Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

"New" TLS/SSL support in Mono 0.31

Mono 0.31 has just been released. And while this isn't the first release to support SSL/TLS* it is the first time that this support is integrated into the WebRequest and WebResponse classes.

[*] Much of this work was contributed by Carlos Guzman Alvarez and reside in Mono.Security.dll assembly. Carlos is currently adding server-side support for TLS/SSL. Carlos, you rock! (and you should blog ;-)

TLS and SSL being such complex beast, requires to qualify the term support. In this case complexity comes from the fact that TLS/SSL is a negociating protocol - so here support equals supported ciphers. Here are the supported ciphers when using .NET framework 1.1 on Windows XP SP1 when using TLS with an OpenSSL server:

  • DES-CBC3-SHA
  • DES-CBC-SHA
  • EXP1024-RC4-SHA
  • EXP1024-DES-CBC-SHA
  • EXP-RC4-MD5
  • EXP-RC2-CBC-MD5
  • EDH-DSS-DES-CBC3-SHA
  • EDH-DSS-DES-CBC-SHA
  • EXP1024-DHE-DSS-DES-CBC-SHA
  • RC4-MD5
  • RC4-SHA

The [red] algorithms are not supported in Mono 0.31. Actually it is not so bad because (a) you don't wanna use exportable algorithms (EXP) and (b) it's a negotiating protocol.

Now here is what Mono 0.31 supports:

  • AES256-SHA
  • AES128-SHA
  • DES-CBC3-SHA
  • DES-CBC-SHA
  • RC4-SHA
  • RC4-MD5

The [green] algorithms are not supported on Windows XP / Fx 1.1. Yes you seen it correctly Mono will try to use a 256 bits TLS connection if the server supports it. So who's missing the 40-56 bits exportable ciphers ?

Now I won't encourage anyone to use exportable ciphers - because you shouldn't, unless you're not legally required to do so :-(. As some people may not have the choice (server side) and because a client can't always choose it's server, the next version of Mono (i.e. not the one just released, but the code is available in CVS if you can't wait for it) will add the support of the following algorithms.

  • EXP-RC4-MD5 - 40 bits (effective key strengh)
  • EXP-RC2-CBC-MD5 40 bits
  • EXP-DES-CBC-SHA - 40 bits
  • EXP1024-RC4-MD5 - 56 bits
  • EXP1024-RC4-SHA - 56 bits
  • EXP1024-DES-CBC-SHA - 56 bits, which anyway is the maximum for DES
  • EXP1024-RC2-CBC-MD5 - 56 bits

This should cover the most of the unlucky earthlings. Frankly, unless a brick approach too close (or too fast) from my head, I don't think I'll add up new TLS/SSL algorithms soon. Sure there are others, mainly the one using Diffie-Hellman (DH), but I don't think it's worth the time right now. Of course any contribution will be gladly accepted.

Interested ? If so Diffie-Hellman is already supported in Mono and OpenSSL can make a good test server without too much trouble. In case you curious my version of OpenSSL (0.9.7a - which will soon be patched) supports:

  • DHE-RSA-AES256-SHA
  • DHE-DSS-AES256-SHA
  • AES256-SHA
  • EDH-RSA-DES-CBC3-SHA
  • EDH-DSS-DES-CBC3-SHA
  • DES-CBC3-SHA
  • DHE-RSA-AES128-SHA
  • DHE-DSS-AES128-SHA
  • AES128-SHA
  • DHE-DSS-RC4-SHA
  • EXP-KRB5-RC4-MD5
  • EXP-KRB5-RC4-SHA
  • KRB5-RC4-MD5
  • KRB5-RC4-SHA
  • RC4-SHA
  • RC4-MD5
  • KRB5-DES-CBC3-MD5
  • KRB5-DES-CBC3-SHA
  • EXP1024-DHE-DSS-DES-CBC-SHA
  • EXP1024-DES-CBC-SHA
  • EXP1024-RC2-CBC-MD5
  • KRB5-DES-CBC-MD5
  • KRB5-DES-CBC-SHA
  • EDH-RSA-DES-CBC-SHA
  • EDH-DSS-DES-CBC-SHA
  • DES-CBC-SHA
  • EXP1024-DHE-DSS-RC4-SHA
  • EXP1024-RC4-SHA
  • EXP1024-RC4-MD5
  • EXP-KRB5-RC2-CBC-MD5
  • EXP-KRB5-DES-CBC-MD5
  • EXP-KRB5-RC2-CBC-SHA
  • EXP-KRB5-DES-CBC-SHA
  • EXP-EDH-RSA-DES-CBC-SHA
  • EXP-EDH-DSS-DES-CBC-SHA
  • EXP-DES-CBC-SHA
  • EXP-RC2-CBC-MD5
  • EXP-RC4-MD5

and now for the acronym-blind...

AES
Advanced Encryption Standard, a.k.a Rjindael - see FIPS PUB 197
CBC
Cipher Block Chaining - see FIPS PUB 81
CBC3
EDE with CBC - see FIPS PUB 46-3
DES
Data Encryption Standard - see FIPS PUB 46-2
DSS
Digital Signature Standard - see FIPS PUB 186-2
EDE
Encrypt (with first key), Decrypt (with second key), Encrypt (with third key)
EDH
Ephemeral Diffie-Hellman - see RFC2631
EXP
Exportable (weak) algorithm - limited to 40 bits (original) or 56 bits (relaxed).
KRB5
Kerberos 5 - see IETF Kerberos Work Group
MD5
Message Digest 5 - a hash algorithm described in RFC1321
RC2
Ron's Cipher #2 - a block cipher document in RFC2268
RC4
Ron's Cipher #4 - a s3kr3t stream cipher
SHA
Secure Hash Algorithm - a hash algorithm described in FIPS PUB 180-1
128, 256, 1024
Those are called numbers not acronyms ;-)


3/19/2004 10:59:55 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.