TLS works into desktop browsers but not into mobile browsers

#1

Hello!

A few day ago we setted up ssl sertificates with letsencrypt service (cert.pem, chain.pem, fullchain.pem, privkey.pem). After that we configured crossbar.json. As a result Google Chrome say that connection is secure but Firefox and Chrome on Android say connection is not secure. Can you say what else should we do?

you can see what i am talking about if you visit our site https://kopnik.org .

With regards!
ubuntu@kopnik:~/htdocs/kp-client$ sudo /opt/crossbar/bin/crossbar start
2017-03-23T05:23:48+0000 [Controller 52726] __ __ __ __ __ __ __ __
2017-03-23T05:23:48+0000 [Controller 52726] / |)/ //`|) /\ |) |/
2017-03-23T05:23:48+0000 [Controller 52726] ,| /././|)/~~| . |__/
2017-03-23T05:23:48+0000 [Controller 52726]
2017-03-23T05:23:48+0000 [Controller 52726] Crossbar.io Version: 0.13.2
2017-03-23T05:23:48+0000 [Controller 52726] Node Public Key: 6bdac064e46a1b3f4058f0aa2c8bfdaba8e26bc9eda406868555285f9240d9e5
2017-03-23T05:23:48+0000 [Controller 52726]
2017-03-23T05:23:48+0000 [Controller 52726] Running from node directory ‘/home/ubuntu/htdocs/kp-client/.crossbar’
2017-03-23T05:23:48+0000 [Controller 52726] Controller process starting (PyPy-EPollReactor) …
2017-03-23T05:23:48+0000 [Controller 52726] Node configuration loaded from ‘config.json’
2017-03-23T05:23:48+0000 [Controller 52726] Node ID ‘kopnik’ set from hostname
2017-03-23T05:23:48+0000 [Controller 52726] Using default node shutdown triggers [u’shutdown_on_worker_exit’]
2017-03-23T05:23:48+0000 [Controller 52726] Joined realm ‘crossbar’ on node management router
2017-03-23T05:23:48+0000 [Controller 52726] Starting Router with ID ‘worker-001’…
2017-03-23T05:23:49+0000 [Router 52731] Worker process starting (PyPy-EPollReactor) …
2017-03-23T05:23:51+0000 [Controller 52726] Router with ID ‘worker-001’ and PID 52731 started
2017-03-23T05:23:51+0000 [Router 52731] Realm ‘kopa’ started
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: realm ‘realm-001’ (named ‘kopa’) started
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role ‘role-001’ (named ‘server’) started on realm ‘realm-001’
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role ‘role-002’ (named ‘kopnik’) started on realm ‘realm-001’
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role ‘role-003’ (named ‘anonymous’) started on realm ‘realm-001’
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role ‘role-004’ (named ‘authenticator’) started on realm ‘realm-001’
2017-03-23T05:23:51+0000 [Router 52731] started component: authenticator.AuthenticatorSession id=270946683292747
2017-03-23T05:23:51+0000 [Router 52731] WAMP-Ticket dynamic authenticator registered!
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: component ‘component-001’ started
2017-03-23T05:23:51+0000 [Router 52731] Loaded 4 cookie records from file. Cookie store has 3 entries.
2017-03-23T05:23:51+0000 [Router 52731] File-backed cookie store active /home/ubuntu/htdocs/kp-client/.crossbar/cookies.dat
2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS key from /etc/letsencrypt/live/kopnik.org/privkey.pem
2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS certificate from /etc/letsencrypt/live/kopnik.org/fullchain.pem
2017-03-23T05:23:51+0000 [Router 52731] Using secure default TLS ciphers
2017-03-23T05:23:51+0000 [Router 52731] No OpenSSL DH parameter file set - DH cipher modes will be deactive!
2017-03-23T05:23:51+0000 [Router 52731] OpenSSL is using elliptic curve prime256v1 (NIST P-256)
2017-03-23T05:23:51+0000 [Router 52731] Site (TLS) starting on 443
2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: transport ‘transport-001’ started

config.json

{
“version”: 2,
“workers”: [
{
“type”: “router”,
“options”: {
“pythonpath”: [
“.”,
“/usr/lib/python3/dist-packages”
]
},
“realms”: [
{
“name”: “kopa”,
“roles”: [
{
“name”: “server”,
“permissions”: [
{
“uri”: “ru”,
“match”: “prefix”,
“allow”: {
“call”: true,
“register”: true,
“publish”: true,
“subscribe”: true
},
“disclose”: {
“caller”: true,
“publisher”: true
},
“cache”: true
},
{
“uri”: “wamp”,
“match”: “prefix”,
“allow”: {
“call”: true,
“register”: false,
“publish”: false,
“subscribe”: true
},
“disclose”: {
“caller”: true,
“publisher”: true
},
“cache”: true
}
]
},
{
“name”: “kopnik”,
“permissions”: [
{
“uri”: “ru”,
“match”: “prefix”,
“allow”: {
“call”: true,
“register”: true,
“publish”: true,
“subscribe”: true
},
“disclose”: {
“caller”: true,
“publisher”: true
},
“cache”: false
}
]
},
{
“name”: “anonymous”,
“permissions”: [
{
“uri”: “ru.kopa.registration”,
“match”: “prefix”,
“allow”: {
“call”: true,
“register”: false,
“publish”: false,
“subscribe”: false
}
},
{
“uri”: “ru.kopa.model.create”,
“match”: “prefix”,
“allow”: {
“call”: true,
“register”: false,
“publish”: false,
“subscribe”: false
}
}
]
},
{
“name”: “authenticator”,
“permissions”: [
{
“uri”: “org.kopnik.authenticate”,
“match”: “prefix”,
“allow”: {
“call”: false,
“register”: true,
“publish”: false,
“subscribe”: false
},
“disclose”: {
“caller”: false,
“publisher”: false
},
“cache”: false
}
]
}
]
}
],
“transports”: [
{
“type”: “web”,
“endpoint”: {
“type”: “tcp”,
“port”: 443,
“tls”: {
“certificate”: “/etc/letsencrypt/live/kopnik.org/fullchain.pem”,
“key”: “/etc/letsencrypt/live/kopnik.org/privkey.pem”
}
},
“paths”: {
“/”: {
“type”: “static”,
“directory”: “…/dist”
},
“ws”: {
“type”: “websocket”,
“options”:{
“enable_webstatus”: true,
“max_frame_size”: 1048576,
“max_message_size”: 1048576,
“auto_fragment_size”: 65536,
“fail_by_drop”: true,
“open_handshake_timeout”: 2500,
“close_handshake_timeout”: 1000,
“auto_ping_interval”: 10000,
“auto_ping_timeout”: 5000,
“auto_ping_size”: 4
},
“serializers”: [
“json”
],
“cookie”: {
“store”: {
“type”: “file”,
“filename”: “cookies.dat”
}
},
“auth”: {
“ticket”: {
“type”: “dynamic”,
“authenticator”: “org.kopnik.authenticate”
},
“anonymous”: {
“type”: “static”,
“role”: “anonymous”
},
“cookie”: {
}
}
}
}
}
],
“components”: [
{
“type”: “class”,
“classname”: “authenticator.AuthenticatorSession”,
“realm”: “kopa”,
“role”: “authenticator”
}
]
}
]
}

``

0 Likes

#2

If is possible Android and FF are sensitive to not having DH set up?

To generate;

openssl dhparam -2 4096 -out dhparam.pem

And in your ssl section;

"dhparam": "dhparam.pem",
0 Likes

#3

Hello!

A few day ago we setted up ssl sertificates with letsencrypt service
(cert.pem, chain.pem, fullchain.pem, privkey.pem). After that we configured
crossbar.json. As a result Google Chrome say that connection is secure but
Firefox and Chrome on Android say connection is not secure. Can you say
what else should we do?

Crossbar.io currently/deliberately does not allow to configure support for TLS versions earlier than 1.2

Crossbar.io in the default configuration will also only use exactly 4 cipher suits. But you can change that.

Both of above are to protect the innocent, and to motivate people to move to modern, non-broken crypto.

You can see this here:

https://www.ssllabs.com/ssltest/analyze.html?d=kopnik.org

Btw: your certs are broken .. does not include whole cert chain.

···

Am 28.03.2017 um 14:37 schrieb Алексей Баранов:

you can see what i am talking about if you visit our site
https://kopnik.org .

