What determines the cipher suite? - ssl

I am using mbedtls on my TLS application. I've a question about the cipher suites.
When I debug my process, I get below lines from server side:
selected ciphersuite: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
What is the reason for selecting this CHACHA20-POLY1305 cipher ? Key? or certificate? or something else?
How can I change my chipher suite to TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?

What is the reason for selecting this CHACHA20-POLY1305 cipher
The ciphers supported by the server and by the client, including their preferences. Thus it depends on client and server configurations and on their TLS stacks.
How can I change my chipher suite to TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?
The RSA in the currently chosen cipher suite means that an RSA certificate was used for authentication. The ECDSA in the cipher you want means that the server needs to use a ECDSA certificate instead, i.e. you cannot achieve this with an RSA certificate.
Some servers can use both a RSA and ECDSA certificate in which case the choice of certificate depends again on client and server configuration regarding supported ciphers, preference etc.

Related

Wireshark Decryption of TLS V1.2

I have traffic between clients (which send XML over HTTPS) to my IIS.
I tried to decrypt the traffic using Wireshark and the following settings:
Adding the private key:
But even after setting this, I can't see the decrypted data:
Should I change any other settings to see the original data?
There is strong possibility that a Diffie-Hellman (DH) key exchange is being used here. In that case Wireshark cannot decipher SSL/TLs with a private key. You can check for this in the handshake packet.
From the Docs:
The RSA private key file can only be used in the following
circumstances:
The cipher suite selected by the server is not using (EC)DHE.
The protocol version is SSLv3, (D)TLS 1.0-1.2. It does not work with TLS 1.3.
The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA)
certificate.
The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.

Apache httpd "Obsolete connection setting"

I have an existing server that is using the following setting.
The connection to this site uses TLS 1.2 (a strong protocol), RSA (an
obsolete key exchange), and AES_128_CBC with HMAC-SHA1 (an obsolete cipher).
If I want to change the key exchange and cipher, do I need to get a new certificate?
The cipher is (mostly) unrelated to the certificate. Given that you are using a RSA certificate (since otherwise RSA key exchange would not be possible) you can switch to ECDHE key exchange. And instead of AES-128-CBC you might use AES-128-GCM or AES-256. For useful configurations you might use the Mozilla SSL Configuration Generator.

Creating an RC4 / DES SSL PFX

I'm trying to check a specific IIS configuration, which should reject weak SSL certificates.
How would I go about creating an SSL certificate with either RC4 or DES encryption?
I've tried using openssl with the -des flag, but it seems to still create a sha256 cert.
The choice of the symmetric cipher used in TLS (i.e. RC4, DES, AES...) does not depend on the certificate. This means that any certificate you'll create can be used together with RC4, DES, ... . Instead of trying to enforce a strong cipher using the certificate you have to do this in the server configuration. See Mozilla: Security/Server Side TLS for examples on how to configure common web servers with strong ciphers.

Determine protocol and cipher compatibility with server certificate

My server may be attached to a RSA or ECDSA certificate.
In my code I set the prtocol method as
sslmethod = SSLv23_server_method();
and setting the cipher using the SSL_CTX_set_cipher_list() API.
The problem is when the server is attached to ECDSA certificate and if I pass "RSA" cipher SSL_CTX_set_cipher_list() does not return any error though "RSA" cipher is not compatible with ECDSA certificates.
Is there any openssl API which I can use to find out if the cipher we are going to set is compatible with the certificate or with protocol or not?
Is there any openssl API which I can use to find out if the cipher we are going to set is compatible with the certificate or with protocol or not?
If you author the app and own the server, then YES, you do know what to expect. But the general case is NO, you don't know in advance and you can't query for it. You try to setup a channel and if it fails, then you try something else.
Generally speaking, there's no way to know in advance what cipher suites a server supports; or what type of public key is bound in the server's certificate. In fact, there's no way to know what protocol versions (SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, etc) a server supports. Its the reason for RFC 7405, TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks.
In 2016/2017, about the best you can do is assume:
No SSLv2, SSLv3; only TLS 1.0 and above
Cipher suites from the collection "HIGH:!aNULL:!kRSA:!RC4:!MD5"
"!kRSA" is "no RSA key transport", and it means you can only use ephemeral key exchanges. If a server has a RSA key, then it will only be used for authentication. That is, the key will be used to sign the server's ephemeral values during key exchange so the client knows they are authentic.

Is there a public psk server to test tls handshake?

What I want is test tls handshake when psk is active.
I also want to see every http header exchanged during the connection between client (my laptop) and public server.
Now I am wondering if there is a public psk tls server where I can do my test.
Regards.
I doubt that there is a web server using PSK on the internet open for public testing. Also I doubt that browsers support PSK cipher suites. But you can setup your own web server using PSK with openssl:
openssl s_server -psk 1a2b3c4d -nocert -www
And the matching client:
openssl s_client -connect 127.0.0.1:4433 -psk 1a2b3c4d
As for the HTTP protocol: it is independent from the TLS layer, i.e. it does not change if PSK or the normal authentication with certificates is used.
Even if some public TLS Server were to support PSK, you won't be able to test your client with it. There is a fundamental difference between the way public key authentication (which is used by most of the TLS Servers) work and PSK.
Public Key Authentication:
Incase of Public Key Server Authentication (the ones that doesn't involve Client Authentication), the server sends a Certificate, which contains a Public Key and Client encrypts it's pre-master secret and sends it to server which only the server can decrypt. In this way both have the same pre-master secret and can use the same set of derivations to further derive the final key.
Pre-Shared key:
As the name indicates the pre-shared requires both parties to have the same key pre-shared among themselves. They just exchange the IDs between them to indicate which of the Pre-Shared they will be using to generate the final key.
So, even if there is a server which supports PSK, you should have the same set of (or atleast one) of the keys which it has, which is impossible as those servers won't share their keys with anyone apart from whom it is supposed to be shared with (the legit clients).
So, the best way for you is to use openssl's test client and server tools and test it.