App Transport Security

[samuelnair]

It looks like the Apple App Transport Security list of ciphers are not supported currently. By default App Transport Security is enabled and requires the following list of ciphers that support PFS.

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

I built a Kitura-1.6.1 service on Ubuntu-14.01 and using nmap probe I get the below list of ciphers. Trying to connect using URLSession reports a "no shared ciphers available" error.

|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

I can't seem to find any stack overflow or github issues related to this. Is this a new bug or am i just missing something obvious ?

[billabt]

Fixed in 0.12.22. There was bug that was overriding the default cipher suite. This is fix. Actual setting of the cipher suites on macOS is currently not supported pending a rework of the way macOS cipher suites are handled.

[billabt]

One other thing to be aware of, the cipher suites on macOS and Linux are named differently making them somewhat difficult to map. It's possible that you did not enable the proper cipher suites when configuring on Linux. Try setting the SSLService.Configuration.cipherSuite variable to ALL to enable all ciphers when configuring the SSLService. On Linux, the current default is DEFAULT.

[billabt]

Within Kitura, this same thing as above can be accomplished by passing ALL as the value for the cipherSuite: parameter on the SSLConfig initializer you're using.

[samuelnair]

I had tried a number of different cipher names. None of them seemed to work.

Since i was running Kitura on Ubuntu, i am assuming any string that works with the openssl cipher command should work as input to ciperSuite
eg:
openssl ciphers -v 'TLSv1.2'
I am going to test again with your latest patch.

[samuelnair]

Your patch only changes the macOS side of things. The problem i am seeing is on the Linux path of the code base.

I ran a fresh set of tests and i have the same problem. Only the following ciphers are supported by BlueSSL for TLSv1.2

|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_DES_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

[samuelnair]

I tried multiple cipher strings like "ALL", "TLSv1.2" and "DEFAULT" all failed with the same results

[billabt]

The actual ciphers that are supported by BlueSSLService is limited to the ones that are supplied by your installation of OpenSSL. BlueSSLService does nothing more than call the relevant OpenSSL API to set the cipher suite depending on the setting past. What you are seeing is probably what the version of OpenSSL on your Linux box supports.

Yes, the patch covered only macOS. It was made as a result of your initial issue. It turned out that on macOS, BlueSSLService was not setting the proper default cipher suite.

[samuelnair]

After a little more reading. It looks like BlueSSLService needs to implement the Diffie Hellman parameters for those ciphers to become available to the server.

Take a look at the following:
Link 1
Link 2 - Look at the section on Eliptical curve Diffie Hellman

The OpenSSL library on the Ubuntu system supports Perfect Forward Secrecy and the related ciphers. I have tested this using
Server
openssl s_server -accept <port> -cert <certfile> -key <private key>
Client
nscurl --ats-diagnostics https://server:port

[billabt]

I'll take a look. No sure when I'll have time to get to it... In the meantime, I'll re-open this issue so I don't forget.

[samuelnair]

After some testing, adding the following line to SSLService.main: prepareContext() function does enable the necessary ciphers to work with App Transport Security

SSL_CTX_ctrl(context, SSL_CTRL_SET_ECDH_AUTO, 1, nil)

One caveat is that this function is only available in OpenSSL v1.0.2+ , so this does not work with ubuntu-14.04

You can add this to prevent the function from executing on earlier version of OpenSSL

let ver: String = OPENSSL_VERSION_TEXT
if ver.contains("1.0.2") {
    SSL_CTX_ctrl(context, SSL_CTRL_SET_ECDH_AUTO, 1, nil)
}

[billabt]

Thanks for the research and the code snippet. I added the change to the latest version (0.12.23).

[billabt]

The functionality has been added to version 0.12.26 however it must be enabled using a switch when building. See the README.md for more details.