No support for DHE ciphers (TLS)

Bug #1656979 reported by Haw Loeung on 2017-01-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Undecided
Unassigned

Bug Description

Hi,

Seems the OpenLDAP shipped with Xenial (and prior) built against GnuTLS does not support DHE cipher suites.

| hloeung@ldap-server:~$ apt-cache policy slapd
| slapd:
| Installed: 2.4.42+dfsg-2ubuntu3.1
| Candidate: 2.4.42+dfsg-2ubuntu3.1
| Version table:
| *** 2.4.42+dfsg-2ubuntu3.1 500
| 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
| 100 /var/lib/dpkg/status
| 2.4.42+dfsg-2ubuntu3 500
| 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Our LDAP server is configured with the following:

| TLSCertificateFile /etc/ssl/certs/ldap-server.crt
| TLSCertificateKeyFile /etc/ssl/private/ldap-server.key
| TLSCACertificateFile /etc/ssl/certs/ldap-server_chain.crt
| TLSProtocolMin 1.0
| TLSCipherSuite PFS:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-CBC:-CAMELLIA-128-GCM:-CAMELLIA-256-GCM:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:%SERVER_PRECEDENCE
| TLSDHParamFile /etc/ssl/private/dhparams.pem

I know TLSDHParamFile isn't used by OpenLDAP when built with GnuTLS, but thought I'd try anyways. cipherscan[1] shows the following list of cipher suites:

| prio ciphersuite protocols pfs curves
| 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 3 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 4 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 6 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1

Even with TLSCipherSuite config commented out, we see the following cipher suites:

| prio ciphersuite protocols pfs curves
| 1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 2 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 4 AES256-GCM-SHA384 TLSv1.2 None None
| 5 AES256-SHA256 TLSv1.2 None None
| 6 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 7 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 8 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 9 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 10 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 11 AES128-GCM-SHA256 TLSv1.2 None None
| 12 AES128-SHA256 TLSv1.2 None None
| 13 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 14 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
| 15 ECDHE-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
| 16 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 None None

I think the fix is in the patch below that's released in 2.4.39:

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99

Thanks,

Haw

[1]https://github.com/jvehent/cipherscan

Nish Aravamudan (nacc) wrote :

Hello, I'm a bit confused. As you noted, Xenial (and on) have 2.4.42 as the base, but the fix you mention is in 2.4.39. So is it not fixed upstream? Or is this a result of the GnuTLS build?

Changed in openldap (Ubuntu):
status: New → Incomplete
Haw Loeung (hloeung) wrote :

Hmm, not too sure why that is. The version in Debian (and also Ubuntu) definitely doesn't include that patch:

| $ chdist apt-get xenial source slapd
| Reading package lists... Done
| Picking 'openldap' as source package instead of 'slapd'
| NOTICE: 'openldap' packaging is maintained in the 'Git' version control system at:
| git://anonscm.debian.org/pkg-openldap/openldap.git
| Please use:
| git clone git://anonscm.debian.org/pkg-openldap/openldap.git
| Need to get 4993 kB of source archives.
| Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (dsc) [3040 B]
| Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (tar) [4813 kB]
| Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main openldap 2.4.42+dfsg-2ubuntu3.1 (diff) [177 kB]
| Fetched 4993 kB in 14s (343 kB/s)

| $ grep DH_BITS ./libraries/libldap/tls_g.c
| #define DH_BITS (1024)
| gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);

Via online source viewer also confirms this:

https://anonscm.debian.org/git/pkg-openldap/openldap.git/tree/libraries/libldap/tls_g.c#n47
https://anonscm.debian.org/git/pkg-openldap/openldap.git/tree/libraries/libldap/tls_g.c#n294

Changed in openldap (Ubuntu):
status: Incomplete → New

On Tue, Jan 17, 2017 at 12:49:36AM -0000, Haw Loeung wrote:
>I think the fix is in the patch below that's released in 2.4.39:
>
>http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99

http://www.openldap.org/its/?findid=7506 says:

fixed in RE25
fixed in RE24 (2.4.45)

OpenLDAP 2.4.45 has not been released just yet.

Ryan Tandy (rtandy) wrote :

Hello Haw,

openldap 2.4.45 is in artful now, so this should be fixed. could you please try your cipherscan again and confirm?

Thanks!

Changed in openldap (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for openldap (Ubuntu) because there has been no activity for 60 days.]

Changed in openldap (Ubuntu):
status: Incomplete → Expired
Haw Loeung (hloeung) on 2017-11-03
Changed in openldap (Ubuntu):
status: Expired → Incomplete
Changed in openldap (Ubuntu):
status: Incomplete → Expired
Junien Fridrick (axino) on 2018-01-08
Changed in openldap (Ubuntu):
status: Expired → Incomplete
Changed in openldap (Ubuntu):
status: Incomplete → Expired
Junien Fridrick (axino) on 2018-03-12
Changed in openldap (Ubuntu):
status: Expired → Incomplete
Changed in openldap (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers