Enabling Post-Quantum Key Agreements with Nginx

Both Google Chrome¹ and CloudFlare² have announced that they are going to spend effort migrating to quantum-resistant cryptography. As one of the first steps both have implemented Kyber768 + X25519 KEM support.

Thankfully these improvements are not only available to Google and CloudFlare customers. Basically everyone can enable X25519Kyber768(Draft00) support in their web server. If they are using relatively modern OpenSSL 3.x. People at OpenQuantumSafe have written a provider for OpenSSL 3.x that provides amongst many others, Kyber and its hybrid KEM schemes. You can find the provider from here: https://github.com/open-quantum-safe/oqs-provider

Building OQS provider

All you have to do is clone the repository, build and install it.

For example:

git clone https://github.com/open-quantum-safe/oqs-provider
cd oqs-provider
mkdir build && cd build
cmake -S ..
cmake --build .
sudo cmake --install .

Enabling OQS provider

Open your OpenSSL configuration (on Ubuntu it's located at /etc/ssl/openssl.cnf).

Just enable the provider by-default, this avoids the need to force software to specifically enable the OQS provider.

# List of providers to load
[provider_sect]
default = default_sect
oqsprovider = oqsprovider_sect
...

[default_sect]
activate = 1

[oqsprovider_sect]
activate = 1

You can check the results using openssl list -kem-algorithms, it should list at least x25519_kyber768 @ oqsprovider.

Allowing Kyber hybrid KEMs

Next step is to enable the KEM in nginx's TLS configuration. No other changes need to be made if your distribution and nginx uses OpenSSL 3.

Locate the line that says ssl_ecdh_curve auto; and replace it with:

ssl_ecdh_curve x25519_kyber768:p384_kyber768:x25519:secp384r1:x448:secp256r1:secp521r1;

The first preference now being X25519Kyber768, then P384Kyber768 for Edge, X25519 for regular clients and the usual for compatibility after that.

After this change, just restart nginx (sudo systemctl restart nginx).

Checking if your browser has PQ KEM support

X25519Kyber768 has been available in Chrome since Chrome 115 (dev trial) and behind a flag after 118 (chrome://flags#enable-tls13-kyber). It's also behind a flag in Edge (edge://flags#edge-post-quantum-kyber). Chrome has also started a gradual rollout and they're at 10% (as of 30.11.2023).

You can test if your browser has Kyber enabled by visiting CloudFlare's test page. You should see kex=X25519Kyber768Draft00.

Besides this site I'm not aware of any that would allow one to test both QUIC and PQ KEMs simultaneously.

Firefox does not yet support X25519Kyber768Draft00, there has been some effort.

Result

If you visit your website with an enabled browser you should be seeing Kyber786 being used.

A secure QUIC connection using X25519Kyber768Draft00 as the key exchange, ECDSA with SHA-384 as the server signature and AES_256_GCM as the cipher. (QUIC + X25519Kyber768Draft00)

Edge will display something like this:

A secure HTTP/TLSv1.3 connection using P384Kyber768 (P384KYBER) as the key exchange, ECDSA with SHA-384 as the server signature and AES_256_GCM as the cipher.

CloudFlare PQ origin pulls

If you use CloudFlare as a reverse proxy, then you can also enable X25519Kyber768 on the first attempt (to save a round trip) using their API:

curl --request PUT \
--url https://api.cloudflare.com/client/v4/zones/[ ZONE_ID ]/id/cache/origin_post_quantum_encryption \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer [ API_TOKEN ]' \
--data '{"value": "preferred"}'

External references

Apple Mail S/MIME

CVE-2023-40440 - Multiple S/MIME implementation issues in Apple Mail result in letters being sent unencrypted against explicit user request and without any warning

xlmdrop.org and xlmget.org scam

I just recently received a small XLM transaction with the memos:

  • Airdrop invite✅xlmdrop.org
  • Airdrop invite✅xlmget.org
  • Airdrop invite✅xlmgate.org

Two of the links redirected to scammy lumengate.org/airdropxlm.

For those Googling this: It is a scam! Your wallet's private key is something that allows stealing all of your funds, it is never-ever needed for delivering an airdrop. Please don't paste it into the webpage.

Posted by TaaviE on in Misc. updated Tags: XLM scam.

