Uploaded image for project: 'XenServer Org'
  1. XenServer Org
  2. XSO-636

Xenserver 7.0 TLS1.2 cipher compatibility problem with Firefox 49.0.2

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Wishlist (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 7.0
    • Fix Version/s: None
    • Component/s: other
    • Labels:
      None
    • Environment:

      Xenserver 7.0 fully patched.
      Firefox 49.0.2 client on Windows 10 x64.

      Description

      When Xenserver is set to TLS1.2 only mode there is a compatibility problem with Firefox 49.0.2 - Error code: SSL_ERROR_NO_CYPHER_OVERLAP

      I have made some diagnostics below and suggestion for change. Hopefully I haven't missed some blindingly obvious aspect...

      (1) Xenserver TLS1.2 default supported ciphers
      ----------------------------------------------
      Using TestSSLServer4 diagnostics tool (http://www.bolet.org/TestSSLServer/)

      C:\Users\Android\Downloads>TestSSLServer4.exe xen1.mydomain.com
      Connection: xen1.mydomain.com:443
      SNI: xen1.mydomain.com
      TLSv1.2:
      server selection: uses client preferences
      3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA256
      =========================================
      +++++ SSLv3/TLS: 1 certificate chain(s)
      +++ chain: length=2
      names match: yes
      includes root: yes
      signature hash(es): SHA-256
      + certificate order: 0
      thumprint: E20D8B1AA3BB4292XXXXXXXX0B2FA53F8062C90E6
      serial: 34
      subject: CN=xen1.mydomain.com,OU=Custom,O=Custom
      issuer: CN=Custom CA,OU=Custom,O=Custom
      valid from: 2016-11-01 00:00:00 UTC
      valid to: 2017-10-31 23:59:59 UTC
      key type: RSA
      key size: 2048
      sign hash: SHA-256
      server names:
      xen1.mydomain.com
      + certificate order: 1
      thumprint: E4760726FD35D5XXXXXXXXXXA0BD93B156A864F
      serial: 01
      subject: CN=Custom CA,OU=Custom,O=Custom
      issuer: CN=Custom CA,OU=Custom,O=Custom
      valid from: 2014-11-01 00:00:00 UTC
      valid to: 2024-10-31 23:59:59 UTC
      key type: RSA
      key size: 2048
      sign hash: SHA-256
      (self-issued)
      =========================================
      Server compression support: yes
      Server time: 2016-11-04 15:59:22 UTC (offset: -178 ms)
      Secure renegotiation support: yes
      SSLv2 ClientHello format (for SSLv3+): no
      =========================================
      WARN[CP001]: Server supports compression.
      WARN[CS006]: Server supports cipher suites with no forward secrecy.

      (Note that certificate and root CA are signed by myself. I have added my root certificate to xenserver CA store using update-ca-trust etc. I don't believe there are problems here.)

      (2) Firefox 49.0.2 supported ciphers
      ------------------------------------
      Using Qualys SSL Labs browser test (https://www.ssllabs.com/ssltest/viewMyClient.html)

      Firefox 49.0.2 cipher support

      Cipher Suites (in order of preference)
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
      TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
      TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
      TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
      TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

      (3) Union of Xenserver and Firefox ciphers
      ------------------------------------------
      With an RSA certificate the only ciphers usable with Firefox are,

      TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
      TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
      TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

      However these are not TLS1.2 compliant. Therefore I believe it necessary to use an EC (eliptic curve) certificate.

      (4) Installation of Eliptic Curve certificate
      ---------------------------------------------
      I generated and installed an EC certificate,

      X509v3 Basic Constraints : CA:FALSE
      X509v3 Key Usage : Digital Signature
      X509v3 Extended Key Usage : TLS Web Server Authentication

      then temporarily modifying /opt/xensource/linexec/xapissl to GOOD_CIPHERS='ALL'. After restarting Xapi gives the following supported ciphers with Stunnel,

      C:\Users\Android\Downloads>TestSSLServer4.exe xen1.mydomain.com
      Connection: xen1.mydomain.com:443
      SNI: xen1.mydomain.com
      TLSv1.2:
      server selection: uses client preferences
      3fA (key: none) DH_anon_WITH_RC4_128_MD5
      2fA (key: none) DH_anon_WITH_DES_CBC_SHA
      3fA (key: none) DH_anon_WITH_3DES_EDE_CBC_SHA
      3fA (key: none) DH_anon_WITH_AES_128_CBC_SHA
      3fA (key: none) DH_anon_WITH_AES_256_CBC_SHA
      3fA (key: none) DH_anon_WITH_CAMELLIA_128_CBC_SHA
      3fA (key: none) DH_anon_WITH_AES_128_CBC_SHA256
      3fA (key: none) DH_anon_WITH_AES_256_CBC_SHA256
      3fA (key: none) DH_anon_WITH_CAMELLIA_256_CBC_SHA
      3fA (key: none) DH_anon_WITH_SEED_CBC_SHA
      3fA (key: none) DH_anon_WITH_AES_128_GCM_SHA256
      3fA (key: none) DH_anon_WITH_AES_256_GCM_SHA384
      3f- (key: EC) ECDHE_ECDSA_WITH_RC4_128_SHA
      3f- (key: EC) ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_128_CBC_SHA
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      3fA (key: none) ECDH_anon_WITH_RC4_128_SHA
      3fA (key: none) ECDH_anon_WITH_3DES_EDE_CBC_SHA
      3fA (key: none) ECDH_anon_WITH_AES_128_CBC_SHA
      3fA (key: none) ECDH_anon_WITH_AES_256_CBC_SHA
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      =========================================
      +++++ SSLv3/TLS: 1 certificate chain(s)
      +++ chain: length=2
      names match: yes
      includes root: yes
      signature hash(es): SHA-256
      + certificate order: 0
      thumprint: A702D507D256B9XXXXXXXXXX2B7B9373A5DB9095
      serial: 3B
      subject: CN=xen1.mydomain.com,OU=Custom,O=Custom
      issuer: CN=Custom CA,OU=Custom,O=Custom
      valid from: 2016-11-01 00:00:00 UTC
      valid to: 2017-10-31 23:59:59 UTC
      key type: EC
      key size: 256
      key curve: ansix9p256r1 (P-256)
      sign hash: SHA-256
      server names:
      xen1.mydomain.com
      + certificate order: 1
      thumprint: E4760726FD35DXXXXXXXXXX08A0BD93B156A864F
      serial: 01
      subject: CN=Custom CA,OU=Custom,O=Custom
      issuer: CN=Custom CA,OU=Custom,O=Custom
      valid from: 2014-11-01 00:00:00 UTC
      valid to: 2024-10-31 23:59:59 UTC
      key type: RSA
      key size: 2048
      sign hash: SHA-256
      (self-issued)
      =========================================
      Server compression support: yes
      Server time: 2016-11-04 16:25:08 UTC (offset: -267 ms)
      Secure renegotiation support: yes
      SSLv2 ClientHello format (for SSLv3+): no
      Minimum DH size: 2048
      DH parameter reuse: yes
      Minimum EC size (no extension): 256
      Minimum EC size (with extension): 256
      ECDH parameter reuse: yes
      Supported curves (size and name) ('*' = selected by server):

      • 256 secp256r1 (P-256)
        =========================================
        WARN[CP001]: Server supports compression.
        WARN[CS003]: Server supports weak cipher suites (56 bits).
        WARN[CS005]: Server supports RC4.

      (5) Final Ciphers list
      ----------------------
      Modifying configuration /opt/xensource/linexec/xapissl restricting ciphers to ones with key:EC + AES + CBC gives,

      GOOD_CIPHERS='ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384'

      Retesting the configured ciphers gives,

      C:\Users\Android\Downloads>TestSSLServer4.exe xen1.mydomain.com
      Connection: xen1.mydomain.com:443
      SNI: xen1.mydomain.com
      TLSv1.2:
      server selection: uses client preferences
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_128_CBC_SHA
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      3f- (key: EC) ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
      =========================================
      +++++ SSLv3/TLS: 1 certificate chain(s)
      +++ chain: length=2
      names match: yes
      includes root: yes
      signature hash(es): SHA-256
      + certificate order: 0
      thumprint: A702D507D256B9XXXXXXXX232B7B9373A5DB9095
      serial: 3B
      subject: CN=xen1.mydomain.com,OU=Custom,O=Custom
      issuer: CN=Custom CA,OU=Custom,O=Custom
      valid from: 2016-11-01 00:00:00 UTC
      valid to: 2017-10-31 23:59:59 UTC
      key type: EC
      key size: 256
      key curve: ansix9p256r1 (P-256)
      sign hash: SHA-256
      server names:
      xen1.mydomain.com
      + certificate order: 1
      thumprint: E4760726FD35D502XXXXXXXXXX0BD93B156A864F
      serial: 01
      subject: CN=Custom CA,OU=Custom,O=Custom
      issuer: CN=Custom CA,OU=Custom,O=Custom
      valid from: 2014-11-01 00:00:00 UTC
      valid to: 2024-10-31 23:59:59 UTC
      key type: RSA
      key size: 2048
      sign hash: SHA-256
      (self-issued)
      =========================================
      Server compression support: yes
      Server time: 2016-11-04 16:34:58 UTC (offset: 23 ms)
      Secure renegotiation support: yes
      SSLv2 ClientHello format (for SSLv3+): no
      Minimum EC size (no extension): 256
      Minimum EC size (with extension): 256
      ECDH parameter reuse: yes
      Supported curves (size and name) ('*' = selected by server):

      • 256 secp256r1 (P-256)
        =========================================
        WARN[CP001]: Server supports compression.

      It is also necessary to modify /etc/xapi.conf

      ciphersuites-good-outbound = !EXPORT:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384

      Testing against Firefox, it now connects.

      My suggestion is just one possible way to faciliate TLS1.2 with Firefox, I'm sure there are better ways...

      Please consider to modify TLS1.2 configution, if not for 7.0 then for project Ely.

      Many thanks
      Andrew Peek

        Attachments

          Activity

            People

            • Assignee:
              enzo enzo raso
              Reporter:
              Android256 Andrew Peek
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: