diff options
author | Matthew Jordan <mjordan@digium.com> | 2014-07-03 12:10:17 +0000 |
---|---|---|
committer | Matthew Jordan <mjordan@digium.com> | 2014-07-03 12:10:17 +0000 |
commit | eaee92198d89f7feb4206b412104f439bc80754f (patch) | |
tree | bb8dcaa961300461369a9a3cbb76c5ffc069a7e5 | |
parent | d1c6a9e69ed7fedfe2b61e8cd99093011573f587 (diff) |
main/tcptls: Add support for Perfect Forward Secrecy
This patch enables Perfect Forward Secrecy (PFS) in Asterisk's core TLS API.
Modules that wish to enable PFS should consider the following:
- Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
specify a ECDHE cipher suite in a module's configuration, for example:
tlscipher=AES128-SHA:DES-CBC3-SHA
- Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters
into the private key file, i.e., tlsprivatekey. For an example, see the
default dh2048.pem at
http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt
- Because clients expect the server to prefer PFS, and because OpenSSL sorts
its cipher suites by bit strength, (see "openssl ciphers -v DEFAULT")
consider re-ordering your cipher suites in the conf file. For example:
tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH
will use PFS when offered by the client. Clients which do not offer PFS
fall-back to AES-128 (or even 3DES as recommend by RFC 3261).
Review: https://reviewboard.asterisk.org/r/3647/
ASTERISK-23905 #close
Reported by: Alexander Traud
patches:
tlsPFS_for_HEAD.patch uploaded by Alexander Traud (License 6520)
tlsPFS.patch uploaded by Alexander Traud (License 6520)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417803 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rw-r--r-- | CHANGES | 20 | ||||
-rw-r--r-- | main/tcptls.c | 32 |
2 files changed, 52 insertions, 0 deletions
@@ -40,6 +40,26 @@ chan_dahdi * Added several SS7 config option parameters described in chan_dahdi.conf.sample. +Core +------------------ + * The TLS core in Asterisk now supports Perfect Forward Secrecy (PFS). + Enabling PFS is attempted by default, and is dependent on the configuration + of the module using TLS. + - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not + specify a ECDHE cipher suite in sip.conf, for example: + tlscipher=AES128-SHA:DES-CBC3-SHA + - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters + into the private key file, e.g., sip.conf tlsprivatekey. For example, the + default dh2048.pem - see + http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt + - Because clients expect the server to prefer PFS, and because OpenSSL sorts + its cipher suites by bit strength, see "openssl ciphers -v DEFAULT". + Consider re-ordering your cipher suites in the respective configuration + file. For example: + tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH + will use PFS when offered by the client. Clients which do not offer PFS + fall-back to AES-128 (or even 3DES, as recommended by RFC 3261). + Features ------------------ * The ast_channel_feature_hooks* functions have been added to allow features diff --git a/main/tcptls.c b/main/tcptls.c index 2288f388e..b838452e6 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -825,6 +825,38 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) } } + if (!ast_strlen_zero(cfg->pvtfile)) { + BIO *bio = BIO_new_file(cfg->pvtfile, "r"); + if (bio != NULL) { + DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + if (dh != NULL) { + if (SSL_CTX_set_tmp_dh(cfg->ssl_ctx, dh)) { + long options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE; + options = SSL_CTX_set_options(cfg->ssl_ctx, options); + ast_verb(2, "TLS/SSL DH initialized, PFS cipher-suites enabled\n"); + } + DH_free(dh); + } + BIO_free(bio); + } + } + #ifndef SSL_CTRL_SET_ECDH_AUTO + #define SSL_CTRL_SET_ECDH_AUTO 94 + #endif + /* SSL_CTX_set_ecdh_auto(cfg->ssl_ctx, on); requires OpenSSL 1.0.2 which wraps: */ + if (SSL_CTX_ctrl(cfg->ssl_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) { + ast_verb(2, "TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled\n"); + } else { + /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ + EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (ecdh != NULL) { + if (SSL_CTX_set_tmp_ecdh(cfg->ssl_ctx, ecdh)) { + ast_verb(2, "TLS/SSL ECDH initialized (secp256r1), faster PFS cipher-suites enabled\n"); + } + EC_KEY_free(ecdh); + } + } + ast_verb(2, "TLS/SSL certificate ok\n"); /* We should log which one that is ok. This message doesn't really make sense in production use */ return 1; #endif |