Issue in TLS 1.3 custom ciphersuites order

Question

Issue in TLS 1.3 custom ciphersuites order

ealashwali opened this issue 6 years ago · 12 comments

I noticed that in TLS 1.3, tls-scan has issue in the ciphersuites order. It is not sent in the same order as I make it in the command. The ciphersuites order matters in TLS and I need the ciphersuites to be sent on the wire in the same order I make in the command. I hope there is a fix for the issue.

The command
./tls-scan --infile=input.csv --port=443 --cacert=../../../../../etc/ssl/certs/ca-certificates.crt --ciphers="TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" --outfile=output.json

The issue:
What is actually sent in the client hello (using packet analyser) is the following order:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

The swapped ciphersuites positions are not fixed. In another example, I tried another longer list and the first ciphersuites was in the right position, but it just swapped the second and third. This behaviour is newly introduced with the TLS 1.3 supporting version. The old one was sent in the right order.

Answer 1 · 2018-12-03T16:43:34.000Z

I did not make any change to the existing behavior, so it should be same.

BTW, see this from the ./tls-scan --help:

 -C  --ciphers=<arg>      Ciphers to use; try 'openssl ciphers' to see all.
                           NOTE: overwritten by --ssl2, --ssl3, --tls1
                           --tls1_1, --tls1_2, --tls1_3 options (if provided)
                           https://www.openssl.org/docs/man1.0.1/apps/ciphers.html

To change the current model, you may modify this code:
ed2b34f#diff-2045016cb90d1e65d71c2407a2570927R1305

Answer 2 · 2018-12-03T17:11:06.000Z

Thanks. I can not use the --tls1_3 as it does not serve my purpose. None of these options provide the list of ciphers and the order I need. I need a custom list that is not in these options.

What do you mean by change the current model? Do you mean change the --tls1_3 list to my custom list? If I changed the code, how to change the compilation file to compile my local code instead of pulling your code? Can you point to me in the .sh file?

I prefer to use the --ciphers to specify the list of ciphersuites as this is what it is designed for (I do not add any other options like --tls1_3, etc. that will overwrite the custom ciphers.

In TLS 1.3 tls-scan does not send the order correctly.

Answer 3 · 2018-12-03T17:27:01.000Z

My system's openssl is OpenSSL 1.1.0g. so when I type openssl ciphers it shows me the available ciphers of this version I think. How can I list the versions of the OpenSSL1.1.1a that is linked to tls-scan?

Answer 4 · 2018-12-03T17:29:19.000Z

TLSv1.3 ciphersuites work differently to ciphersuites in TLSv1.2. OpenSSL has a new API for managing them in version 1.1.1. You cannot use SSL_CTX_set_cipher_list() to set TLSv1.3 ciphersuites which - as far as I can tell - tls-scan is doing.

See the documentation here:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html

TLSv1.3 ciphersuites are set using SSL_CTX_set_ciphersuites().

Answer 5 · 2018-12-03T17:57:53.000Z

@mattcaswell Is SSL_CTX_set_ciphersuites() backward compatible with TLSv1.2 and below ciphersuites? Because I need a custom list that (like browsers) have a mixture of TLSv1.3 and TLSv1.2 and DES ciphersuites.

Answer 6 · 2018-12-03T18:01:00.000Z

SSL_CTX_set_ciphersuites() is only for setting TLSv1.3 ciphersuites. It can be used in conjunction with SSL_CTX_set_cipher_list() which can be used for setting the TLSv1.2 ciphersuites. Note that you cannot specify the relative orderings of TLSv1.3 vs TLSv1.2 ciphersuites, i.e. TLSv1.3 ciphersuties always come before the TLSv1.2 ciphersuites. In practice this should make no difference at all since the two lists are mutually exclusive (TLSv1.3 ciphersuites can't be used in TLSv1.2 and below, and TLSv1.2 ciphersuites can't be used in TLSv1.3 and above).

Answer 7 · 2018-12-03T18:04:09.000Z

@mattcaswell thanks. Yes I put TLSv1.3 ciphers before TLSv1.2. But TLSv1.3 ciphers themselves (I have about 3 or 4 TLSv1.3 ciphersuites) have orders and priorities. tls-scan doe not sent the TLSv1.3 ciphers in the order I specify in the command.

Answer 8 · 2018-12-03T19:38:58.000Z

@mattcaswell thank you for pointing out the issue. I was not aware of the new OpenSSL API.

@ealashwali I can try with the new API and hopefully that works for you.

Answer 9 · 2018-12-03T22:02:41.000Z

@prbinu thanks. hopefully it solves the issue. Just ping me plz when this is done.

Answer 10 · 2018-12-08T15:00:16.000Z

@prbinu Is there any update?

Answer 11 · 2018-12-09T00:09:58.000Z

build and try now.

Answer 12 · 2018-12-09T18:29:04.000Z

Thanks. The ciphersuites order in the wire is now similar to the one in the command.