Bug#770399: libio-socket-ssl-perl: Crappy default cipher list

Steffen Ullrich sullr at cpan.org
Fri Nov 21 20:25:13 UTC 2014 

> I was just looking at why lwp is behaving with https like it is,
> and it seems the cipher list being set up is really crappy.

Thanks for the polite introduction.

> I have no idea who selected those ciphers, but that list doesn't
> make any sense.  For instance it doesn't contain any DHE ciphers
> except DSS ciphers which nobody uses.

As you might imagine there is an upstream for Debian packages, in this case
this is CPAN. A short look into this upstream would reveal that the cipher
originated there and who the maintainer of the CPAN package is (me).
It would also reveal a github repository where bugs can be filed, a link to
rt.cpan.org to file bugs and a way to contact me directly.

A further look at the code you pasted into the bug report would also reveal
where the choice of ciphers comes from:

    # The following list is taken from IE11, except that we don't do RC4-MD5,
    # RC4-SHA is already bad enough. Also, we have a different sort order
    # compared to IE11, because we put ciphers supporting forward secrecy on top

> Openssl in Debian also has never disabled TLSv1.2 in either the
> client or server.  Ubuntu did disable it by default I think.  This

Sorry, I did not see that Ubuntu added their own patches here, I thought
they just used the Debian version unchanged.

> 255 byte limit thing is also being worked around by having an
> option that sends more than 512 bytes.

At the time this change was done it worked successfully against servers with
broken F5 load balancer in front. It was actually added this way because I
realized that IE11 does not have any problem with these servers because it
used the given short cipher suite.

I think you refer to SSL_OP_TLSEXT_PADDING for adding a padding to get the
size to more than 512 bytes if the packet is between 256 and 511 bytes. As
far as I can see from OpenSSL Changelog this workaround is available since
OpenSSL 1.0.1g, but Debian is currently only at OpenSSL 1.0.1e. But maybe it
has additional patches for this option.
If available this option is part of SSL_OP_ALL and thus enabled by default
in IO::Socket::SSL.  But, it causes its own problems (with IronPort SMTP
appliance, see OpenSSL ticket #3336) so it would be much better it is not
used which can be done by keeping the packet size below 256 bytes.

I'm open to discussions on what the best cipher list is.
Yet I think that the best place for this would not be the Debian bug
tracker, but instead the bug tracker of the upstream (see above).


Regards,
Steffen

More information about the pkg-perl-maintainers mailing list