Reduce TLS Handshake Certificate Request Types and Hash Algorithms?
In a TLS handshake the Server Certificate Request contains 3 types RSA Sign, DSS Sign, and ECDSA Sign along with 20 Signature Hash Algorithms. Is it possible to configure freeradius to allow only ECDSA and one Hash Algorithm, or is this dictated by openssl/libopenssl reporting supported types. Here's an example *shark capture of the certificate request handshake message: TLSv1.2 Record Layer: Handshake Protocol: Certificate Request Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 668 Handshake Protocol: Certificate Request Handshake Type: Certificate Request (13) Length: 664 Certificate types count: 3 Certificate types (3 types) Certificate type: RSA Sign (1) Certificate type: DSS Sign (2) Certificate type: ECDSA Sign (64) Signature Hash Algorithms Length: 40 Signature Hash Algorithms (20 algorithms) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ed25519 (0x0807) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (7) Signature Algorithm: ed448 (0x0808) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (8) Signature Algorithm: rsa_pss_pss_sha256 (0x0809) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (9) Signature Algorithm: rsa_pss_pss_sha384 (0x080a) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (10) Signature Algorithm: rsa_pss_pss_sha512 (0x080b) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (11) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (4) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: SHA224 ECDSA (0x0303) Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: SHA224 RSA (0x0301) Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: SHA224 DSA (0x0302) Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: SHA256 DSA (0x0402) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: SHA384 DSA (0x0502) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: SHA512 DSA (0x0602) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: DSA (2) Thanks, Jim
On Jun 10, 2021, at 2:57 PM, James Ko <jim.list@hotmail.com> wrote:
In a TLS handshake the Server Certificate Request contains 3 types RSA Sign, DSS Sign, and ECDSA Sign along with 20 Signature Hash Algorithms.
Is it possible to configure freeradius to allow only ECDSA and one Hash Algorithm, or is this dictated by openssl/libopenssl reporting supported types.
See "cipher_list" in mods-enabled/eap. The string contents are passed directly to OpenSSL. See the OpenSSL documentation for what names to use, and how to format them. Alan DeKok.
See "cipher_list" in mods-enabled/eap. The string contents are passed directly to OpenSSL. See the OpenSSL documentation for what names to use, and how to format them.
I have cipher_list="ECDHE-ECDSA-AES128-CCM8" and it is the only Cipher Suites listed in the Server Hello portion of the message as captured below. I would like to also reduce the supported Certificate Hash Algorithms reported in the Certificate Request portion of the TLS message. Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 66 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 62 Version: TLS 1.2 (0x0303) Random: 12747cfe9804564023feaacaed5b3d9be5a06c4b2e7943cfa035166f8c2b5312 Session ID Length: 0 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae) Compression Method: null (0) Extensions Length: 22 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Extension: max_fragment_length (len=1) Type: max_fragment_length (1) Length: 1 Maximum Fragment Length: 2048 (3) Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Thanks, Jim
On Jun 10, 2021, at 3:15 PM, James Ko <jim.list@hotmail.com> wrote:
See "cipher_list" in mods-enabled/eap. The string contents are passed directly to OpenSSL. See the OpenSSL documentation for what names to use, and how to format them.
I have cipher_list="ECDHE-ECDSA-AES128-CCM8" and it is the only Cipher Suites listed in the Server Hello portion of the message as captured below. I would like to also reduce the supported Certificate Hash Algorithms reported in the Certificate Request portion of the TLS message.
All of that is in the OpenSSL configuration. FreeRADIUS doesn't create the data in the certificate request. OpenSSL does. So if there's a huge list there, you'll have to ask OpenSSL why the list for the certificate request is huge. From what I can tell, there isn't an obvious way to control that from the OpenSSL API. Which means it's difficult to control. Alan DeKok.
participants (2)
-
Alan DeKok -
James Ko