**tls Forward Secrecy** [fr]15-10-20, forward secrecy http://en.wikipedia.org/wiki/Forward_secrecy%|% FS %|% protects past sessions against future compromises of secret keys or passwords. In Transport Layer Security it depends on Diffie-Hellman key exchange or elliptic curve Diffie-Hellman-based FS. Code snippet to filter ciphers with tcl_patchLevel 8.6.4 and tls 1.6.7.1 ====== package require tls # avoid RC4 vulnerability attack set psf [lsearch -all -inline -not [tls::ciphers tls1] *RC4*] # only DHE set psf [lsearch -all -inline $psf *DHE*] tls::init -request 0 -require 0 -ssl2 0 -ssl3 0 \ -tls1 0 \ -tls1.1 1 \ -tls1.2 1 \ -ciphers $psf \ -certfile certs/server.pem \ -keyfile certs/skey.pem ====== For evaluation the code above replaces tls::init in tclhttpd(v 3.5.3)'s httpd.tcl. httpd.tcl is located in the bin directory. In tclhttpd.rc we have ====== Config https_port 443 ====== * the lines starting with "Config SSL_" will be ignored * tclhttpd.rc would be a better place to set the psf-ciphers, however a package require tls inside will fail The key files are located in bin/certs Create a self signed certificate: ====== openssl genrsa -des3 -out server.key 2048 # with passphrase ... used #make insecure key openssl rsa -in server.key -out server.key.insec mv server.key server.key.sec mv server.key.insec server.key #make csr openssl req -new -key server.key -out server.csr #self sign openssl x509 -req -days 1001 -in server.csr -signkey server.key -out server.crt # set your destination path e.g. set DEST /tclhttpd/bin mkdir $DEST/certs cp server.crt $DEST/certs/server.pem cp server.key $DEST/certs/skey.pem ====== ***Check if we have SF*** OpenSSL keeps the connection open if SF is supported. Use one of the filtered ciphers: ====== openssl s_client -connect 127.0.0.1:443 -cipher DHE-RSA-AES128-GCM-SHA256 ====== ***Possible Vulnerabilities*** A check with testssl.sh -U 127.0.0.1:443 gives ====== testssl.sh 2.7dev from https://testssl.sh/dev/ ... Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out) CCS (CVE-2014-0224) not vulnerable (OK) Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK) FREAK (CVE-2015-0204) not vulnerable (OK) LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. "testssl.sh -E/-e" spots candidates BEAST (CVE-2011-3389) no SSL3 or TLS1 RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) ====== <>Category Cryptography | Category Tclhttpd