[ipxe-devel] Improving SSL cipher suite?

Geert Stappers stappers at stappers.nl
Fri Nov 15 20:26:01 UTC 2019

On Wed, Nov 13, 2019 at 03:05:56PM -0500, Santiago Torres-Arias wrote:
> Hi,
> I'm Santiago, a TU from Arch Linux and I've been debugging a couple of
> issues with the current https handling of chainloaded scripts.
> Unfortunately, it appears that the supported set of cipher suites on the
> ipxe codebase (mostly AES-CBC-RSA variants) are considered unsafe (e.g.,
> they are vulnerable to the ROBOT attack[1]). That much, that most of the
> best practices suggest disabling those suites in http ssl
> configurations.
> Thus, after some discussion on IRC, I want to propose helping update the
> codebase to support more more modern ciphers. Now, I believe that doing
> so is quite an endeavor, and we probably want to pick an upgrade path of
> least resistance:
> - Move from CBC to GCM -> would require us to implement this new cipher
>   block chaining (for which I can propose patches).
> - Move from RSA key derivation to DSA/EDDSA variants for key derivation.
>   This would require implementing a new key derivation function. (for
>   this one I could also help, but I'd most likely want somebody familiar
>   with the codebase to help me navigate what's the best way forward).
> However, the rest of the stack can still safely remain on RSA, and thus
> we wouldn't need to reimplement other parts for the forseeable future.
> As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which
> are probably best practice for a couple of years.
> What does everybody think?

(-:   Everbody went on world tour together with Anybody and Somebody.
    So that leaves you, Nobody and me   :-)

Don't wait for expliciet "go ahead"
and surely don't wait for a "that would be a silly idea".

Just accept the challenge that you want to face.

> Cheers,
> -Santiago.
> [1] https://robotattack.org/

Geert Stappers
Leven en laten leven

More information about the ipxe-devel mailing list