Support OpenSSL version 1.1.1 and TLS protocol version 1.3 #1257
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cherokee Admin suggests system administrators that they have to enable wanted SSL/TLS protocols for traffic encryption. In general, OpenSSL accepts all SSL/TLS protocols requested by clients that are supported if the provided cipher set and certificates fit. - Add a new checkbox widget type CheckCfgTextInv with following behaviour: ------------------------------------------ |Checkbox Status|Configuration File Value| ------------------------------------------ | Checked | 0 | ------------------------------------------ | Not Checked | 1 | ------------------------------------------ - Update Cherokee Admin Advanced page to use the new checkbox - Add a new style for Notice widgets: Slim boxes with 50% width compared to normal boxes Fixes: cherokee#1254 Signed-off-by: Thomas Reim <reimth@gmail.com>
SSL/TLS protocols are hardcoded in Cherokee. Neither at build time nor at run-
time SSL/TLS protocols that are supported by the OpenSSL back-end are being
checked. This may lead to the dangerous situation that OpenSSL encrypts HTTPS
traffic using an SSL/TLS encryption, which is not explicitly supported by
Cherokee. Current Cherokee for example does not support TLS protocol version
1.3, which requires ciphersuites for encryption that cannot be configured by
Cherokee.
More and more OS distribution maintainers now control security of their OpenSSL
packages by deactivating unsafe SSL/TLS protocols at build time. For system
administrators it is very difficult to identify the root cause for rejected
HTTPS communication requests due to suddenly unavailable SSL/TLS protocols.
OpenSSL provides only pretty cryptic notifications.
This patch implements following improvements:
- Check SSL/TLS protocols supported by OpenSSL at build time
- configure Displays and logs supported protocols
- Abort build with error message if unsupported protocols are detected
- Check SSL/TLS protocols supported by the actual OpenSSL back-end at runtime
- Log an error message if unsupported protocols are detected
- Command-line option -i provides more detailed information about OpenSSL
+ Build version and actually used version
+ Supported SSL/TLS protocols
+ Maintainer deactivated protocols
- Make SSL/TLS protocol information available to Cherokee Admin scripts
- Fix Cherokee Admin Advanced page to outline support of SSL/TLS protocols:
+ Mark deactivated protocols
+ Warn users if SSL/TLS protocols are detected that are not supported by
Cherokee
+ Inform users if OpenSSL/libssl is not supported at all
Fixes: cherokee#1255
Signed-off-by: Thomas Reim <reimth@gmail.com>
When using modern and safer certificates, e. g. with ECDSA (Elliptic Curve
Digital Signature Algorithm) keys, HTTPS connection setup may be rejected
by OpenSSL/libssl due to outdated the cipher set configured by Cherokee
webserver. Windows 7 clients for example cannot retrieve automatic proxy
configuration via HTTPS anymore. Communication is aborted with typical
strange error notifications, e. g.:
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36887
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2021-02-03T00:36:24.530185900Z
EventRecordID 319818
Correlation
- Execution
[ ProcessID] 716
[ ThreadID] 764
Channel System
Computer local@local.domain
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 40
Even recent OpenSSL clients may not be able to securely connect to Cherokee
webserver. Also here error notifications are not too helpful:
CONNECTED(00000003)
139835650114880:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1543:SSL alert number 80
OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long Term Support) release, supported until September 2023. The headline new feature of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security (formerly known as SSL) protocol was published by the IETF as RFC8446. This is a major rewrite of the standard and introduces significant changes, features and improvements which have been reflected in the new OpenSSL version. Main changes to be considered by Cherokee webserver: - Fully compliant implementation of TLSv1.3 (RFC8446) on by default - Support for all five new RFC8446 ciphersuites (TLS v1.3) - Full support of minimum and maximum available TLS protocol version configuration Recently OS distribution maintainers have started to improve OpenSSL security by hardcoded configuration of the min. available TLS protocol version for clients that want to connect to a server using TLS encryption. Cherokee command-line option cherokee -i now reports this hardcoded setting to users. Fixes: cherokee#1256 Signed-off-by: Thomas Reim <reimth@gmail.com>
The Advanced page has been restructured and is now displayed in two flavours:
1.) OpenSSL version 1.1.1 and later
Configuration of SSL/TLS protocols is now focused on setting minimum and
maximum available protocol versions. Since OpenSSL 1.1.1 disabling of
selected has been deprecated. This section plus a warning has been moved to
the page's bottom.
