The default ciphers in freeradius on the EAC engine config for eap is:

It seems this config is generated with something like:

how the EAC implementation uses this list, but the default openssl libs use

this list as an ordered list. So the weakest ciphers are used first.

Isn't this a security bug?

cipher_list = "ADH-AES128-GCM-SHA256:ADH-AES128-SHA:ADH-AES128-SHA256:

ADH-AES256-GCM-SHA384:ADH-AES256-SHA:ADH-AES256-SHA256:ADH-CAMELLIA128-SHA:

ADH-CAMELLIA256-SHA:AECDH-AES128-SHA:AECDH-AES256-SHA:AES128-GCM-SHA256:

AES128-SHA:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA:AES256-SHA256:

CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-DSS-AES128-GCM-SHA256:

DHE-DSS-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:

DHE-DSS-AES256-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-CAMELLIA128-SHA:

DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:

DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:

DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:

ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA:

ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:

ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES128-GCM-SHA256:

ECDH-RSA-AES128-SHA:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-GCM-SHA384:

ECDH-RSA-AES256-SHA:ECDH-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:

ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:

ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:

ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:

PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:SRP-AES-128-CBC-SHA:

SRP-AES-256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:

SRP-RSA-AES-128-CBC-SHA:SRP-RSA-AES-256-CBC-SHA"

It seems this config is generated with something like:

openssl ciphers HIGH | tr ':' '\n' | sort | grep -v RC4 | tr '\n' ':'which is controled by application properties (default values):

RADIUS_TLS_CIPHER_LIST = "HIGH"So the list is

RADIUS_TLS_REMOVE_RC4_CIPHERS = true

**and the weak ciphers (128 < 256) gets in front. I don't know**__sorted__how the EAC implementation uses this list, but the default openssl libs use

this list as an ordered list. So the weakest ciphers are used first.

Isn't this a security bug?

Patrick Koppen

This funktion is part of the openssl library... so it might be a problem.

And for customers who need RC4 (I had this problem last week), they have to set

the list to "DEFAULT".

https://extremeportal.force.com/ExtrArticleDetail?n=000012247

If you don't want to use RC4 but want to use the recommended list of ciphers

you have to set two options:

If you do not set any option, you get a

sortedlist of HIGH ciphers.