[asterisk-bugs] [JIRA] (ASTERISK-23905) Enable Forward Secrecy (PFS) in TLS
Alexander Traud (JIRA)
noreply at issues.asterisk.org
Wed Jun 18 05:04:56 CDT 2014
Alexander Traud created ASTERISK-23905:
------------------------------------------
Summary: Enable Forward Secrecy (PFS) in TLS
Key: ASTERISK-23905
URL: https://issues.asterisk.org/jira/browse/ASTERISK-23905
Project: Asterisk
Issue Type: Improvement
Security Level: None
Components: Channels/chan_sip/TCP-TLS
Affects Versions: Feature Tracker
Reporter: Alexander Traud
Severity: Minor
Already works for Asterisk as the client. Enables Forward Secrecy in TLS ([PFS|http://en.wikipedia.org/wiki/Forward_secrecy]) for Asterisk as the server. Inspired by source code of [stunnel|http://anonscm.debian.org/gitweb/?p=collab-maint/stunnel.git;a=blob;f=src/ctx.c] and Apache HTTP Server Project ([httpd|https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_util_ssl.c]). Similar patch [made|http://trac.pjsip.org/repos/ticket/1765] it into PJSIP. Thank you to Marcello Ceschia and all the others for the pre-review (you know who you are)!
*Usage*
Ephemeral ECDH (ECDHE) is enabled by default.
To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: {{tlscipher=AES128-SHA:DES-CBC3-SHA}}
Ephemeral DH (DHE) is disabled by default.
To enable it, add DH parameters into the private key file (sip.conf tlsprivatekey), for example the default [dh2048.pem|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt].
Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see
{{openssl ciphers -v [DEFAULT|http://www.openssl.org/docs/apps/ciphers.html]}}
consider re-ordering your cipher suites in sip.conf, for example:
{{tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH}}
to use PFS when offered by the client. Clients which do not offer PFS fall-back to AES-128 (or even 3DES as recommend by [RFC|http://tools.ietf.org/html/rfc3261#section-26.2.1]).
*Drawback*
If Java based clients connect to your Asterisk server, go for [1024bit|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh1024.pem?txt] parameters. For more details and other alternatives, [see …|http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html]
*Speed*
With a mobile phone from 2006 (Nokia E61), DHE/3DES, and 2048bit parameters, I got a speed penalty of 0.5 seconds per connection setup. Thank you OpenSSL!
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list