Skip to content

Instantly share code, notes, and snippets.

@azet

azet/gist:1276944274f8cd5ac5cc

Last active March 3, 2016 05:02
Show Gist options
  • Save azet/1276944274f8cd5ac5cc to your computer and use it in GitHub Desktop.
Save azet/1276944274f8cd5ac5cc to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSL 1.0.1s finally removes all mention of EXPORT ciphersuites
Raw
gistfile1.txt
azet@orpheus ~/test/openssl-1.0.1r/apps % ./openssl ciphers 'ALL' -V | grep EXP
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
0x00,0x14 - EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
0x00,0x11 - EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
0x00,0x19 - EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
0x00,0x08 - EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
0x00,0x06 - EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
0x04,0x00,0x80 - EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
0x00,0x17 - EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
0x00,0x03 - EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
0x02,0x00,0x80 - EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
azet@orpheus ~/test/openssl-1.0.1r/apps % cd ../../openssl-1.0.1s/apps
azet@orpheus ~/test/openssl-1.0.1s/apps % ./openssl ciphers 'ALL' -V | grep EXP
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
1 azet@orpheus ~/test/openssl-1.0.1s/apps %
@azet
Copy link
Author

azet commented Mar 1, 2016

It used to be possible in earlier OpenSSL 1.0.1-branch releases to negotiate working TLS 1.2-only connections with EXPORT cipher-suites between OpenSSL servers and clients. This behavior is explicitly prohibited in RFC4346 (TLS 1.1) and TLS protocol versions beyond. As such RFC4346 states in Appendix A.5. (pp. 61-62):

...

   When SSLv3 and TLS 1.0 were designed, the United States restricted
   the export of cryptographic software containing certain strong
   encryption algorithms.  A series of cipher suites were designed to
   operate at reduced key lengths in order to comply with those
   regulations.  Due to advances in computer performance, these
   algorithms are now unacceptably weak, and export restrictions have
   since been loosened.  TLS 1.1 implementations MUST NOT negotiate
   these cipher suites in TLS 1.1 mode.  However, for backward 
   compatibility they may be offered in the ClientHello for use with
   TLS 1.0 or SSLv3-only servers.  TLS 1.1 clients MUST check that the
   server did not choose one of these cipher suites during the
   handshake.  These ciphersuites are listed below for informational
   purposes and to reserve the numbers.

    CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5         = { 0x00,0x03 };
    CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5     = { 0x00,0x06 };
    CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA      = { 0x00,0x08 };
    CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   = { 0x00,0x0B };
    CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   = { 0x00,0x0E };
    CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x11 };
    CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x14 };
    CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5     = { 0x00,0x17 };
    CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x19 };

...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment