Comments (4)
Thank you for your comments. Feel free to disable these protocols in your own software using: SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1);
from openbsd.
That implies rebuilding many Daemons from the OpenBSD-base system because Daemons like httpd/opensmtpd/relayd do not allow a user to select a specific protocol (in this case: a secure protocol).
Since TLS 1.0 and 1.1 are brocken I like to know if your advice is realy the official answer?
Please take a look at the examples I listed because I requested this Change not for people who can modify the Source Code of the Daemons they do use.
Also I like to know about the concerns of dropping the protocol support for 1.0 and 1.1 completly.
It will become inevitable anyway and it complies with the "secure by default" dogma...
from openbsd.
In summary, the goal of LibreSSL is to provide a SSL/TLS library that is backwards compatible with OpenSSL. While increasing security and disabling broken protocols is one of our aims, only around 50% of websites currently support TLSv1.2:
https://www.trustworthyinternet.org/ssl-pulse/
Additionally, there are still a large number of active SSL/TLS clients that only support TLSv1.0 and do not support TLSv1.2. As such, it is a fine line to walk and we're not in a position where we can make the call to make ~50% of websites inaccessible for all users, or make your website inaccessible to, for example, mobile users with Android 4.3. This also does not consider other TLS use cases such as SMTPS/STARTSSL where there is a huge range of legacy clients/servers. In many cases TLSv1.0 is still significantly better than being forced to use clear text HTTP or SMTP since one end does not support TLSv1.2.
In short, while in an ideal world we would make LibreSSL TLSv1.2 only, we are not there yet - the best we can do is continue to set reasonable defaults and encourage system administrators to use appropriate configuration. Current relayd definitely has the ability to disable/enable SSL/TLS protocols on a fine grained level and httpd is likely to gain the same soon. In the mean time, explicitly limiting the cipher suites to TLSv1.2 will prevent earlier protocol versions from being used.
And to make the situation even clearer, TLSv1.2 is also broken unless you are using an AEAD cipher suite:
"everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken"
https://www.imperialviolet.org/2014/12/08/poodleagain.html
Disabling TLSv1.0 and TLSv1.1 will not help here - as the system administrator you need to take this into consideration and choose appropriate protocol and cipher suite configuration based on your users and how many people you are willing to prevent from accessing your site.
from openbsd.
That are indeed strong arguments and I noticed such problems myself related to the last Client we worked for (jdk 1.6.. + massively outdated Linuxfarm). So I am aware of "enterprise" installations wich do have such Issues...
What I would recomment to consider is to disable the old Protocols and unsecure Ciphers-Suites between releases to see the Fallout and allow users to enable them again via a configuration file. Also it would be possible to restore the "backward compatibility" with an Option in a configuration file (/etc/openssl.conf).
People sometimes need to get enforced to update their infrastructure. An always patched Server (be it Debian, Redhat whatever) is capable to talk TLS 1.2 (+AEAD) but a "never touched" SLES 9 wich has never seen any patches has a lot of other security related Issues... (and yes I saw such installations recently...).
Such a configuration option could assist Administrators by breacking their Setups ("Oh there's something in the backend wich needs to get fixed.." or "We need to contact our Software Vendor to get something fixed!") but allowing them to restore the functionality with an Option in a configuration file. JDK7 for example is not worth (even if widely deployed) to get considered because it's EOL in ~6 months ( http://www.oracle.com/technetwork/java/eol-135779.html ) and JDK8 uses TLS 1.2 by default.
Windows Server 2008 is EOL (Mainstream) in Jan 2015 and if you own large Installatiosn you should talk to Microsoft to provide TLS 1.2 there as well. All Recent OS Versions from MS support TLS 1.2 in all Servers (Exchange, IIS ...).
I think both argumentations are valid but my suggestion is far more agressive (I would likely break some SetUps but allow users to restore the old behavior VERSUS There are so many outdated Servers/Installations out there and we won't break anything). What about such a configuration option in the openssl.conf?
You could also do it vice versa and provide an Option wich allows JUST secure Protocols/CipherSuites.
If set in /etc/openssl.conf just secure stuff gets used and if the option is not set (or the file is missing) it works like it does now. But this way a user would have a Choice....
You don't exspect that Users, Administrators or even Developers do realy know about a SetUp if it's old and unsupported for years, or? :-)
I found configuration/programming Issues in Java-Backends and third party (developed) Software by just enforcing TLS 1.0 in the Network of the Client I worked for but I had LoadBallancers wich allowed me to disable exactly some protocols/ciphers. TLS 1.0 because they use still JDK 1.6....
p.s.
I ment TLS 1.2 + AEAD but thank you very much to point it out as well!
from openbsd.
Related Issues (20)
- Is libressl compatible with Linux? HOT 2
- curl-7.73.0 w/ libressl-3.2.2 leaks memory HOT 11
- tls_keypair_load_cert() fail but return no error HOT 2
- SSL_CTX_{g,s}et_security_level HOT 3
- Any possibility of creating a ruby gem for this project? HOT 1
- Inconsistent cert verification errors returned between TLS 1.2 and 1.3 HOT 6
- License information not available HOT 1
- one bug
- stack-buffer-overflow in function x509_constraints_parse_mailbox HOT 2
- TLS 1.3 decrypting support
- SIGSEGV occurred in EVP_MD_CTX_cleanup() immediately after malloc() returned NULL in pkey_hmac_init(). HOT 3
- Missing DSA_meth_set1_name HOT 2
- URI Checks are too strict in subject alt name HOT 2
- netcat may read from invalid file descriptors
- libtls: make the TLS_EOF_NO_CLOSE_NOTIFY bit user-visible
- stack-buffer-overflow(max 5byte) in print_bin() when indent is specified as 124 or more
- SIGSEGV occurs if memory allocation fails in ssl3_setup_init_buffer() called by tls13_use_legacy_stack() when downgrading from TLS1.3. HOT 4
- SSL_get{_peer,}_signature_type_nid implemented but not exported HOT 1
- Compat: Ability to compile without IPv6 support HOT 2
- EVP_get_cipherbynid/EVP_get_digestbynid when given an invalid ID/EVP_get_digestbyname segfaults with NULL argument HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openbsd.