book cover

OpenSSL Cookbook  3rd Edition

The definitive guide to using the OpenSSL command line for configuration and testing. Topics covered in this book include key and certificate management, server configuration, a step by step guide to creating a private CA, and testing of online services. Written by Ivan Ristić.

1.3.3 Configuring TLS 1.3

If you’re working with the ciphers tool and you’re not familiar with how TLS 1.3 is configured (e.g., you only worked with versions of OpenSSL that did not support this protocol), you may be confused by the fact that no matter what configuration you specify, the TLS 1.3 suites are always listed at the top. This is happening because OpenSSL introduced a separate mechanism for TLS 1.3 suite configuration. At the library level, there are separate function calls for this, and there is a separate approach to use with the command-line tools.

When it comes to the ciphers tool, to control TLS 1.3 suites you’ll need to use the -ciphersuites switch. To illustrate this, let’s enable one TLS 1.3 suite and one SEED suite:

$ openssl ciphers -v -s -ciphersuites TLS_AES_256_GCM_SHA384 SEED-SHA
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
SEED-SHA                SSLv3   Kx=RSA Au=RSA Enc=SEED(128)   Mac=SHA1

When they were adding this new configuration mechanism for TLS 1.3, OpenSSL developers took an opportunity to simplify how suites are configured by removing a variety of tools and keywords that can now be called legacy suite configuration. The only supported approach for TLS 1.3 is to provide a colon-separated list of the suites you wish to support, in the order you wish to support them. That’s all. For example:

$ openssl ciphers -v -s -tls1_3 \
-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
🛈︎
Note

Even though there is a separate configuration string for TLS 1.3 suites, the configuration is still affected by the security level configuration, which is specified in the legacy configuration string.

How does this new approach to TLS 1.3 configuration affect real life? Depending on your tools, you may now find yourself needing to use two configuration strings where previously there was only one. In the Apache web server, the SSLCipherSuite directive has been extended with an optional first parameter, enabling you to target the protocols you wish to configure. So you could do something like this:

SSLCipherSuite TLSv1.3 TLS_AES_128_GCM_SHA256
SSLCipherSuite EECDH+AES128+AESGCM

The result would be equivalent to the following:

TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any  Au=any   Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH Au=RSA   Enc=AESGCM(128) Mac=AEAD

Not all tools have added support for TLS 1.3 suite configuration. Instead, you always get the OpenSSL defaults. For most users, this is not yet a real problem because all TLS 1.3 suites are strong. But if you want to do something out of the ordinary, perhaps enable the CCM suites that are currently disabled by default, you’ll have to resort to using a workaround by changing the OpenSSL defaults via a configuration file, which I will cover in the next section.

< Prev
^ Table of Contents
Next >