OpenSSL 1.1.0 adds configuration options and uses saner defaults
I received a notification from GitHub for an Issue I opened on the OpenSSL repo. The issue's description was "Remove EGD support or make EGD support configurable".
Digging into the commits on the OpenSSL repo I found some more interesting tidbits that I wanted to share with you. For a full changelog see the OpenSSL GitHub repo
Looking at it all, it seems that OpenSSL is playing catch-up with LibreSSL a bit, but we are expecting a load of new vulnerabilities coming week. Seems that one of 'm was leaked via GitHub and there's mention of CVE-2016-0705 and CVE-2016-0799 as well.
Removed
Looks like the OpenSSL team did see some sense in the changes that LibreSSL applied and removed a number of feature.
| Feature | LibreSSL |
|---|---|
| GOST engine | Removed <2.0, added different implementation in 2.1.2 |
| JPAKE protocol | Removed <2.0 |
| 40-bit ciphers | Removed <2.0 |
| 56-bit ciphers | Removed <2.0 |
| 4758cca engine | Removed <2.0 |
| aep engine | Removed <2.0 |
| atalla engine | Removed <2.0 |
| cswift engine | Removed <2.0 |
| nuron engine | Removed <2.0 |
| gmp engine | Removed <2.0 |
| sureware engine | Removed <2.0 |
| TLS heartbeat | Removed <2.0 |
| Sony NEWS4 platform | Removed <2.0 |
| BEOS and BEOS_R5 platform | Removed <2.0 |
| NeXT platform | Removed <2.0 |
| SUNOS platform | Removed <2.0 |
| MPE/iX platform | Removed <2.0 |
| Sinix/ReliantUNIX RM400 platform | Removed <2.0 |
| DGUX platform | Removed <2.0 |
| NCR platform | Removed <2.0 |
| Tandem platform | Removed <2.0 |
| Cray platform | Removed <2.0 |
| 16-bit platforms such as WIN16 | Removed <2.0 |
Disabled by default
| Feature | LibreSSL |
|---|---|
| EGD random | Removed <2.0 |
| DTLS heartbeat | Removed <2.0 |
| Compression | Removed <2.0 |
| DES | |
| RC4 | |
| SSLv2 | Removed <2.0 |
EGD
As of last month, OpenSSL added a knob OPENSSL_NO_EGD which luckily is exactly the same as what we already have for LibreSSL. Apart from making this configurable, EGD is also disabled by default as this is required on so few systems.
Compression
Also known as the CRIME attack. Compression is now disabled by default and must be specifically enabled by clearing the option on the SSL context SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION)
Deprecated interfaces
Not quite yet. Still defaults to exposing the deprecated methods and structs but advises building with -DOPENSSL_API_COMPAT=0x10100000L which hides the declarations.
This is quite unneccessary, I believe we have patches (and thus a sufficient number of examples) to enable this by default. Require projects to build with -DOPENSSL_API_COMPAT=0x10000000L if they really need them!
LibreSSL removed all deprecated interfaces prior to initial release
Impact
You'll probably find my repository of patches helpful. There's also a repository of patches if you want to build without SSLv3
