoap->ctx, SSL_OP_SINGLE_DH_USE);
+	SSL_CTX_set_tmp_dh_callback(lpsSoap->ctx, ssl_get_tmp_dh);
+#endif
+
 #if !defined(OPENSSL_NO_ECDH) && defined(NID_X9_62_prime256v1)
 	ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.