[asterisk-bugs] [JIRA] (ASTERISK-23905) [patch]Enable Forward Secrecy (PFS) in TLS

Wed Jun 18 08:53:56 CDT 2014

     [ https://issues.asterisk.org/jira/browse/ASTERISK-23905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rusty Newton updated ASTERISK-23905:
------------------------------------

    Assignee: Alexander Traud
      Status: Waiting for Feedback  (was: Open)

> [patch]Enable Forward Secrecy (PFS) in TLS
> ------------------------------------------
>
>                 Key: ASTERISK-23905
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23905
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Channels/chan_sip/TCP-TLS
>    Affects Versions: SVN
>            Reporter: Alexander Traud
>            Assignee: Alexander Traud
>            Severity: Minor
>         Attachments: tlsPFS_for_HEAD.patch, tlsPFS.patch
>
>
> Already works for Asterisk as the client. Enables Forward Secrecy in TLS ([PFS|http://en.wikipedia.org/wiki/Forward_secrecy]) for Asterisk as the server. Inspired by source code of [stunnel|http://anonscm.debian.org/gitweb/?p=collab-maint/stunnel.git;a=blob;f=src/ctx.c] and Apache HTTP Server Project ([httpd|https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_util_ssl.c]). Similar patch [made|http://trac.pjsip.org/repos/ticket/1765] it into PJSIP. Thank you to Marcello Ceschia and all the others for the pre-review (you know who you are)!
> *Usage*
> Ephemeral ECDH (ECDHE) is enabled by default.
> To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: {{tlscipher=AES128-SHA:DES-CBC3-SHA}}
> Ephemeral DH (DHE) is disabled by default.
> To enable it, add DH parameters into the private key file (sip.conf tlsprivatekey), for example the default [dh2048.pem|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt].
> Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see
> {{openssl ciphers -v [DEFAULT|http://www.openssl.org/docs/apps/ciphers.html]}}
> consider re-ordering your cipher suites in sip.conf, for example:
> {{tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH}}
> to use PFS when offered by the client. Clients which do not offer PFS fall-back to AES-128 (or even 3DES as recommend by [RFC|http://tools.ietf.org/html/rfc3261#section-26.2.1]).
> *Drawback*
> If Java based clients connect to your Asterisk server, go for  [1024bit|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh1024.pem?txt] parameters. For more details and other alternatives, [see …|http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html]
> *Speed*
> With a mobile phone from 2006 (Nokia E61), DHE/3DES, and 2048bit parameters, I got a speed penalty of 0.5 seconds per connection setup. Thank you OpenSSL!


--
This message was sent by Atlassian JIRA
(v6.2#6252)