[asterisk-bugs] [JIRA] (ASTERISK-23907) [patch]Enable Forward Secrecy (PFS) in TLS

Rusty Newton (JIRA) noreply at issues.asterisk.org
Wed Jun 18 08:51:57 CDT 2014 

Rusty Newton created ASTERISK-23907:
---------------------------------------

             Summary: [patch]Enable Forward Secrecy (PFS) in TLS
                 Key: ASTERISK-23907
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23907
             Project: Asterisk
          Issue Type: Improvement
      Security Level: None
          Components: Channels/chan_sip/TCP-TLS
    Affects Versions: SVN
            Reporter: Alexander Traud
            Severity: Minor


Already works for Asterisk as the client. Enables Forward Secrecy in TLS ([PFS|http://en.wikipedia.org/wiki/Forward_secrecy]) for Asterisk as the server. Inspired by source code of [stunnel|http://anonscm.debian.org/gitweb/?p=collab-maint/stunnel.git;a=blob;f=src/ctx.c] and Apache HTTP Server Project ([httpd|https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_util_ssl.c]). Similar patch [made|http://trac.pjsip.org/repos/ticket/1765] it into PJSIP. Thank you to Marcello Ceschia and all the others for the pre-review (you know who you are)!

*Usage*
Ephemeral ECDH (ECDHE) is enabled by default.
To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: {{tlscipher=AES128-SHA:DES-CBC3-SHA}}

Ephemeral DH (DHE) is disabled by default.
To enable it, add DH parameters into the private key file (sip.conf tlsprivatekey), for example the default [dh2048.pem|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt].

Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see
{{openssl ciphers -v [DEFAULT|http://www.openssl.org/docs/apps/ciphers.html]}}
consider re-ordering your cipher suites in sip.conf, for example:
{{tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH}}
to use PFS when offered by the client. Clients which do not offer PFS fall-back to AES-128 (or even 3DES as recommend by [RFC|http://tools.ietf.org/html/rfc3261#section-26.2.1]).

*Drawback*
If Java based clients connect to your Asterisk server, go for  [1024bit|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh1024.pem?txt] parameters. For more details and other alternatives, [see …|http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html]

*Speed*
With a mobile phone from 2006 (Nokia E61), DHE/3DES, and 2048bit parameters, I got a speed penalty of 0.5 seconds per connection setup. Thank you OpenSSL!



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list