Enabling TLS-only SMTP on port 465 with Postfix

Enabling TLS-only SMTP on port 465 with Postfix

Implicit TLS is generally considered a better approach to transport encryption than the usual explicit (STARTTLS) TLS everyone is used to, this is why I wanted to enable it in my Postfix.

In the end it's very easy to enable implicit TLS SMTP with Postfix, just add (or uncomment)

-o smtpd_tls_wrappermode=yes

In /etc/postfix/master.cf under smtps inet .... This will run the Postfix SMTP server in the "non-standard" "wrapper" mode, requiring establishing a TLS connection instantly instead of requiring use of the STARTTLS command and being potentially vulnerable to MITM.

It is however recommended to keep using port 25 as well and allow STARTTLS there, this use of port 465 (smtps) seems to actually be standardized in a way, but can confuse older machines, I had some ancient online test break.

NB! This feature is available in Postfix 2.2 and later, if you have an older Postfix version you should really update.

External references

HP MSM720 NTP

How to get HP MSM720 syncing with NTP server

In case you've configured your HP MSM720 from the console, set the NTP type to ntp, and you were wondering why the debug log shows something akin to debug mgetdate Failed TP time synchronization using server time.serv.ver then the mistake is actually very simple.

Issuing ntp protocol ntp means the controller will set the time synchronization protocol to Time Protocol not Network Time Protocol, obvious, isn't it? Just set it to sntp and you're somewhat golden, it's not super accurate but it'll work with more up-to-date things. Though that too has a small issue, it syncs the time very very infrequently, only once every 24h or when you click "Save" in the WebGUI, but it does sync if you were wondering.

Logitech Z4 remote replacement

I recently bought myself a set of Logitech Z4 speakers, unfortunately they didn't come with a remote and the set doesn't work at all without it. So I had to bypass it based on information lying around on the internet. Ironically the most helpful has been a terrible thumbnail that talked about what to connect to bypass having a remote.

Bad PDF thumbnail

Short summary for those that don't want to try and read the image:

4 - 5 for power on (do not misconnect, shorting power to ground or wrong pin will require repairs!)

6 - 7 for right channel enable

1 - 2 for left channel enable

6 - 3 and 1 - 3 trough a 1MOhm resistor for a reasonable amount of bass

Xiaomi Mi 9

I bought a Xiaomi Mi 9, it's a really nice phone. Although it doesn't have a 3.5mm and SD-card slot the rest of the upsides make up for it.

Initial impression is good, everything works as promised although MIUI needs getting accustomed to.

Update: After using it for a few months I am not really complaining, everything I need works nicely and MIUI hasn't generally been an obstacle. The only time I've been annoyed so far was when MIUI blocked bulk contact deletion, very stupid "feature".

GNSS

I also tested out the dual-frequency GNSS, works nicely I can pick up GPS, GALILEO and GLONASS on both bands. However there seems to be no SBAS support on the Xiaomi Mi 9 even though the Snapdragon 855 should support it, maybe it'll get added but looking at how it wasn't promised then I somewhat doubt it unless someone hacks it together. Turns out that they're not always visible, the SBAS satellites. The Mi 9 has SBAS support and it works nicely.

List of satellites I could receive on a passenger plane

Under-screen fingerprint

The under-screen fingerprint scanner works nicely, just as good if not better than what I've seen on other phones. I wouldn't trade it for front-button or back scanner, it's IMHO easier to scan your finger using the front side you're using your phone with anyways.

Gitting git not to be a pain

Are you tired of git always pestering you about your password in one of your 100 repositories cloned into your system? Even worse, do you have multiple git accounts and it's just absolutely maddening?

Ideally one would just use SSH/GPG keys for this, but this issue occurs when using more than one GitHub account.

No longer do you have to search for "git permanently store password" or "git credential helper cache infinite timeout".

There's a solution to this maddening behaviour, just edit your .git/config and your troubles are over, no more stupid behaviour

[user]
            name = Username
            email = Email
            password = Password
          [credential]
            helper = cache

And git just becomes usable.

P.S: You might get:

$ git fetch
          remote: Repository not found.
          fatal: repository 'https://github.com/TaaviE/Gadgetbridge.git/' not found

Just delete ~/.git-credentials, git can't handle storing passwords for multiple accounts properly :')

External references

Posted by TaaviE on in Linux. updated Tags: git.

page 1 | older articles »