By default Kore now uses ECDH/DHE for TLS key exchanges.

This commit disables RSA key exchanges for TLS completely, while
introducing the requirement for always having DH parameters (ssl_dhparam).

Judging from ciphersuites most modern browsers now prefer this
change should be more than ok.

conf/kore.conf.example

@@ -61,7 +61,7 @@ validator	v_number	regex		^[0-9]*$
 validator	v_session	function	v_session_validate
 
 # Specify the SSL ciphers that will be used.
-#ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
+#ssl_cipher	ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kRSA:!kDSA
 
 # If you wish to use EDH / ECDH specify a file containing
 # a generated DH key (See OpenSSL dhparam).

includes/kore.h

@@ -58,7 +58,7 @@ extern int daemon(int, int);
 
 #define KORE_DOMAINNAME_LEN		254
 #define KORE_PIDFILE_DEFAULT		"kore.pid"
-#define KORE_DEFAULT_CIPHER_LIST	"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK"
+#define KORE_DEFAULT_CIPHER_LIST	"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kRSA:!kDSA"
 
 #if defined(KORE_DEBUG)
 #define kore_debug(fmt, ...)	\

src/cli.c

@@ -159,6 +159,9 @@ static const char *config_data =
 	"\n"
 	"bind\t\t127.0.0.1 8888\n"
 	"load\t\t./%s.so\n"
+#if !defined(KORE_BENCHMARK)
+	"ssl_dhparam\tdh2048.pem\n"
+#endif
 	"\n"
 	"domain 127.0.0.1 {\n"
 #if !defined(KORE_BENCHMARK)
@@ -168,6 +171,16 @@ static const char *config_data =
 	"\tstatic\t/\tpage\n"
 	"}\n";
 
+static const char *dh2048_data =
+	"-----BEGIN DH PARAMETERS-----\n"
+	"MIIBCAKCAQEAn4f4Qn5SudFjEYPWTbUaOTLUH85YWmmPFW1+b5bRa9ygr+1wfamv\n"
+	"VKVT7jO8c4msSNikUf6eEfoH0H4VTCaj+Habwu+Sj+I416r3mliMD4SjNsUJrBrY\n"
+	"Y0QV3ZUgZz4A8ARk/WwQcRl8+ZXJz34IaLwAcpyNhoV46iHVxW0ty8ND0U4DIku/\n"
+	"PNayKimu4BXWXk4RfwNVP59t8DQKqjshZ4fDnbotskmSZ+e+FHrd+Kvrq/WButvV\n"
+	"Bzy9fYgnUlJ82g/bziCI83R2xAdtH014fR63MpElkqdNeChb94pPbEdFlNUvYIBN\n"
+	"xx2vTUQMqRbB4UdG2zuzzr5j98HDdblQ+wIBAg==\n"
+	"-----END DH PARAMETERS-----";
+
 static const char *gitignore_data = "*.o\n.objs\n%s.so\nassets.h\ncert\n";
 
 static int			s_fd = -1;
@@ -258,7 +271,7 @@ cli_create(int argc, char **argv)
 	printf("%s created succesfully!\n", appl);
 
 #if !defined(KORE_BENCHMARK)
-	printf("note: do not use the generated certificates for production\n");
+	printf("note: do NOT use the created DH parameters/certificates in production\n");
 #endif
 }
 
@@ -737,6 +750,9 @@ cli_generate_certs(void)
 	RSA			*kpair;
 	char			*fpath, issuer[64];
 
+	/* Write out DH parameters. */
+	cli_file_create("dh2048.pem", dh2048_data, strlen(dh2048_data));
+
 	/* Create new certificate. */
 	if ((x509 = X509_new()) == NULL)
 		cli_fatal("X509_new(): %s", ssl_errno_s);

src/domain.c

@@ -86,17 +86,18 @@ kore_domain_sslstart(struct kore_domain *dom)
 	if (!SSL_CTX_check_private_key(dom->ssl_ctx))
 		fatal("Public/Private key for %s do not match", dom->domain);
 
-	if (ssl_dhparam != NULL) {
-		SSL_CTX_set_tmp_dh(dom->ssl_ctx, ssl_dhparam);
-		SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
+	if (ssl_dhparam == NULL)
+		fatal("No DH parameters given");
+
+	SSL_CTX_set_tmp_dh(dom->ssl_ctx, ssl_dhparam);
+	SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
 
 #if !defined(OPENSSL_NO_EC)
-		if ((ecdh = EC_KEY_new_by_curve_name(NID_secp384r1)) != NULL) {
-			SSL_CTX_set_tmp_ecdh(dom->ssl_ctx, ecdh);
-			EC_KEY_free(ecdh);
-		}
-#endif
+	if ((ecdh = EC_KEY_new_by_curve_name(NID_secp384r1)) != NULL) {
+		SSL_CTX_set_tmp_ecdh(dom->ssl_ctx, ecdh);
+		EC_KEY_free(ecdh);
 	}
+#endif
 
 	SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION);