Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: set ecdhCurve default to 'auto' #16853

Closed
wants to merge 1 commit into from
Closed

tls: set ecdhCurve default to 'auto' #16853

wants to merge 1 commit into from

Conversation

Hativ
Copy link
Contributor

@Hativ Hativ commented Nov 7, 2017

For best out-of-the-box compatibility there should not be one default ecdhCurve for the tls client, OpenSSL should choose them automatically.

I've had a lot of struggle connecting to a server that did not support the default curve. Many third party modules have no support for setting ecdhCurve, therefore I think the tls client should support as much curves as possible by default. Using 'auto' would achieve this.

Refs: #16196
Refs: #1495
Refs: https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)
Refs: #15206

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

tls

@nodejs-github-bot nodejs-github-bot added the tls Issues and PRs related to the tls subsystem. label Nov 7, 2017
@mscdex mscdex added the semver-major PRs that contain breaking changes and should be released in the next major version. label Nov 7, 2017
@mscdex
Copy link
Contributor

mscdex commented Nov 7, 2017

/cc @nodejs/crypto

Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing tls.DEFAULT_ECDH_CURVE outright is not an option: it's documented and in use in the ecosystem. (edit: Whether it actually worked as intended before v8.6.0 is something of an open question, though.)

Changing it to 'auto' however should be acceptable for node 10.

@tniessen
Copy link
Member

tniessen commented Nov 7, 2017

@Hativ
Copy link
Contributor Author

Hativ commented Nov 7, 2017

@bnoordhuis I've updated my commit.

Copy link
Member

@indutny indutny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, LGTM.

@Trott
Copy link
Member

Trott commented Nov 7, 2017

CI failure on AIX is unrelated. CI is good.

doc/api/tls.md Outdated
@@ -1154,7 +1154,7 @@ added: v0.11.13
-->

The default curve name to use for ECDH key agreement in a tls server. The
default value is `'prime256v1'` (NIST P-256). Consult [RFC 4492] and
default value is `'auto'`. Consult [RFC 4492] and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I searched RFC 4492 and FIPS 186-4 for the word auto, and it does not appear. Could you provide a little more text that says something about what this new value actually does? IIRC, this curve is used for creation of ephemeral ECDH keys, is it that auto will cause the curve used to be the same as the curve in the server's EC certificate?

Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to update the included references. auto is not part of the RFC AFAIK, but rather an OpenSSL definition. Otherwise LGTM.

@Hativ
Copy link
Contributor Author

Hativ commented Nov 8, 2017

@sam-github @tniessen I've updated my commit.

doc/api/tls.md Outdated
@@ -1154,8 +1154,7 @@ added: v0.11.13
-->

The default curve name to use for ECDH key agreement in a tls server. The
default value is `'prime256v1'` (NIST P-256). Consult [RFC 4492] and
[FIPS.186-4] for more details.
default value is `'auto'`. OpenSSL will choose the curve automatically, see the [OpenSSL set curve documentation].
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line should not exceed 80 characters if possible. Also, the description of the ecdhCurve option in tls.createSecureContext already covers what auto means, I would prefer to link to that instead of the OpenSSL documentation. Maybe something like

default value is `'auto'`. See [`tls.createSecureContext()`] for further information.

I guess most users will assume this behavior, auto is a pretty self-explanatory name.

For best out-of-the-box compatibility there should not be one default `ecdhCurve` for the tls client, OpenSSL should choose them automatically.

I've had a lot of struggle connecting to a server that did not support the default curve. Many third party modules have no support for setting `ecdhCurve`, therefore I think the tls client should support as much curves as possible by default. Using `'auto'` would achieve this.

Refs: #16196
Refs: #1495
Refs: https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)
Refs: #15206
@Hativ
Copy link
Contributor Author

Hativ commented Nov 8, 2017

@tniessen I've updated my commit again, using your suggestion.

@tniessen
Copy link
Member

@mhdawson
Copy link
Member

CI is not longer visible so starting a new one: https://ci.nodejs.org/job/node-test-pull-request/11785/

tniessen pushed a commit that referenced this pull request Nov 28, 2017
For best out-of-the-box compatibility there should not be one default
`ecdhCurve` for the tls client, OpenSSL should choose them
automatically.

See https://wiki.openssl.org/index.php/Manual:SSL_CTX_set1_curves(3)

PR-URL: #16853
Refs: #16196
Refs: #1495
Refs: #15206
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@tniessen
Copy link
Member

CI failures are unrelated (centos6-64 is failing on all PRs and AIX is async-hooks/test-graph.signal once again).

Landed in af78840, thank you! 🎉 We are looking forward to future contributions!

@tniessen tniessen closed this Nov 28, 2017
@ghost
Copy link

ghost commented Nov 29, 2017

@tniessen What release version(s) will that commit be part of?

@tniessen
Copy link
Member

tniessen commented Nov 29, 2017

@jacobcabantomski-ct This PR was marked as semver-major, so these changes will not be shipped until node 10 is released.

@sam-github
Copy link
Contributor

sam-github commented Nov 29, 2017

@jacobcabantomski-ct and @nodejs/crypto and @nodejs/lts - would there be interest in my PRing a --tls-default-ecdh-curve= CLI option? That would be semver-minor, so it could be easily backported, and would allow using NODE_OPTIONS=--tls-default-ecdh-curve=auto across all the release lines to set the curve to "auto".

@ghost
Copy link

ghost commented Nov 29, 2017

@sam-github That would be very helpful in the short/medium term until 10 is out next fall.

@rodrigok
Copy link

rodrigok commented Jan 5, 2018

NODE_OPTIONS=--tls-default-ecdh-curve=auto seems to be a good option meanwhile

@mhdawson
Copy link
Member

@sam-github any chance you are going to have time to look at implementing your suggestion in the near future ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
semver-major PRs that contain breaking changes and should be released in the next major version. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.