[ipxe-devel] Improving SSL cipher suite?
Geert Stappers
stappers at stappers.nl
Fri Nov 15 20:26:01 UTC 2019
On Wed, Nov 13, 2019 at 03:05:56PM -0500, Santiago Torres-Arias wrote:
> Hi,
>
> I'm Santiago, a TU from Arch Linux and I've been debugging a couple of
> issues with the current https handling of chainloaded scripts.
> Unfortunately, it appears that the supported set of cipher suites on the
> ipxe codebase (mostly AES-CBC-RSA variants) are considered unsafe (e.g.,
> they are vulnerable to the ROBOT attack[1]). That much, that most of the
> best practices suggest disabling those suites in http ssl
> configurations.
>
> Thus, after some discussion on IRC, I want to propose helping update the
> codebase to support more more modern ciphers. Now, I believe that doing
> so is quite an endeavor, and we probably want to pick an upgrade path of
> least resistance:
>
> - Move from CBC to GCM -> would require us to implement this new cipher
> block chaining (for which I can propose patches).
> - Move from RSA key derivation to DSA/EDDSA variants for key derivation.
> This would require implementing a new key derivation function. (for
> this one I could also help, but I'd most likely want somebody familiar
> with the codebase to help me navigate what's the best way forward).
>
> However, the rest of the stack can still safely remain on RSA, and thus
> we wouldn't need to reimplement other parts for the forseeable future.
>
> As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which
> are probably best practice for a couple of years.
>
> What does everybody think?
(-: Everbody went on world tour together with Anybody and Somebody.
So that leaves you, Nobody and me :-)
Don't wait for expliciet "go ahead"
and surely don't wait for a "that would be a silly idea".
Just accept the challenge that you want to face.
> Cheers,
> -Santiago.
>
> [1] https://robotattack.org/
Groeten
Geert Stappers
--
Leven en laten leven
More information about the ipxe-devel
mailing list