[svn-commits] mjordan: trunk r417803 - in /trunk: CHANGES main/tcptls.c

SVN commits to the Digium repositories svn-commits at lists.digium.com
Thu Jul 3 07:10:21 CDT 2014 

Author: mjordan
Date: Thu Jul  3 07:10:17 2014
New Revision: 417803

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=417803
Log:
main/tcptls: Add support for Perfect Forward Secrecy

This patch enables Perfect Forward Secrecy (PFS) in Asterisk's core TLS API.
Modules that wish to enable PFS should consider the following:

- Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
  specify a ECDHE cipher suite in a module's configuration, for example:
  tlscipher=AES128-SHA:DES-CBC3-SHA

- Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters
  into the private key file, i.e., tlsprivatekey. For an example, see the
  default dh2048.pem at
http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt

- Because clients expect the server to prefer PFS, and because OpenSSL sorts
  its cipher suites by bit strength, (see "openssl ciphers -v DEFAULT")
  consider re-ordering your cipher suites in the conf file. For example:
tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH
  will use PFS when offered by the client. Clients which do not offer PFS
  fall-back to AES-128 (or even 3DES as recommend by RFC 3261).

Review: https://reviewboard.asterisk.org/r/3647/

ASTERISK-23905 #close
Reported by: Alexander Traud
patches:
  tlsPFS_for_HEAD.patch uploaded by Alexander Traud (License 6520)
  tlsPFS.patch uploaded by Alexander Traud (License 6520)


Modified:
    trunk/CHANGES
    trunk/main/tcptls.c

Modified: trunk/CHANGES
URL: http://svnview.digium.com/svn/asterisk/trunk/CHANGES?view=diff&rev=417803&r1=417802&r2=417803
==============================================================================
--- trunk/CHANGES (original)
+++ trunk/CHANGES Thu Jul  3 07:10:17 2014
@@ -39,6 +39,26 @@
 
  * Added several SS7 config option parameters described in
    chan_dahdi.conf.sample.
+
+Core
+------------------
+ * The TLS core in Asterisk now supports Perfect Forward Secrecy (PFS).
+   Enabling PFS is attempted by default, and is dependent on the configuration
+   of the module using TLS.
+   - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
+     specify a ECDHE cipher suite in sip.conf, for example:
+       tlscipher=AES128-SHA:DES-CBC3-SHA
+   - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters
+     into the private key file, e.g., sip.conf tlsprivatekey. For example, the
+     default dh2048.pem - see
+     http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt
+   - Because clients expect the server to prefer PFS, and because OpenSSL sorts
+     its cipher suites by bit strength, see "openssl ciphers -v DEFAULT".
+     Consider re-ordering your cipher suites in the respective configuration
+     file. For example:
+       tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH
+     will use PFS when offered by the client. Clients which do not offer PFS
+     fall-back to AES-128 (or even 3DES, as recommended by RFC 3261).
 
 Features
 ------------------

Modified: trunk/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/tcptls.c?view=diff&rev=417803&r1=417802&r2=417803
==============================================================================
--- trunk/main/tcptls.c (original)
+++ trunk/main/tcptls.c Thu Jul  3 07:10:17 2014
@@ -825,6 +825,38 @@
 		}
 	}
 
+	if (!ast_strlen_zero(cfg->pvtfile)) {
+		BIO *bio = BIO_new_file(cfg->pvtfile, "r");
+		if (bio != NULL) {
+			DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+			if (dh != NULL) {
+				if (SSL_CTX_set_tmp_dh(cfg->ssl_ctx, dh)) {
+					long options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE;
+					options = SSL_CTX_set_options(cfg->ssl_ctx, options);
+					ast_verb(2, "TLS/SSL DH initialized, PFS cipher-suites enabled\n");
+				}
+				DH_free(dh);
+			}
+			BIO_free(bio);
+		}
+	}
+	#ifndef SSL_CTRL_SET_ECDH_AUTO
+		#define SSL_CTRL_SET_ECDH_AUTO 94
+	#endif
+	/* SSL_CTX_set_ecdh_auto(cfg->ssl_ctx, on); requires OpenSSL 1.0.2 which wraps: */
+	if (SSL_CTX_ctrl(cfg->ssl_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) {
+		ast_verb(2, "TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled\n");
+	} else {
+		/* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */
+		EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+		if (ecdh != NULL) {
+			if (SSL_CTX_set_tmp_ecdh(cfg->ssl_ctx, ecdh)) {
+				ast_verb(2, "TLS/SSL ECDH initialized (secp256r1), faster PFS cipher-suites enabled\n");
+			}
+			EC_KEY_free(ecdh);
+		}
+	}
+
 	ast_verb(2, "TLS/SSL certificate ok\n");	/* We should log which one that is ok. This message doesn't really make sense in production use */
 	return 1;
 #endif

More information about the svn-commits mailing list