[ipxe-devel] Improving SSL cipher suite?

Santiago Torres-Arias santiago at archlinux.org
Wed Nov 13 20:05:56 GMT 2019


Hi,

I'm Santiago, a TU from Arch Linux and I've been debugging a couple of
issues with the current https handling of chainloaded scripts.
Unfortunately, it appears that the supported set of cipher suites on the
ipxe codebase (mostly AES-CBC-RSA variants) are considered unsafe (e.g.,
they are vulnerable to the ROBOT attack[1]). That much, that most of the
best practices suggest disabling those suites in http ssl
configurations.

Thus, after some discussion on IRC, I want to propose helping update the
codebase to support more more modern ciphers. Now, I believe that doing
so is quite an endeavor, and we probably want to pick an upgrade path of
least resistance:

- Move from CBC to GCM -> would require us to implement this new cipher
  block chaining (for which I can propose patches).
- Move from RSA key derivation to DSA/EDDSA variants for key derivation.
  This would require implementing a new key derivation function. (for
  this one I could also help, but I'd most likely want somebody familiar
  with the codebase to help me navigate what's the best way forward).

However, the rest of the stack can still safely remain on RSA, and thus
we wouldn't need to reimplement other parts for the forseeable future.

As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which
are probably best practice for a couple of years.

What does everybody think?

Cheers,
-Santiago.

[1] https://robotattack.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20191113/2b8c746b/attachment.asc>


More information about the ipxe-devel mailing list