2.) OpenSSL version 1.1.0 and below
System administrator still have to disable selected SSL/TLS protocol
versions that Cherokee webserver should not offer to its clients.
TLS v1.3 has been added to the page.
On the Virtual Server page Ciphersuites have been added and the hint where to
find suited and safe cipher sets has been adapted to recommend Mozilla
Intermediate compatibility ciphers for OpenSSL 1.1.1 and later. Mozilla
Old compatibility ciphers are recommended of using OpenSSL version 1.1.0 and
below as TLS back-end.
Fixes: cherokee#1256
Signed-off-by: Thomas Reim <reimth@gmail.com>
Vulnerable and insecure SSL protocols SSLv2 and SSLv3 must not be used
by applications (RFC7568 and RFC6176).
Recent scans of the Internet at large show that more than 5.9 million Web
servers, comprising 17 percent of all HTTPS-protected machines, directly support
SSLv2. That's a troubling finding, given widely repeated advice that SSLv2 be
disabled. More troubling still, even when a server doesn't allow SSLv2
connections, it may still be susceptible to attack if the underlying RSA key
pair is reused on a separate server that does support the old protocol.
A website, e. g., that forbids SSLv2 may still be vulnerable if its key is used
on an e-mail server that allows SSLv2.
Cherokee disables both protocols by default. Users can override this by
explicitly enabling the protocols in the configuration file. On the other
hand IETF does not allow to use both SSL protocols anymore due to their
vulnerabilities, which also affect security of more recent TLS protocols.
Remove SSLv2 and SSLv3 settings from existing (legacy) configuration files
during installation to allow safe operation of Cherokee webserver.
Users that for whatever reason still require use of SSLv2 or SSLv3 can
enable the protocol again after installation using cherokee-admin.
Note: Use of SSLv2 or SSLv3 also depends on OpenSSL. Recent versions
of OpenSSL removed SSLv2 and most distribution now also disable
SSLv3.
This patch adds a new mechanism to Cherokee that allows for intermediate
security updates of the configuration file when a regular update to a new
Cherokee version is not (yet) available.
Fixes: cherokee#1253
Signed-off-by: Thomas Reim <reimth@gmail.com>
Compile and linker flags are not correctly set when building Cherokee webserver using a local (additional) installation of OpenSSL (e. g. in /usr/local/openssl). When users pass an OpenSSL path, with option, e. g., --with-libssl=/usr/local/openssl Cherokee checks for existence of: - libssl and libcrypto in /usr/local/openssl/lib - openssl in /usr/local/openssl/bin During further build process these paths are used to analyze, compile and link Cherokee against the correct TLS back-end. This patch also adds some further checks of OpenSSL header files. Fixes: cherokee#1251 Signed-off-by: Thomas Reim <reimth@gmail.com>
OpenSSL silently discards invalid ciphers that are provided within the configured cipher set list. The actually available SSL/TLS protocols and TLS v1.3 ciphersuites for a virtual server are important information for system administrators in case of Cherokee not accepting HTTPS connections. Without this information it is extremely difficult to investigate on the root cause of encrypt web traffic issues in the network. Trace information for each virtual server on the main SSL/TLS configuration settings. Fixes: cherokee#1252 Signed-off-by: Thomas Reim <reimth@gmail.com>
On modern systems Python3 is now standard. Cherokee has been prepared for this change. Users can use option --with-python to specify the correct path to Python2 but some Makefiles ignore this directive (e. g. make test). Furthermore, Python byte code files that are created during build process are not removed by the clean target of some Makefiles. This patch configures Autoconf to detect the correct path to a Python2 interpreter. Autoconf will terminate the build process with error if a Python2 interpreter cannot be found. This is required as Python is also used to compile Cherokee's error header file. Python byte code files are no cleaned by make clean. Fixes: cherokee#1250 Signed-off-by: Thomas Reim <reimth@gmail.com>
Cherokee's Autoconf files are pretty outdated. Checking with autoscan results in several warnings. Fix autoscan warnings and correct deprecated syntax (e. g. AC_CONFIG_FILES, AC_OUTPUT). Fixes: cherokee#1249 Signed-off-by: Thomas Reim <reimth@gmail.com>
