| Summary: | ASTERISK-23905: [patch]Enable Forward Secrecy (PFS) in TLS | ||
| Reporter: | Alexander Traud (traud) | Labels: | |
| Date Opened: | 2014-06-18 05:04:15 | Date Closed: | 2014-07-03 07:12:31 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Channels/chan_sip/TCP-TLS |
| Versions: | SVN | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) tlsPFS_for_HEAD.patch ( 1) tlsPFS.patch | |
| Description: | Already works for Asterisk as the client. Enables Forward Secrecy in TLS ([PFS|http://en.wikipedia.org/wiki/Forward_secrecy]) for Asterisk as the server. Inspired by source code of [stunnel|http://anonscm.debian.org/gitweb/?p=collab-maint/stunnel.git;a=blob;f=src/ctx.c] and Apache HTTP Server Project ([httpd|https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_util_ssl.c]). Similar patch [made|http://trac.pjsip.org/repos/ticket/1765] it into PJSIP. Thank you to Marcello Ceschia and all the others for the pre-review (you know who you are)!
*Usage* Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: {{tlscipher=AES128-SHA:DES-CBC3-SHA}} Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file (sip.conf tlsprivatekey), for example the default [dh2048.pem|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt]. Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see {{openssl ciphers -v [DEFAULT|http://www.openssl.org/docs/apps/ciphers.html]}} consider re-ordering your cipher suites in sip.conf, for example: {{tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH}} to use PFS when offered by the client. Clients which do not offer PFS fall-back to AES-128 (or even 3DES as recommend by [RFC|http://tools.ietf.org/html/rfc3261#section-26.2.1]). *Drawback* If Java based clients connect to your Asterisk server, go for [1024bit|http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh1024.pem?txt] parameters. For more details and other alternatives, [see …|http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html] *Speed* With a mobile phone from 2006 (Nokia E61), DHE/3DES, and 2048bit parameters, I got a speed penalty of 0.5 seconds per connection setup. Thank you OpenSSL! | ||
| Comments: | By: Rusty Newton (rnewton) 2014-06-18 08:50:59.874-0500 [~traud] For the next step, please follow the [Code Review process|https://wiki.asterisk.org/wiki/display/AST/Code+Review], review against the coding guidelines and put the patch on reviewboard for others to review and test. Remember to link the reviewboard URL here once you have done so. Thanks Alexander! | ||