With regards!

ubuntu@kopnik:~/htdocs/kp-client$ sudo /opt/crossbar/bin/crossbar start
2017-03-23T05:23:48+0000 [Controller 52726] __ __ __ __ __ __ __ __
2017-03-23T05:23:48+0000 [Controller 52726] / |__)/ \/__/`|) /\ |) |/
2017-03-23T05:23:48+0000 [Controller 52726] __,| \/././|__)/~~| . |__/
2017-03-23T05:23:48+0000 [Controller 52726]
2017-03-23T05:23:48+0000 [Controller 52726] Crossbar.io Version: 0.13.2
2017-03-23T05:23:48+0000 [Controller 52726] Node Public Key:
6bdac064e46a1b3f4058f0aa2c8bfdaba8e26bc9eda406868555285f9240d9e5
2017-03-23T05:23:48+0000 [Controller 52726]
2017-03-23T05:23:48+0000 [Controller 52726] Running from node directory
'/home/ubuntu/htdocs/kp-client/.crossbar'
2017-03-23T05:23:48+0000 [Controller 52726] Controller process starting
(PyPy-EPollReactor) ..
2017-03-23T05:23:48+0000 [Controller 52726] Node configuration loaded from
'config.json'
2017-03-23T05:23:48+0000 [Controller 52726] Node ID 'kopnik' set from
hostname
2017-03-23T05:23:48+0000 [Controller 52726] Using default node shutdown
triggers [u'shutdown_on_worker_exit']
2017-03-23T05:23:48+0000 [Controller 52726] Joined realm 'crossbar' on
node management router
2017-03-23T05:23:48+0000 [Controller 52726] Starting Router with ID
'worker-001'...
2017-03-23T05:23:49+0000 [Router 52731] Worker process starting
(PyPy-EPollReactor) ..
2017-03-23T05:23:51+0000 [Controller 52726] Router with ID 'worker-001'
and PID 52731 started
2017-03-23T05:23:51+0000 [Router 52731] Realm 'kopa' started
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': realm
'realm-001' (named 'kopa') started
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': role
'role-001' (named 'server') started on realm 'realm-001'
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': role
'role-002' (named 'kopnik') started on realm 'realm-001'
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': role
'role-003' (named 'anonymous') started on realm 'realm-001'
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': role
'role-004' (named 'authenticator') started on realm 'realm-001'
2017-03-23T05:23:51+0000 [Router 52731] started component:
authenticator.AuthenticatorSession id=270946683292747
2017-03-23T05:23:51+0000 [Router 52731] WAMP-Ticket dynamic authenticator
registered!
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': component
'component-001' started
2017-03-23T05:23:51+0000 [Router 52731] Loaded 4 cookie records from file.
Cookie store has 3 entries.
2017-03-23T05:23:51+0000 [Router 52731] File-backed cookie store active
/home/ubuntu/htdocs/kp-client/.crossbar/cookies.dat
2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS key from
/etc/letsencrypt/live/kopnik.org/privkey.pem
2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS certificate
from /etc/letsencrypt/live/kopnik.org/fullchain.pem
2017-03-23T05:23:51+0000 [Router 52731] Using secure default TLS ciphers
2017-03-23T05:23:51+0000 [Router 52731] No OpenSSL DH parameter file set -
DH cipher modes will be deactive!
2017-03-23T05:23:51+0000 [Router 52731] OpenSSL is using elliptic curve
prime256v1 (NIST P-256)
2017-03-23T05:23:51+0000 [Router 52731] Site (TLS) starting on 443
2017-03-23T05:23:51+0000 [Controller 52726] Router 'worker-001': transport
'transport-001' started

*config.json*

{
  "version": 2,
  "workers": [
    {
      "type": "router",
      "options": {
        "pythonpath": [
          ".",
          "/usr/lib/python3/dist-packages"
        ]
      },
      "realms": [
        {
          "name": "kopa",
          "roles": [
            {
              "name": "server",
              "permissions": [
                {
                  "uri": "ru",
                  "match": "prefix",
                  "allow": {
                    "call": true,
                    "register": true,
                    "publish": true,
                    "subscribe": true
                  },
                  "disclose": {
                    "caller": true,
                    "publisher": true
                  },
                  "cache": true
                },
                {
                  "uri": "wamp",
                  "match": "prefix",
                  "allow": {
                    "call": true,
                    "register": false,
                    "publish": false,
                    "subscribe": true
                  },
                  "disclose": {
                    "caller": true,
                    "publisher": true
                  },
                  "cache": true
                }
              ]
            },
            {
              "name": "kopnik",
              "permissions": [
                {
                  "uri": "ru",
                  "match": "prefix",
                  "allow": {
                    "call": true,
                    "register": true,
                    "publish": true,
                    "subscribe": true
                  },
                  "disclose": {
                    "caller": true,
                    "publisher": true
                  },
                  "cache": false
                }
              ]
            },
            {
              "name": "anonymous",
              "permissions": [
                {
                  "uri": "ru.kopa.registration",
                  "match": "prefix",
                  "allow": {
                    "call": true,
                    "register": false,
                    "publish": false,
                    "subscribe": false
                  }
                },
                {
                  "uri": "ru.kopa.model.create",
                  "match": "prefix",
                  "allow": {
                    "call": true,
                    "register": false,
                    "publish": false,
                    "subscribe": false
                  }
                }
              ]
            },
            {
              "name": "authenticator",
              "permissions": [
                {
                  "uri": "org.kopnik.authenticate",
                  "match": "prefix",
                  "allow": {
                    "call": false,
                    "register": true,
                    "publish": false,
                    "subscribe": false
                  },
                  "disclose": {
                    "caller": false,
                    "publisher": false
                  },
                  "cache": false
                }
              ]
            }
          ]
        }
      ],
      "transports": [
        {
          "type": "web",
          "endpoint": {
            "type": "tcp",
            "port": 443,
            "tls": {
              "certificate":
"/etc/letsencrypt/live/kopnik.org/fullchain.pem",
              "key": "/etc/letsencrypt/live/kopnik.org/privkey.pem"
            }
          },
          "paths": {
            "/": {
              "type": "static",
              "directory": "../dist"
            },
            "ws": {
              "type": "websocket",
              "options":{
                "enable_webstatus": true,
                "max_frame_size": 1048576,
                "max_message_size": 1048576,
                "auto_fragment_size": 65536,
                "fail_by_drop": true,
                "open_handshake_timeout": 2500,
                "close_handshake_timeout": 1000,
                "auto_ping_interval": 10000,
                "auto_ping_timeout": 5000,
                "auto_ping_size": 4
              },
              "serializers": [
                "json"
              ],
              "cookie": {
                "store": {
                  "type": "file",
                  "filename": "cookies.dat"
                }
              },
              "auth": {
                "ticket": {
                  "type": "dynamic",
                  "authenticator": "org.kopnik.authenticate"
                },
                "anonymous": {
                  "type": "static",
                  "role": "anonymous"
                },
                "cookie": {
                }
              }
            }
          }
        }
      ],
      "components": [
        {
          "type": "class",
          "classname": "authenticator.AuthenticatorSession",
          "realm": "kopa",
          "role": "authenticator"
        }
      ]
    }
  ]
}

0 Likes

#4

We are very inexperienced with TLS configuration. Maybe you can provide full configured letsencrypt (https://letsencrypt.org/) TLS configuration into doc section in future.

By now we have four files from letsencrypt certbot : cert.pem , chain.pem, fullchain.pem nad privkey.pem

As i can understand we should use them all into configuration bun we don’t know how because crossbar tls documentation has another filenames. Can you correct our tls config section please?

···

вторник, 28 марта 2017 г., 17:57:07 UTC+5 пользователь Tobias Oberstein написал:

Am 28.03.2017 um 14:37 schrieb Алексей Баранов:

Hello!

A few day ago we setted up ssl sertificates with letsencrypt service

(cert.pem, chain.pem, fullchain.pem, privkey.pem). After that we configured

crossbar.json. As a result Google Chrome say that connection is secure but

Firefox and Chrome on Android say connection is not secure. Can you say

what else should we do?

Crossbar.io currently/deliberately does not allow to configure support
for TLS versions earlier than 1.2

Crossbar.io in the default configuration will also only use exactly 4
cipher suits. But you can change that.

Both of above are to protect the innocent, and to motivate people to
move to modern, non-broken crypto.

You can see this here:

https://www.ssllabs.com/ssltest/analyze.html?d=kopnik.org

Btw: your certs are broken … does not include whole cert chain.

you can see what i am talking about if you visit our site

https://kopnik.org .

With regards!

ubuntu@kopnik:~/htdocs/kp-client$ sudo /opt/crossbar/bin/crossbar start

2017-03-23T05:23:48+0000 [Controller 52726] __ __ __ __ __ __ __ __

2017-03-23T05:23:48+0000 [Controller 52726] / |)/ //`|) /\ |) |/

2017-03-23T05:23:48+0000 [Controller 52726] ,| /././|)/~~| . |__/

2017-03-23T05:23:48+0000 [Controller 52726]

2017-03-23T05:23:48+0000 [Controller 52726] Crossbar.io Version: 0.13.2

2017-03-23T05:23:48+0000 [Controller 52726] Node Public Key:

6bdac064e46a1b3f4058f0aa2c8bfdaba8e26bc9eda406868555285f9240d9e5

2017-03-23T05:23:48+0000 [Controller 52726]

2017-03-23T05:23:48+0000 [Controller 52726] Running from node directory

‘/home/ubuntu/htdocs/kp-client/.crossbar’

2017-03-23T05:23:48+0000 [Controller 52726] Controller process starting

(PyPy-EPollReactor) …

2017-03-23T05:23:48+0000 [Controller 52726] Node configuration loaded from

‘config.json’

2017-03-23T05:23:48+0000 [Controller 52726] Node ID ‘kopnik’ set from

hostname

2017-03-23T05:23:48+0000 [Controller 52726] Using default node shutdown

triggers [u’shutdown_on_worker_exit’]

2017-03-23T05:23:48+0000 [Controller 52726] Joined realm ‘crossbar’ on

node management router

2017-03-23T05:23:48+0000 [Controller 52726] Starting Router with ID

‘worker-001’…

2017-03-23T05:23:49+0000 [Router 52731] Worker process starting

(PyPy-EPollReactor) …

2017-03-23T05:23:51+0000 [Controller 52726] Router with ID ‘worker-001’

and PID 52731 started

2017-03-23T05:23:51+0000 [Router 52731] Realm ‘kopa’ started

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: realm

‘realm-001’ (named ‘kopa’) started

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-001’ (named ‘server’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-002’ (named ‘kopnik’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-003’ (named ‘anonymous’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-004’ (named ‘authenticator’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Router 52731] started component:

authenticator.AuthenticatorSession id=270946683292747

2017-03-23T05:23:51+0000 [Router 52731] WAMP-Ticket dynamic authenticator

registered!

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: component

‘component-001’ started

2017-03-23T05:23:51+0000 [Router 52731] Loaded 4 cookie records from file.

Cookie store has 3 entries.

2017-03-23T05:23:51+0000 [Router 52731] File-backed cookie store active

/home/ubuntu/htdocs/kp-client/.crossbar/cookies.dat

2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS key from

/etc/letsencrypt/live/kopnik.org/privkey.pem

2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS certificate

from /etc/letsencrypt/live/kopnik.org/fullchain.pem

2017-03-23T05:23:51+0000 [Router 52731] Using secure default TLS ciphers

2017-03-23T05:23:51+0000 [Router 52731] No OpenSSL DH parameter file set -

DH cipher modes will be deactive!

2017-03-23T05:23:51+0000 [Router 52731] OpenSSL is using elliptic curve

prime256v1 (NIST P-256)

2017-03-23T05:23:51+0000 [Router 52731] Site (TLS) starting on 443

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: transport

‘transport-001’ started

config.json

{

“version”: 2,

“workers”: [

{
  "type": "router",
  "options": {
    "pythonpath": [
      ".",
      "/usr/lib/python3/dist-packages"
    ]
  },
  "realms": [
    {
      "name": "kopa",
      "roles": [
        {
          "name": "server",
          "permissions": [
            {
              "uri": "ru",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": true,
                "publish": true,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": true
            },
            {
              "uri": "wamp",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": true
            }
          ]
        },
        {
          "name": "kopnik",
          "permissions": [
            {
              "uri": "ru",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": true,
                "publish": true,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": false
            }
          ]
        },
        {
          "name": "anonymous",
          "permissions": [
            {
              "uri": "ru.kopa.registration",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": false
              }
            },
            {
              "uri": "ru.kopa.model.create",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": false
              }
            }
          ]
        },
        {
          "name": "authenticator",
          "permissions": [
            {
              "uri": "org.kopnik.authenticate",
              "match": "prefix",
              "allow": {
                "call": false,
                "register": true,
                "publish": false,
                "subscribe": false
              },
              "disclose": {
                "caller": false,
                "publisher": false
              },
              "cache": false
            }
          ]
        }
      ]
    }
  ],
  "transports": [
    {
      "type": "web",
      "endpoint": {
        "type": "tcp",
        "port": 443,
        "tls": {
          "certificate":

“/etc/letsencrypt/live/kopnik.org/fullchain.pem”,

          "key": "/etc/letsencrypt/live/[kopnik.org/privkey.pem](http://kopnik.org/privkey.pem)"
        }
      },
      "paths": {
        "/": {
          "type": "static",
          "directory": "../dist"
        },
        "ws": {
          "type": "websocket",
          "options":{
            "enable_webstatus": true,
            "max_frame_size": 1048576,
            "max_message_size": 1048576,
            "auto_fragment_size": 65536,
            "fail_by_drop": true,
            "open_handshake_timeout": 2500,
            "close_handshake_timeout": 1000,
            "auto_ping_interval": 10000,
            "auto_ping_timeout": 5000,
            "auto_ping_size": 4
          },
          "serializers": [
            "json"
          ],
          "cookie": {
            "store": {
              "type": "file",
              "filename": "cookies.dat"
            }
          },
          "auth": {
            "ticket": {
              "type": "dynamic",
              "authenticator": "org.kopnik.authenticate"
            },
            "anonymous": {
              "type": "static",
              "role": "anonymous"
            },
            "cookie": {
            }
          }
        }
      }
    }
  ],
  "components": [
    {
      "type": "class",
      "classname": "authenticator.AuthenticatorSession",
      "realm": "kopa",
      "role": "authenticator"
    }
  ]
}

]

}

0 Likes

#5

Simplification for those unfamiliar with TLS might be quite a nice idea … “ciphers” for example, maybe could be a default setting (?) … I’ve been able to make it work, but I’m a long way from full understanding everything I have configured. If it helps, this is what I’m running;

“endpoint”: {
“port”: 443,
“tls”: {
“ciphers”: “ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:”,
“dhparam”: “/etc/letsencrypt/live/mydomain.com/dhparam.pem”,
“key”: “/etc/letsencrypt/live/mydomain.com/privkey.pem”,
“certificate”: “/etc/letsencrypt/live/mydomain.com/cert.pem”

},
“type”: “tcp”
},

``

dhparam generated with;

openssl dhparam -2 4096 -out /etc/letsencrypt/live/mydomain.com/dhparam.pem

``

I’m checking my results with this;

https://www.ssllabs.com/ssltest

I seem to be getting a reasonable result, happy to receive any pointers if it could be better …

Just as a matter of interest, I work via a system based on “.ini” files that autogenerates my config.json (iflexstudio), and in my .ini file I have;

letsencrypt = true
domain = mydomain.com

``

This takes away pretty much all of the pain for the average programmer who’s not a security expert …

Gareth.

···

On Sunday, 2 April 2017 06:51:42 UTC+1, Алексей Баранов wrote:

We are very inexperienced with TLS configuration. Maybe you can provide full configured letsencrypt (https://letsencrypt.org/) TLS configuration into doc section in future.

By now we have four files from letsencrypt certbot : cert.pem , chain.pem, fullchain.pem nad privkey.pem

As i can understand we should use them all into configuration bun we don’t know how because crossbar tls documentation has another filenames. Can you correct our tls config section please?

вторник, 28 марта 2017 г., 17:57:07 UTC+5 пользователь Tobias Oberstein написал:

Am 28.03.2017 um 14:37 schrieb Алексей Баранов:

Hello!

A few day ago we setted up ssl sertificates with letsencrypt service

(cert.pem, chain.pem, fullchain.pem, privkey.pem). After that we configured

crossbar.json. As a result Google Chrome say that connection is secure but

Firefox and Chrome on Android say connection is not secure. Can you say

what else should we do?

Crossbar.io currently/deliberately does not allow to configure support
for TLS versions earlier than 1.2

Crossbar.io in the default configuration will also only use exactly 4
cipher suits. But you can change that.

Both of above are to protect the innocent, and to motivate people to
move to modern, non-broken crypto.

You can see this here:

https://www.ssllabs.com/ssltest/analyze.html?d=kopnik.org

Btw: your certs are broken … does not include whole cert chain.

you can see what i am talking about if you visit our site

https://kopnik.org .

With regards!

ubuntu@kopnik:~/htdocs/kp-client$ sudo /opt/crossbar/bin/crossbar start

2017-03-23T05:23:48+0000 [Controller 52726] __ __ __ __ __ __ __ __

2017-03-23T05:23:48+0000 [Controller 52726] / |)/ //`|) /\ |) |/

2017-03-23T05:23:48+0000 [Controller 52726] ,| /././|)/~~| . |__/

2017-03-23T05:23:48+0000 [Controller 52726]

2017-03-23T05:23:48+0000 [Controller 52726] Crossbar.io Version: 0.13.2

2017-03-23T05:23:48+0000 [Controller 52726] Node Public Key:

6bdac064e46a1b3f4058f0aa2c8bfdaba8e26bc9eda406868555285f9240d9e5

2017-03-23T05:23:48+0000 [Controller 52726]

2017-03-23T05:23:48+0000 [Controller 52726] Running from node directory

‘/home/ubuntu/htdocs/kp-client/.crossbar’

2017-03-23T05:23:48+0000 [Controller 52726] Controller process starting

(PyPy-EPollReactor) …

2017-03-23T05:23:48+0000 [Controller 52726] Node configuration loaded from

‘config.json’

2017-03-23T05:23:48+0000 [Controller 52726] Node ID ‘kopnik’ set from

hostname

2017-03-23T05:23:48+0000 [Controller 52726] Using default node shutdown

triggers [u’shutdown_on_worker_exit’]

2017-03-23T05:23:48+0000 [Controller 52726] Joined realm ‘crossbar’ on

node management router

2017-03-23T05:23:48+0000 [Controller 52726] Starting Router with ID

‘worker-001’…

2017-03-23T05:23:49+0000 [Router 52731] Worker process starting

(PyPy-EPollReactor) …

2017-03-23T05:23:51+0000 [Controller 52726] Router with ID ‘worker-001’

and PID 52731 started

2017-03-23T05:23:51+0000 [Router 52731] Realm ‘kopa’ started

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: realm

‘realm-001’ (named ‘kopa’) started

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-001’ (named ‘server’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-002’ (named ‘kopnik’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-003’ (named ‘anonymous’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-004’ (named ‘authenticator’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Router 52731] started component:

authenticator.AuthenticatorSession id=270946683292747

2017-03-23T05:23:51+0000 [Router 52731] WAMP-Ticket dynamic authenticator

registered!