Fixes: cherokee#1248 Signed-off-by: Thomas Reim <reimth@gmail.com>
Since OpenSSL version 1.1.0 the OpenSSL team has implemented a new strategy and has extended automatic configuration of the libssl back-end. This increases security and removes the burden from application developers to keep care of the many and various bits and pieces that are required to setup a safe and powerful TLS back-end. Several functions have no effect anymore and have been deprecated. Remove deprecated OpenSSL functions functions from the code if Cherokee is operated using OpenSSL/libssl version 1.1.0 or later. In addition, fix OpenSSL related traces. OpenSSL tries to load a PKCS11 engine for support of smartcard stored keys. This engine is not part of regular OpenSSL packages and has to be installed on top of OpenSSL. If libcrypto cannot find the PKCS11 engine library error notifications are issued, which are ignored by Cherokee, as the missing engine does not harm operation. But system administrators will find the error messages when operating Cherokee with traces enabled. This is confusing as the hidden OpenSSL internal errors are not immediately queried during libssl setup. The first OpenSSL error query is during virtual server setup. Fix this by immediately querying potential OpenSSL errors during engine setup and informing users about the requested OpenSSL task. Signed-off-by: Thomas Reim <reimth@gmail.com>
Signed-off-by: Thomas Reim <reimth@gmail.com>
- Added new strings to be translated - Fixed German translation file (correct translation checked for about 50%) Signed-off-by: Thomas Reim <reimth@gmail.com>
|
Ubuntu packages for Cherokee Webserver with this pull request are available in Launchpad. Supported releases are Ubuntu Focal and Ubuntu Bionic. All packages have been built with option --enable-trace for better testing. |
|
Thanks for this effort! I'll review this later :-) |
|
Hi, I tested on my side, merged master with your branch, fix little conflicts on qa/Makefile.am and configure.ac. work wheel with openssl 1.1.1n. Big thanks rdratlos for stuff. |
|
Yes, I have tested this for many months in production as well. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long
Term Support) release, supported until September 2023. The headline new feature
of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security
(formerly known as SSL) protocol was published by the IETF as RFC8446. This is a
major rewrite of the standard and introduces significant changes, features and
improvements which have been reflected in the new OpenSSL version. Main changes
to be considered by Cherokee webserver:
OpenSSL 1.1.1 continues the new strategy of the OpenSSL development team started
in version 1.1.0 to extend automatic configuration of the libssl back-end. This
increases security and removes the burden from application developers to keep
care of the many and various bits and pieces that are required to setup a safe
and powerful TLS back-end.
Current Cherokee implementation does not explicitly support TLSv1.3 and other new
OpenSSL 1.1.1 features. But OpenSSL/libssl back-end silently applies TLSv1.3
encryption of traffic between clients and Cherokee webserver. This is dangerous
as Cherokee application must control SSL/TLS protocol availability and cipher set
configuration for clients. Cherokee is responsible for security and not the used
TLS back-end.
This PR implements a major update of Cherokee's OpenSSL/libssl back-end management
and control. Several issues related to SSL/TLS are fixed. In particular a security
issue that legacy Cherokee webservers even though software has been updated
periodically may still silently offer prohibited SSLv2/v3 protocols to clients.
Per default Cherokee does not make use of these protocols anymore but this can be
overwritten by the SSL/TLS settings within an outdated unattended configuration
file. This update fixes the issue by removing SSLv2/v3 protocol entries from
an existing configuration file during installation.
The following lists provides a short summary of the implemented changes:
Following issue are fixed by this PR:
The subsequent set of patches was tested on Ubuntu Focal, Ubuntu Bionic and ArchLinux. The existing build tests all pass. Testing was performed with and without OpenSSL/libssl support, for package as well as local installations of Cherokee webserver and for OpenSSL version 1.1.1 as well as legacy OpenSSL 0.9.8.
Please review and comment.