This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- Extreme Access Control (EAC) freeradius default ci...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Extreme Access Control (EAC) freeradius default cipher list
Extreme Access Control (EAC) freeradius default cipher list
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-16-2017 07:17 PM
The default ciphers in freeradius on the EAC engine config for eap is:
cipher_list = "ADH-AES128-GCM-SHA256:ADH-AES128-SHA:ADH-AES128-SHA256:
ADH-AES256-GCM-SHA384:ADH-AES256-SHA:ADH-AES256-SHA256:ADH-CAMELLIA128-SHA:
ADH-CAMELLIA256-SHA:AECDH-AES128-SHA:AECDH-AES256-SHA:AES128-GCM-SHA256:
AES128-SHA:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA:AES256-SHA256:
CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-DSS-AES128-GCM-SHA256:
DHE-DSS-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:
DHE-DSS-AES256-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-CAMELLIA128-SHA:
DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:
DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:
DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:
ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA:
ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:
ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES128-GCM-SHA256:
ECDH-RSA-AES128-SHA:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-GCM-SHA384:
ECDH-RSA-AES256-SHA:ECDH-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:
PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:SRP-AES-128-CBC-SHA:
SRP-AES-256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:
SRP-RSA-AES-128-CBC-SHA:SRP-RSA-AES-256-CBC-SHA"
It seems this config is generated with something like:
openssl ciphers HIGH | tr ':' '\n' | sort | grep -v RC4 | tr '\n' ':'which is controled by application properties (default values):
RADIUS_TLS_CIPHER_LIST = "HIGH"
RADIUS_TLS_REMOVE_RC4_CIPHERS = trueSo the list is sorted and the weak ciphers (128 < 256) gets in front. I don't know
how the EAC implementation uses this list, but the default openssl libs use
this list as an ordered list. So the weakest ciphers are used first.
Isn't this a security bug?
cipher_list = "ADH-AES128-GCM-SHA256:ADH-AES128-SHA:ADH-AES128-SHA256:
ADH-AES256-GCM-SHA384:ADH-AES256-SHA:ADH-AES256-SHA256:ADH-CAMELLIA128-SHA:
ADH-CAMELLIA256-SHA:AECDH-AES128-SHA:AECDH-AES256-SHA:AES128-GCM-SHA256:
AES128-SHA:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA:AES256-SHA256:
CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-DSS-AES128-GCM-SHA256:
DHE-DSS-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:
DHE-DSS-AES256-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-CAMELLIA128-SHA:
DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:
DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:
DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:
ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA:
ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:
ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES128-GCM-SHA256:
ECDH-RSA-AES128-SHA:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-GCM-SHA384:
ECDH-RSA-AES256-SHA:ECDH-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:
PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:SRP-AES-128-CBC-SHA:
SRP-AES-256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:
SRP-RSA-AES-128-CBC-SHA:SRP-RSA-AES-256-CBC-SHA"
It seems this config is generated with something like:
openssl ciphers HIGH | tr ':' '\n' | sort | grep -v RC4 | tr '\n' ':'which is controled by application properties (default values):
RADIUS_TLS_CIPHER_LIST = "HIGH"
RADIUS_TLS_REMOVE_RC4_CIPHERS = trueSo the list is sorted and the weak ciphers (128 < 256) gets in front. I don't know
how the EAC implementation uses this list, but the default openssl libs use
this list as an ordered list. So the weakest ciphers are used first.
Isn't this a security bug?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-21-2017 07:12 PM
Hello,
The ciphers list in the /opt/nac/radius/raddb/mods-enabled, to my knowledge, is a list of available ciphers that are negotiated by RADIUS server and client to be used to encrypt EAP-PEAP username and password information during a RADIUS transaction. While openssl libs may use this list in an ordered fashion, the cihpers_list for freeRADIUS does not change the ciphers list for openssl.
Do you have any information that indicates free RADIUS will always attempt to use the first cipher in the list when performing authentication?
One side note is that removing the RC4 ciphers from this cipher list has caused some issues with customers as the clients were still attempting to used RC4 ciphers that were removed. If the RC4 ciphers were not in the list there had to be some other mechanism requiring the affected clients to attempt negotiation using RC4.
Thanks
-Ryan
The ciphers list in the /opt/nac/radius/raddb/mods-enabled, to my knowledge, is a list of available ciphers that are negotiated by RADIUS server and client to be used to encrypt EAP-PEAP username and password information during a RADIUS transaction. While openssl libs may use this list in an ordered fashion, the cihpers_list for freeRADIUS does not change the ciphers list for openssl.
Do you have any information that indicates free RADIUS will always attempt to use the first cipher in the list when performing authentication?
One side note is that removing the RC4 ciphers from this cipher list has caused some issues with customers as the clients were still attempting to used RC4 ciphers that were removed. If the RC4 ciphers were not in the list there had to be some other mechanism requiring the affected clients to attempt negotiation using RC4.
Thanks
-Ryan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-21-2017 07:12 PM
If you look at the freeradius source:
SSL_CTX_set_cipher_list(ctx, conf->cipher_list)This funktion is part of the openssl library... so it might be a problem.
And for customers who need RC4 (I had this problem last week), they have to set
the list to "DEFAULT".
https://extremeportal.force.com/ExtrArticleDetail?n=000012247
If you don't want to use RC4 but want to use the recommended list of ciphers
you have to set two options:
RADIUS_TLS_REMOVE_RC4_CIPHERS=false
RADIUS_TLS_CIPHER_LIST=HIGHIf you do not set any option, you get a sorted list of HIGH ciphers.
SSL_CTX_set_cipher_list(ctx, conf->cipher_list)This funktion is part of the openssl library... so it might be a problem.
And for customers who need RC4 (I had this problem last week), they have to set
the list to "DEFAULT".
https://extremeportal.force.com/ExtrArticleDetail?n=000012247
If you don't want to use RC4 but want to use the recommended list of ciphers
you have to set two options:
RADIUS_TLS_REMOVE_RC4_CIPHERS=false
RADIUS_TLS_CIPHER_LIST=HIGHIf you do not set any option, you get a sorted list of HIGH ciphers.