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: component

‘component-001’ started

2017-03-23T05:23:51+0000 [Router 52731] Loaded 4 cookie records from file.

Cookie store has 3 entries.

2017-03-23T05:23:51+0000 [Router 52731] File-backed cookie store active

/home/ubuntu/htdocs/kp-client/.crossbar/cookies.dat

2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS key from

/etc/letsencrypt/live/kopnik.org/privkey.pem

2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS certificate

from /etc/letsencrypt/live/kopnik.org/fullchain.pem

2017-03-23T05:23:51+0000 [Router 52731] Using secure default TLS ciphers

2017-03-23T05:23:51+0000 [Router 52731] No OpenSSL DH parameter file set -

DH cipher modes will be deactive!

2017-03-23T05:23:51+0000 [Router 52731] OpenSSL is using elliptic curve

prime256v1 (NIST P-256)

2017-03-23T05:23:51+0000 [Router 52731] Site (TLS) starting on 443

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: transport

‘transport-001’ started

config.json

{

“version”: 2,

“workers”: [

{
  "type": "router",
  "options": {
    "pythonpath": [
      ".",
      "/usr/lib/python3/dist-packages"
    ]
  },
  "realms": [
    {
      "name": "kopa",
      "roles": [
        {
          "name": "server",
          "permissions": [
            {
              "uri": "ru",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": true,
                "publish": true,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": true
            },
            {
              "uri": "wamp",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": true
            }
          ]
        },
        {
          "name": "kopnik",
          "permissions": [
            {
              "uri": "ru",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": true,
                "publish": true,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": false
            }
          ]
        },
        {
          "name": "anonymous",
          "permissions": [
            {
              "uri": "ru.kopa.registration",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": false
              }
            },
            {
              "uri": "ru.kopa.model.create",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": false
              }
            }
          ]
        },
        {
          "name": "authenticator",
          "permissions": [
            {
              "uri": "org.kopnik.authenticate",
              "match": "prefix",
              "allow": {
                "call": false,
                "register": true,
                "publish": false,
                "subscribe": false
              },
              "disclose": {
                "caller": false,
                "publisher": false
              },
              "cache": false
            }
          ]
        }
      ]
    }
  ],
  "transports": [
    {
      "type": "web",
      "endpoint": {
        "type": "tcp",
        "port": 443,
        "tls": {
          "certificate":

“/etc/letsencrypt/live/kopnik.org/fullchain.pem”,

          "key": "/etc/letsencrypt/live/[kopnik.org/privkey.pem](http://kopnik.org/privkey.pem)"
        }
      },
      "paths": {
        "/": {
          "type": "static",
          "directory": "../dist"
        },
        "ws": {
          "type": "websocket",
          "options":{
            "enable_webstatus": true,
            "max_frame_size": 1048576,
            "max_message_size": 1048576,
            "auto_fragment_size": 65536,
            "fail_by_drop": true,
            "open_handshake_timeout": 2500,
            "close_handshake_timeout": 1000,
            "auto_ping_interval": 10000,
            "auto_ping_timeout": 5000,
            "auto_ping_size": 4
          },
          "serializers": [
            "json"
          ],
          "cookie": {
            "store": {
              "type": "file",
              "filename": "cookies.dat"
            }
          },
          "auth": {
            "ticket": {
              "type": "dynamic",
              "authenticator": "org.kopnik.authenticate"
            },
            "anonymous": {
              "type": "static",
              "role": "anonymous"
            },
            "cookie": {
            }
          }
        }
      }
    }
  ],
  "components": [
    {
      "type": "class",
      "classname": "authenticator.AuthenticatorSession",
      "realm": "kopa",
      "role": "authenticator"
    }
  ]
}

]

}

0 Likes

#6

Ok, just to expand on that a little, it looks like over the iterations I missed a bit, adding;

“chain_certificates”: ["/etc/letsencrypt/live/studio1.iflexrts.uk/chain.pem"]

``

Gives me an “A” rating on ssltest … :slight_smile:

···

On Sunday, 2 April 2017 12:39:08 UTC+1, Gareth Bult wrote:

Simplification for those unfamiliar with TLS might be quite a nice idea … “ciphers” for example, maybe could be a default setting (?) … I’ve been able to make it work, but I’m a long way from full understanding everything I have configured. If it helps, this is what I’m running;

“endpoint”: {
“port”: 443,
“tls”: {
“ciphers”: “ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:”,
“dhparam”: “/etc/letsencrypt/live/mydomain.com/dhparam.pem”,
“key”: “/etc/letsencrypt/live/mydomain.com/privkey.pem”,
“certificate”: “/etc/letsencrypt/live/mydomain.com/cert.pem

},
“type”: “tcp”
},

``

dhparam generated with;

openssl dhparam -2 4096 -out /etc/letsencrypt/live/mydomain.com/dhparam.pem

``

I’m checking my results with this;

https://www.ssllabs.com/ssltest

I seem to be getting a reasonable result, happy to receive any pointers if it could be better …

Just as a matter of interest, I work via a system based on “.ini” files that autogenerates my config.json (iflexstudio), and in my .ini file I have;

letsencrypt = true
domain = mydomain.com

``

This takes away pretty much all of the pain for the average programmer who’s not a security expert …

Gareth.

On Sunday, 2 April 2017 06:51:42 UTC+1, Алексей Баранов wrote:

We are very inexperienced with TLS configuration. Maybe you can provide full configured letsencrypt (https://letsencrypt.org/) TLS configuration into doc section in future.

By now we have four files from letsencrypt certbot : cert.pem , chain.pem, fullchain.pem nad privkey.pem

As i can understand we should use them all into configuration bun we don’t know how because crossbar tls documentation has another filenames. Can you correct our tls config section please?

вторник, 28 марта 2017 г., 17:57:07 UTC+5 пользователь Tobias Oberstein написал:

Am 28.03.2017 um 14:37 schrieb Алексей Баранов:

Hello!

A few day ago we setted up ssl sertificates with letsencrypt service

(cert.pem, chain.pem, fullchain.pem, privkey.pem). After that we configured

crossbar.json. As a result Google Chrome say that connection is secure but

Firefox and Chrome on Android say connection is not secure. Can you say

what else should we do?

Crossbar.io currently/deliberately does not allow to configure support
for TLS versions earlier than 1.2

Crossbar.io in the default configuration will also only use exactly 4
cipher suits. But you can change that.

Both of above are to protect the innocent, and to motivate people to
move to modern, non-broken crypto.

You can see this here:

https://www.ssllabs.com/ssltest/analyze.html?d=kopnik.org

Btw: your certs are broken … does not include whole cert chain.

you can see what i am talking about if you visit our site

https://kopnik.org .

With regards!

ubuntu@kopnik:~/htdocs/kp-client$ sudo /opt/crossbar/bin/crossbar start

2017-03-23T05:23:48+0000 [Controller 52726] __ __ __ __ __ __ __ __

2017-03-23T05:23:48+0000 [Controller 52726] / |)/ //`|) /\ |) |/

2017-03-23T05:23:48+0000 [Controller 52726] ,| /././|)/~~| . |__/

2017-03-23T05:23:48+0000 [Controller 52726]

2017-03-23T05:23:48+0000 [Controller 52726] Crossbar.io Version: 0.13.2

2017-03-23T05:23:48+0000 [Controller 52726] Node Public Key:

6bdac064e46a1b3f4058f0aa2c8bfdaba8e26bc9eda406868555285f9240d9e5

2017-03-23T05:23:48+0000 [Controller 52726]

2017-03-23T05:23:48+0000 [Controller 52726] Running from node directory

‘/home/ubuntu/htdocs/kp-client/.crossbar’

2017-03-23T05:23:48+0000 [Controller 52726] Controller process starting

(PyPy-EPollReactor) …

2017-03-23T05:23:48+0000 [Controller 52726] Node configuration loaded from

‘config.json’

2017-03-23T05:23:48+0000 [Controller 52726] Node ID ‘kopnik’ set from

hostname

2017-03-23T05:23:48+0000 [Controller 52726] Using default node shutdown

triggers [u’shutdown_on_worker_exit’]

2017-03-23T05:23:48+0000 [Controller 52726] Joined realm ‘crossbar’ on

node management router

2017-03-23T05:23:48+0000 [Controller 52726] Starting Router with ID

‘worker-001’…

2017-03-23T05:23:49+0000 [Router 52731] Worker process starting

(PyPy-EPollReactor) …

2017-03-23T05:23:51+0000 [Controller 52726] Router with ID ‘worker-001’

and PID 52731 started

2017-03-23T05:23:51+0000 [Router 52731] Realm ‘kopa’ started

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: realm

‘realm-001’ (named ‘kopa’) started

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-001’ (named ‘server’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-002’ (named ‘kopnik’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-003’ (named ‘anonymous’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: role

‘role-004’ (named ‘authenticator’) started on realm ‘realm-001’

2017-03-23T05:23:51+0000 [Router 52731] started component:

authenticator.AuthenticatorSession id=270946683292747

2017-03-23T05:23:51+0000 [Router 52731] WAMP-Ticket dynamic authenticator

registered!

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: component

‘component-001’ started

2017-03-23T05:23:51+0000 [Router 52731] Loaded 4 cookie records from file.

Cookie store has 3 entries.

2017-03-23T05:23:51+0000 [Router 52731] File-backed cookie store active

/home/ubuntu/htdocs/kp-client/.crossbar/cookies.dat

2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS key from

/etc/letsencrypt/live/kopnik.org/privkey.pem

2017-03-23T05:23:51+0000 [Router 52731] Loading server TLS certificate

from /etc/letsencrypt/live/kopnik.org/fullchain.pem

2017-03-23T05:23:51+0000 [Router 52731] Using secure default TLS ciphers

2017-03-23T05:23:51+0000 [Router 52731] No OpenSSL DH parameter file set -

DH cipher modes will be deactive!

2017-03-23T05:23:51+0000 [Router 52731] OpenSSL is using elliptic curve

prime256v1 (NIST P-256)

2017-03-23T05:23:51+0000 [Router 52731] Site (TLS) starting on 443

2017-03-23T05:23:51+0000 [Controller 52726] Router ‘worker-001’: transport

‘transport-001’ started

config.json

{

“version”: 2,

“workers”: [

{
  "type": "router",
  "options": {
    "pythonpath": [
      ".",
      "/usr/lib/python3/dist-packages"
    ]
  },
  "realms": [
    {
      "name": "kopa",
      "roles": [
        {
          "name": "server",
          "permissions": [
            {
              "uri": "ru",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": true,
                "publish": true,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": true
            },
            {
              "uri": "wamp",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": true
            }
          ]
        },
        {
          "name": "kopnik",
          "permissions": [
            {
              "uri": "ru",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": true,
                "publish": true,
                "subscribe": true
              },
              "disclose": {
                "caller": true,
                "publisher": true
              },
              "cache": false
            }
          ]
        },
        {
          "name": "anonymous",
          "permissions": [
            {
              "uri": "ru.kopa.registration",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": false
              }
            },
            {
              "uri": "ru.kopa.model.create",
              "match": "prefix",
              "allow": {
                "call": true,
                "register": false,
                "publish": false,
                "subscribe": false
              }
            }
          ]
        },
        {
          "name": "authenticator",
          "permissions": [
            {
              "uri": "org.kopnik.authenticate",
              "match": "prefix",
              "allow": {
                "call": false,
                "register": true,
                "publish": false,
                "subscribe": false
              },
              "disclose": {
                "caller": false,
                "publisher": false
              },
              "cache": false
            }
          ]
        }
      ]
    }
  ],
  "transports": [
    {
      "type": "web",
      "endpoint": {
        "type": "tcp",
        "port": 443,
        "tls": {
          "certificate":

“/etc/letsencrypt/live/kopnik.org/fullchain.pem”,

          "key": "/etc/letsencrypt/live/[kopnik.org/privkey.pem](http://kopnik.org/privkey.pem)"
        }
      },
      "paths": {
        "/": {
          "type": "static",
          "directory": "../dist"
        },
        "ws": {
          "type": "websocket",
          "options":{
            "enable_webstatus": true,
            "max_frame_size": 1048576,
            "max_message_size": 1048576,
            "auto_fragment_size": 65536,
            "fail_by_drop": true,
            "open_handshake_timeout": 2500,
            "close_handshake_timeout": 1000,
            "auto_ping_interval": 10000,
            "auto_ping_timeout": 5000,
            "auto_ping_size": 4
          },
          "serializers": [
            "json"
          ],
          "cookie": {
            "store": {
              "type": "file",
              "filename": "cookies.dat"
            }
          },
          "auth": {
            "ticket": {
              "type": "dynamic",
              "authenticator": "org.kopnik.authenticate"
            },
            "anonymous": {
              "type": "static",
              "role": "anonymous"
            },
            "cookie": {
            }
          }
        }
      }
    }
  ],
  "components": [
    {
      "type": "class",
      "classname": "authenticator.AuthenticatorSession",
      "realm": "kopa",
      "role": "authenticator"
    }
  ]
}

]

}

0 Likes

#7

Hi Alexei,

you can find the configuration for our demo instance, which uses letsencrypt, here https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#8

Incidentally (just to be pedantic) , I copied the “openssl” command spec above from the docs … if you try to run it, well, I’ve never had the patience to wait to see how long it takes but I suspect it’s many hours. If on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

``

It’s much quicker … (minute or two) … not sure what the implications are, the docs say it’s actually just as secure, and it yields an “A” rating in ssltest …

···

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses letsencrypt, here https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#9

Hi Gareth,

Incidentally (just to be pedantic) , I copied the "openssl" command spec
above from the docs .. if you try to run it, well, I've never had the
patience to wait to see how long it takes but I suspect it's many hours. If

roughly 20min on a AWS t2.medium.

and I though _I_ have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It's much quicker .. (minute or two) ... not sure what the implications
are, the docs say it's actually just as secure, and it yields an "A" rating
in ssltest ...

It is less secure:

"""
  -dsaparam
     If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.
"""

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,
/Tobias

···

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses
letsencrypt, here
https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#10

Ok, I’m timing it to give you an exact answer, but it ain’t a gonna be done in 20 minutes … :slight_smile:

I’m afraid I don’t use AWS - my pockets aren’t that deep! … but I’ve just seen a guy claiming that it takes a bit over an hour on a Digital Ocean instance …

So, I’ll trade you a PHP man page for the Wikipedia page on ‘strong primes’;

Some people suggest that in the key generation process in RSA cryptosystems, the modulus n should be chosen as the product of two strong primes. This makes the factorization of n=pq using Pollard’s p − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as Lenstra elliptic curve factorization and Number Field Sieve algorithm. Given the additional cost of generating strong primes RSA Security do not currently recommend their use in key generation****. Similar (and more technical) argument is also given by Rivest and Silverman.[1]

Which is all beyond me … but given the conclusion, the dsa option is tempting at 30x the performance … :wink:

Gareth.

···

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the “openssl” command spec

above from the docs … if you try to run it, well, I’ve never had the

patience to wait to see how long it takes but I suspect it’s many hours. If

roughly 20min on a AWS t2.medium.

and I though I have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It’s much quicker … (minute or two) … not sure what the implications

are, the docs say it’s actually just as secure, and it yields an “A” rating

in ssltest …

It is less secure:

“”"

-dsaparam

 If this option is used, DSA rather than DH parameters are read or

created; they are converted to DH format. Otherwise, “strong” primes
(such that (p-1)/2 is also prime) will be used for DH parameter
generation. DH parameter generation with the -dsaparam option is much
faster, and the recommended exponent length is shorter, which makes DH
key exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to avoid
small-subgroup attacks that may be possible otherwise.

“”"

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,

/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses

letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#11

Ok faster than I thought!

···

real 50m58.513s
user 50m56.808s
sys 0m1.076s

On Tuesday, 4 April 2017 00:40:37 UTC+1, Gareth Bult wrote:

Ok, I’m timing it to give you an exact answer, but it ain’t a gonna be done in 20 minutes … :slight_smile:

I’m afraid I don’t use AWS - my pockets aren’t that deep! … but I’ve just seen a guy claiming that it takes a bit over an hour on a Digital Ocean instance …

So, I’ll trade you a PHP man page for the Wikipedia page on ‘strong primes’;

Some people suggest that in the key generation process in RSA cryptosystems, the modulus n should be chosen as the product of two strong primes. This makes the factorization of n=pq using Pollard’s p − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as Lenstra elliptic curve factorization and Number Field Sieve algorithm. Given the additional cost of generating strong primes RSA Security do not currently recommend their use in key generation****. Similar (and more technical) argument is also given by Rivest and Silverman.[1]

Which is all beyond me … but given the conclusion, the dsa option is tempting at 30x the performance … :wink:

Gareth.

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the “openssl” command spec

above from the docs … if you try to run it, well, I’ve never had the

patience to wait to see how long it takes but I suspect it’s many hours. If

roughly 20min on a AWS t2.medium.

and I though I have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It’s much quicker … (minute or two) … not sure what the implications

are, the docs say it’s actually just as secure, and it yields an “A” rating

in ssltest …

It is less secure:

“”"

-dsaparam

 If this option is used, DSA rather than DH parameters are read or

created; they are converted to DH format. Otherwise, “strong” primes
(such that (p-1)/2 is also prime) will be used for DH parameter
generation. DH parameter generation with the -dsaparam option is much
faster, and the recommended exponent length is shorter, which makes DH
key exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to avoid
small-subgroup attacks that may be possible otherwise.

“”"

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,

/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses

letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#12

Hi Gareth,
Hi Gareth,
I guess getting to the bottom, and analyzing and assessing the details of the math involved and the particular implementation in OpenSSL, and how it is used in a server would take some time: if you are really into that, probably a good approach would be asking on http://crypto.stackexchange.com/ / I have asked questions myself before there, and the feedback was very informed and useful.
Now, rgd what we (Crossbar.io) recommend in the docs: I am conservative, better burn some CPU cycles (and this is needed only once), and be on the safer side.

···

=========
Regarding the citation from RSA Technologies Inc. below: I now comment as a private person (not as company employee, founder or project member):

I have problems with trust here:

RSA Inc recommended to users/customers to use Dual_EC_DRBG, built that into products, and there are at least open questions whether this was really in the best intentions for users.

So me personally, I don’t take “recommendations” from RSA Inc. as a company at all.

Which doesn’t mean I would trust nobody within that organization. Eg rgd above, engineers and crypto specialists within RSA Inc. might not have been aware of the whole picture available to the management that seem to have driven the recommendations.

As said, I made these comments rgd RSA Inc. as a private person!

=========

So whom do I trust?

For example: Dan Bernstein (djb). https://en.wikipedia.org/wiki/Daniel_J._Bernstein

All the advanced crypto in Crossbar.io (WAMP-cryptosign and WAMP-cryptobox) is built on stuff (https://nacl.cr.yp.to/) from him and his collegues like Tanja Lange (https://www.hyperelliptic.org/tanja/)

Btw: he did his PhD under Lenstra’s supervision - the person referred to in the citation.

Cheers,
/Tobias

Am Dienstag, 4. April 2017 01:40:37 UTC+2 schrieb Gareth Bult:

Ok, I’m timing it to give you an exact answer, but it ain’t a gonna be done in 20 minutes … :slight_smile:

I’m afraid I don’t use AWS - my pockets aren’t that deep! … but I’ve just seen a guy claiming that it takes a bit over an hour on a Digital Ocean instance …

So, I’ll trade you a PHP man page for the Wikipedia page on ‘strong primes’;

Some people suggest that in the key generation process in RSA cryptosystems, the modulus n should be chosen as the product of two strong primes. This makes the factorization of n=pq using Pollard’s p − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as Lenstra elliptic curve factorization and Number Field Sieve algorithm. Given the additional cost of generating strong primes RSA Security do not currently recommend their use in key generation****. Similar (and more technical) argument is also given by Rivest and Silverman.[1]

Which is all beyond me … but given the conclusion, the dsa option is tempting at 30x the performance … :wink:

Gareth.

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the “openssl” command spec

above from the docs … if you try to run it, well, I’ve never had the

patience to wait to see how long it takes but I suspect it’s many hours. If

roughly 20min on a AWS t2.medium.

and I though I have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It’s much quicker … (minute or two) … not sure what the implications

are, the docs say it’s actually just as secure, and it yields an “A” rating

in ssltest …

It is less secure:

“”"

-dsaparam

 If this option is used, DSA rather than DH parameters are read or

created; they are converted to DH format. Otherwise, “strong” primes
(such that (p-1)/2 is also prime) will be used for DH parameter
generation. DH parameter generation with the -dsaparam option is much
faster, and the recommended exponent length is shorter, which makes DH
key exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to avoid
small-subgroup attacks that may be possible otherwise.

“”"

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,

/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses

letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#13

Ok, so I guess there are differing opinions at play (just an observation, my background is in software engineering, definitely not mathematics), and my cynical side is right behind you in not trusting ‘the powers that be’. However, is it a case that in reality this difference may lead to a real-life compromise, or does it mean that the chances of being compromised increase (for example) from 1 in a hundred billion, to 2 in a hundred billion? (i.e. that it doubles the chance of a breach, but the chance is so unlikely it’s irrelevant?)

Is it true that the frequency with which all these keys are regenerated is likely to have a far greater impact on security?

Gareth.

···

On Tuesday, 4 April 2017 09:25:46 UTC+1, Tobias Oberstein wrote:

Hi Gareth,
Hi Gareth,
I guess getting to the bottom, and analyzing and assessing the details of the math involved and the particular implementation in OpenSSL, and how it is used in a server would take some time: if you are really into that, probably a good approach would be asking on http://crypto.stackexchange.com/ / I have asked questions myself before there, and the feedback was very informed and useful.
Now, rgd what we (Crossbar.io) recommend in the docs: I am conservative, better burn some CPU cycles (and this is needed only once), and be on the safer side.

Regarding the citation from RSA Technologies Inc. below: I now comment as a private person (not as company employee, founder or project member):

I have problems with trust here:

RSA Inc recommended to users/customers to use Dual_EC_DRBG, built that into products, and there are at least open questions whether this was really in the best intentions for users.

So me personally, I don’t take “recommendations” from RSA Inc. as a company at all.

Which doesn’t mean I would trust nobody within that organization. Eg rgd above, engineers and crypto specialists within RSA Inc. might not have been aware of the whole picture available to the management that seem to have driven the recommendations.

As said, I made these comments rgd RSA Inc. as a private person!

=========

So whom do I trust?

For example: Dan Bernstein (djb). https://en.wikipedia.org/wiki/Daniel_J._Bernstein

All the advanced crypto in Crossbar.io (WAMP-cryptosign and WAMP-cryptobox) is built on stuff (https://nacl.cr.yp.to/) from him and his collegues like Tanja Lange (https://www.hyperelliptic.org/tanja/)

Btw: he did his PhD under Lenstra’s supervision - the person referred to in the citation.

Cheers,
/Tobias

Am Dienstag, 4. April 2017 01:40:37 UTC+2 schrieb Gareth Bult:

Ok, I’m timing it to give you an exact answer, but it ain’t a gonna be done in 20 minutes … :slight_smile:

I’m afraid I don’t use AWS - my pockets aren’t that deep! … but I’ve just seen a guy claiming that it takes a bit over an hour on a Digital Ocean instance …

So, I’ll trade you a PHP man page for the Wikipedia page on ‘strong primes’;

Some people suggest that in the key generation process in RSA cryptosystems, the modulus n should be chosen as the product of two strong primes. This makes the factorization of n=pq using Pollard’s p − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as Lenstra elliptic curve factorization and Number Field Sieve algorithm. Given the additional cost of generating strong primes RSA Security do not currently recommend their use in key generation****. Similar (and more technical) argument is also given by Rivest and Silverman.[1]

Which is all beyond me … but given the conclusion, the dsa option is tempting at 30x the performance … :wink:

Gareth.

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the “openssl” command spec

above from the docs … if you try to run it, well, I’ve never had the

patience to wait to see how long it takes but I suspect it’s many hours. If

roughly 20min on a AWS t2.medium.

and I though I have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It’s much quicker … (minute or two) … not sure what the implications

are, the docs say it’s actually just as secure, and it yields an “A” rating

in ssltest …

It is less secure:

“”"

-dsaparam

 If this option is used, DSA rather than DH parameters are read or

created; they are converted to DH format. Otherwise, “strong” primes
(such that (p-1)/2 is also prime) will be used for DH parameter
generation. DH parameter generation with the -dsaparam option is much
faster, and the recommended exponent length is shorter, which makes DH
key exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to avoid
small-subgroup attacks that may be possible otherwise.

“”"

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,

/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses

letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#14

Hi Gareth,

Ok, so I guess there are differing opinions at play (just an observation,
my background is in software engineering, definitely not mathematics), and
my cynical side is right behind you in not trusting 'the powers that be'.

I'd call that realistic, not cynical;)

I take it is a matter of fact that state agencies have actively lobbied to subvert security standards and implementations, like using pseudorandom number generators which they knew would be broken - to their advantage.

However, is it a case that in reality this difference may lead to a
real-life compromise, or does it mean that the chances of being compromised
increase (for example) from 1 in a hundred billion, to 2 in a hundred
billion? (i.e. that it doubles the chance of a breach, but the chance is so
unlikely it's irrelevant?)

Is it true that the frequency with which all these keys are regenerated is
likely to have a far greater impact on security?

I don't know.

But why take the chance of an increased risk? Sparing 20-60 min of CPU time once is not worth any chance of an increased risk in my consideration.

Same with support for old clients: in my consideration, it is more important to stay secure, than to support old clients. But again, there will be different opinions ..

Cheers,
/Tobias

···

Am 04.04.2017 um 10:56 schrieb Gareth Bult:

Gareth.

On Tuesday, 4 April 2017 09:25:46 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Hi Gareth,

I guess getting to the bottom, and analyzing and assessing the details of
the math involved and the *particular implementation* in OpenSSL, and how
it is used in a server would take some time: if you are really into that,
probably a good approach would be asking on
http://crypto.stackexchange.com/ / I have asked questions myself before
there, and the feedback was very informed and useful.

Now, rgd what we (Crossbar.io) recommend in the docs: I am conservative,
better burn some CPU cycles (and this is needed only once), and be on the
safer side.

=========

Regarding the citation from RSA Technologies Inc. below: I now comment as
a *_private_ person *(not as company employee, founder or project member):

I have problems with trust here:

* https://en.wikipedia.org/wiki/RSA_Security#Relationship_with_NSA
*
http://www.reuters.com/article/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331

RSA Inc recommended to users/customers to use Dual_EC_DRBG, built that
into products, and there are at least open questions whether this was
really in the best intentions for users.

So me personally, I don't take "recommendations" from RSA Inc. as a
company at all.

Which doesn't mean I would trust nobody within that organization. Eg rgd
above, engineers and crypto specialists within RSA Inc. might not have been
aware of the whole picture available to the _management_ that seem to have
driven the recommendations.

As said, I made these comments rgd RSA Inc. as a private person!

=========

So whom _do_ I trust?

For example: Dan Bernstein (djb).
https://en.wikipedia.org/wiki/Daniel_J._Bernstein

All the advanced crypto in Crossbar.io (WAMP-cryptosign and
WAMP-cryptobox) is built on stuff (https://nacl.cr.yp.to/) from him and
his collegues like Tanja Lange (https://www.hyperelliptic.org/tanja/)

Btw: he did his PhD under Lenstra's supervision - the person referred to
in the citation.

Cheers,
/Tobias

Am Dienstag, 4. April 2017 01:40:37 UTC+2 schrieb Gareth Bult:

Ok, I'm timing it to give you an exact answer, but it ain't a gonna be
done in 20 minutes .. :slight_smile:

I'm afraid I don't use AWS - my pockets aren't that deep! .. but I've
just seen a guy claiming that it takes a bit over an hour on a Digital
Ocean instance ...

So, I'll trade you a PHP man page for the Wikipedia page on 'strong
primes';

Some people suggest that in the key generation

<https://en.wikipedia.org/wiki/Key_generation> process in RSA
<https://en.wikipedia.org/wiki/RSA_(algorithm)> cryptosystems, the
modulus {\displaystyle n}[image: n] should be chosen as the product of
two strong primes. This makes the factorization of {\displaystyle n=pq}[image:
n=pq] using Pollard's *p* − 1 algorithm
<https://en.wikipedia.org/wiki/Pollard's_p_-_1_algorithm> computationally
infeasible. For this reason, strong primes are required by the ANSI
X9.31
<https://en.wikipedia.org/w/index.php?title=ANSI_X9.31&action=edit&redlink=1> standard
for use in generating RSA keys for digital signatures
<https://en.wikipedia.org/wiki/Digital_signature>. However, strong
primes do not protect against modulus factorisation using newer algorithms
such as Lenstra elliptic curve factorization
<https://en.wikipedia.org/wiki/Lenstra_elliptic_curve_factorization>
and Number Field Sieve
<https://en.wikipedia.org/wiki/Number_Field_Sieve> algorithm. Given the
additional cost of generating strong primes *RSA Security
<https://en.wikipedia.org/wiki/RSA_Security> do not currently recommend
their use in key generation <https://en.wikipedia.org/wiki/Key_generation>*
*.* Similar (and more technical) argument is also given by Rivest and
Silverman.[1]
<https://en.wikipedia.org/wiki/Strong_prime#cite_note-rivest-1>

Which is all beyond me .. but given the conclusion, the dsa option is
tempting at 30x the performance ... :wink:

Gareth.

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the "openssl" command

spec

above from the docs .. if you try to run it, well, I've never had the
patience to wait to see how long it takes but I suspect it's many

hours. If

roughly 20min on a AWS t2.medium.

and I though _I_ have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It's much quicker .. (minute or two) ... not sure what the

implications

are, the docs say it's actually just as secure, and it yields an "A"

rating

in ssltest ...

It is less secure:

"""
  -dsaparam
     If this option is used, DSA rather than DH parameters are read or
created; they are converted to DH format. Otherwise, "strong" primes
(such that (p-1)/2 is also prime) will be used for DH parameter
generation. DH parameter generation with the -dsaparam option is much
faster, and the recommended exponent length is shorter, which makes DH
key exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to avoid
small-subgroup attacks that may be possible otherwise.
"""

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,
/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses
letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#15

My (limited) understanding of cracking SSL keys is that it’s a time based function. i.e. the longer you have, the more chance there is you can do it (?) , so whereas strong primes are likely to be more secure but with no ability to quantize by how much, I would suggest that switching they key every day is ‘likely’ to be 365x more secure than doing it once per year. (hands up who had a dhparam in operation that’s more then a year old!)

So … (!) … from a security perspective, is it possible that the ability / ease of which keys can be refreshed on a daily basis may be a ‘more’ critical issue?

Is it possible to reload the keys in Crossbar without restarting Crossbar?

Gareth.

···

On Wednesday, 5 April 2017 09:30:30 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 04.04.2017 um 10:56 schrieb Gareth Bult:

Ok, so I guess there are differing opinions at play (just an observation,

my background is in software engineering, definitely not mathematics), and

my cynical side is right behind you in not trusting ‘the powers that be’.

I’d call that realistic, not cynical;)

I take it is a matter of fact that state agencies have actively lobbied
to subvert security standards and implementations, like using
pseudorandom number generators which they knew would be broken - to
their advantage.

However, is it a case that in reality this difference may lead to a

real-life compromise, or does it mean that the chances of being compromised

increase (for example) from 1 in a hundred billion, to 2 in a hundred

billion? (i.e. that it doubles the chance of a breach, but the chance is so

unlikely it’s irrelevant?)

Is it true that the frequency with which all these keys are regenerated is

likely to have a far greater impact on security?

I don’t know.

But why take the chance of an increased risk? Sparing 20-60 min of CPU
time once is not worth any chance of an increased risk in my consideration.

Same with support for old clients: in my consideration, it is more
important to stay secure, than to support old clients. But again, there
will be different opinions …

Cheers,

/Tobias

Gareth.

On Tuesday, 4 April 2017 09:25:46 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Hi Gareth,

I guess getting to the bottom, and analyzing and assessing the details of

the math involved and the particular implementation in OpenSSL, and how

it is used in a server would take some time: if you are really into that,

probably a good approach would be asking on

http://crypto.stackexchange.com/ / I have asked questions myself before

there, and the feedback was very informed and useful.

Now, rgd what we (Crossbar.io) recommend in the docs: I am conservative,

better burn some CPU cycles (and this is needed only once), and be on the

safer side.

=========

Regarding the citation from RSA Technologies Inc. below: I now comment as

a *private person *(not as company employee, founder or project member):

I have problems with trust here:

http://www.reuters.com/article/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331

RSA Inc recommended to users/customers to use Dual_EC_DRBG, built that

into products, and there are at least open questions whether this was

really in the best intentions for users.

So me personally, I don’t take “recommendations” from RSA Inc. as a

company at all.

Which doesn’t mean I would trust nobody within that organization. Eg rgd

above, engineers and crypto specialists within RSA Inc. might not have been

aware of the whole picture available to the management that seem to have

driven the recommendations.

As said, I made these comments rgd RSA Inc. as a private person!

=========

So whom do I trust?

For example: Dan Bernstein (djb).

https://en.wikipedia.org/wiki/Daniel_J._Bernstein

All the advanced crypto in Crossbar.io (WAMP-cryptosign and

WAMP-cryptobox) is built on stuff (https://nacl.cr.yp.to/) from him and

his collegues like Tanja Lange (https://www.hyperelliptic.org/tanja/)

Btw: he did his PhD under Lenstra’s supervision - the person referred to

in the citation.

Cheers,

/Tobias

Am Dienstag, 4. April 2017 01:40:37 UTC+2 schrieb Gareth Bult:

Ok, I’m timing it to give you an exact answer, but it ain’t a gonna be

done in 20 minutes … :slight_smile:

I’m afraid I don’t use AWS - my pockets aren’t that deep! … but I’ve

just seen a guy claiming that it takes a bit over an hour on a Digital

Ocean instance …

So, I’ll trade you a PHP man page for the Wikipedia page on 'strong

primes’;

Some people suggest that in the key generation

<https://en.wikipedia.org/wiki/Key_generation> process in RSA

<https://en.wikipedia.org/wiki/RSA_(algorithm)> cryptosystems, the

modulus {\displaystyle n}[image: n] should be chosen as the product of

two strong primes. This makes the factorization of {\displaystyle n=pq}[image:

n=pq] using Pollard’s p − 1 algorithm

<https://en.wikipedia.org/wiki/Pollard%27s_p_-_1_algorithm> computationally

infeasible. For this reason, strong primes are required by the ANSI

X9.31

<https://en.wikipedia.org/w/index.php?title=ANSI_X9.31&action=edit&redlink=1> standard

for use in generating RSA keys for digital signatures

<https://en.wikipedia.org/wiki/Digital_signature>. However, strong

primes do not protect against modulus factorisation using newer algorithms

such as Lenstra elliptic curve factorization

<https://en.wikipedia.org/wiki/Lenstra_elliptic_curve_factorization>

and Number Field Sieve

<https://en.wikipedia.org/wiki/Number_Field_Sieve> algorithm. Given the

additional cost of generating strong primes *RSA Security

<https://en.wikipedia.org/wiki/RSA_Security> do not currently recommend

their use in key generation <https://en.wikipedia.org/wiki/Key_generation>*

. Similar (and more technical) argument is also given by Rivest and

Silverman.[1]

<https://en.wikipedia.org/wiki/Strong_prime#cite_note-rivest-1>

Which is all beyond me … but given the conclusion, the dsa option is

tempting at 30x the performance … :wink:

Gareth.

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the “openssl” command

spec

above from the docs … if you try to run it, well, I’ve never had the

patience to wait to see how long it takes but I suspect it’s many

hours. If

roughly 20min on a AWS t2.medium.

and I though I have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It’s much quicker … (minute or two) … not sure what the

implications

are, the docs say it’s actually just as secure, and it yields an “A”

rating

in ssltest …

It is less secure:

“”"

-dsaparam

 If this option is used, DSA rather than DH parameters are read or

created; they are converted to DH format. Otherwise, “strong” primes

(such that (p-1)/2 is also prime) will be used for DH parameter

generation. DH parameter generation with the -dsaparam option is much

faster, and the recommended exponent length is shorter, which makes DH

key exchange more efficient. Beware that with such DSA-style DH

parameters, a fresh DH key should be created for each use to avoid

small-subgroup attacks that may be possible otherwise.

“”"

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,

/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses

letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes

#16

I think you are confusing things here.

dhparam group is one input for the Diffi-Hellman based TLS session key negotiation, which anyway happens on a per TLS session basis

and this is different from the TLS server keys ..

Anyway: use it (dhparam 4096 bits with as documented in CB docs) .. or not;) your choice ..

···

Am 05.04.2017 um 11:11 schrieb Gareth Bult:

My (limited) understanding of cracking SSL keys is that it's a time based
function. i.e. the longer you have, the more chance there is you can do it
(?) , so whereas strong primes are likely to be more secure but with no
ability to quantize by how much, I would suggest that switching they key
every day is 'likely' to be 365x more secure than doing it once per year.
(hands up who had a dhparam in operation that's more then a year old!)

So .. (!) .. from a security perspective, is it possible that the ability /
ease of which keys can be refreshed on a daily basis may be a 'more'
critical issue?

Is it possible to reload the keys in Crossbar without restarting Crossbar?

Gareth.

On Wednesday, 5 April 2017 09:30:30 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 04.04.2017 um 10:56 schrieb Gareth Bult:

Ok, so I guess there are differing opinions at play (just an

observation,

my background is in software engineering, definitely not mathematics),

and

my cynical side is right behind you in not trusting 'the powers that

be'.

I'd call that realistic, not cynical;)

I take it is a matter of fact that state agencies have actively lobbied
to subvert security standards and implementations, like using
pseudorandom number generators which they knew would be broken - to
their advantage.

However, is it a case that in reality this difference may lead to a
real-life compromise, or does it mean that the chances of being

compromised

increase (for example) from 1 in a hundred billion, to 2 in a hundred
billion? (i.e. that it doubles the chance of a breach, but the chance is

so

unlikely it's irrelevant?)

Is it true that the frequency with which all these keys are regenerated

is

likely to have a far greater impact on security?

I don't know.

But why take the chance of an increased risk? Sparing 20-60 min of CPU
time once is not worth any chance of an increased risk in my
consideration.

Same with support for old clients: in my consideration, it is more
important to stay secure, than to support old clients. But again, there
will be different opinions ..

Cheers,
/Tobias

Gareth.

On Tuesday, 4 April 2017 09:25:46 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Hi Gareth,

I guess getting to the bottom, and analyzing and assessing the details

of

the math involved and the *particular implementation* in OpenSSL, and

how

it is used in a server would take some time: if you are really into

that,

probably a good approach would be asking on
http://crypto.stackexchange.com/ / I have asked questions myself

before

there, and the feedback was very informed and useful.

Now, rgd what we (Crossbar.io) recommend in the docs: I am

conservative,

better burn some CPU cycles (and this is needed only once), and be on

the

safer side.

=========

Regarding the citation from RSA Technologies Inc. below: I now comment

as

a *_private_ person *(not as company employee, founder or project

member):

I have problems with trust here:

* https://en.wikipedia.org/wiki/RSA_Security#Relationship_with_NSA
*

http://www.reuters.com/article/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331

RSA Inc recommended to users/customers to use Dual_EC_DRBG, built that
into products, and there are at least open questions whether this was
really in the best intentions for users.

So me personally, I don't take "recommendations" from RSA Inc. as a
company at all.

Which doesn't mean I would trust nobody within that organization. Eg

rgd

above, engineers and crypto specialists within RSA Inc. might not have

been

aware of the whole picture available to the _management_ that seem to

have

driven the recommendations.

As said, I made these comments rgd RSA Inc. as a private person!

=========

So whom _do_ I trust?

For example: Dan Bernstein (djb).
https://en.wikipedia.org/wiki/Daniel_J._Bernstein

All the advanced crypto in Crossbar.io (WAMP-cryptosign and
WAMP-cryptobox) is built on stuff (https://nacl.cr.yp.to/) from him

and

his collegues like Tanja Lange (https://www.hyperelliptic.org/tanja/)

Btw: he did his PhD under Lenstra's supervision - the person referred

to

in the citation.

Cheers,
/Tobias

Am Dienstag, 4. April 2017 01:40:37 UTC+2 schrieb Gareth Bult:

Ok, I'm timing it to give you an exact answer, but it ain't a gonna be
done in 20 minutes .. :slight_smile:

I'm afraid I don't use AWS - my pockets aren't that deep! .. but I've
just seen a guy claiming that it takes a bit over an hour on a Digital
Ocean instance ...

So, I'll trade you a PHP man page for the Wikipedia page on 'strong
primes';

Some people suggest that in the key generation

<https://en.wikipedia.org/wiki/Key_generation> process in RSA
<https://en.wikipedia.org/wiki/RSA_(algorithm)> cryptosystems, the
modulus {\displaystyle n}[image: n] should be chosen as the product

of

two strong primes. This makes the factorization of {\displaystyle

n=pq}[image:

n=pq] using Pollard's *p* − 1 algorithm
<https://en.wikipedia.org/wiki/Pollard's_p_-_1_algorithm>

computationally

infeasible. For this reason, strong primes are required by the ANSI
X9.31
<

https://en.wikipedia.org/w/index.php?title=ANSI_X9.31&action=edit&redlink=1>
standard

for use in generating RSA keys for digital signatures
<https://en.wikipedia.org/wiki/Digital_signature>. However, strong
primes do not protect against modulus factorisation using newer

algorithms

such as Lenstra elliptic curve factorization
<https://en.wikipedia.org/wiki/Lenstra_elliptic_curve_factorization>
and Number Field Sieve
<https://en.wikipedia.org/wiki/Number_Field_Sieve> algorithm. Given

the

additional cost of generating strong primes *RSA Security
<https://en.wikipedia.org/wiki/RSA_Security> do not currently

recommend

their use in key generation <

https://en.wikipedia.org/wiki/Key_generation>*

*.* Similar (and more technical) argument is also given by Rivest and
Silverman.[1]
<https://en.wikipedia.org/wiki/Strong_prime#cite_note-rivest-1>

Which is all beyond me .. but given the conclusion, the dsa option is
tempting at 30x the performance ... :wink:

Gareth.

On Monday, 3 April 2017 19:07:43 UTC+1, Tobias Oberstein wrote:

Hi Gareth,

Am 03.04.2017 um 19:55 schrieb Gareth Bult:

Incidentally (just to be pedantic) , I copied the "openssl" command

spec

above from the docs .. if you try to run it, well, I've never had

the

patience to wait to see how long it takes but I suspect it's many

hours. If

roughly 20min on a AWS t2.medium.

and I though _I_ have no patience;)

on the other hand you use this;

openssl dhparam -dsaparam 4096 -out dhparam.pem

It's much quicker .. (minute or two) ... not sure what the

implications

are, the docs say it's actually just as secure, and it yields an "A"

rating

in ssltest ...

It is less secure:

"""
  -dsaparam
     If this option is used, DSA rather than DH parameters are read

or

created; they are converted to DH format. Otherwise, "strong" primes
(such that (p-1)/2 is also prime) will be used for DH parameter
generation. DH parameter generation with the -dsaparam option is much
faster, and the recommended exponent length is shorter, which makes

DH

key exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to avoid
small-subgroup attacks that may be possible otherwise.
"""

https://wiki.openssl.org/index.php/Manual:Dhparam(1)

Cheers,
/Tobias

On Monday, 3 April 2017 10:46:03 UTC+1, Alexander Gödde wrote:

Hi Alexei,

you can find the configuration for our demo instance, which uses
letsencrypt, here

https://github.com/crossbario/crossbar-examples/blob/master/demos/_demo_launcher/.crossbar/config.json

Hope this helps a bit.

(And yes, the docs need improvement regarding this).

Regards,

Alex

0 Likes