-
Notifications
You must be signed in to change notification settings - Fork 894
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Force strong TLS 1.2 cipher suites in download/src/lib.rs because servers offer weak cipher suites #2294
Comments
We are migrating away from the cURL binding toward |
That seems reasonable. However, reqwest is using Schannel on Windows. So Windows 7, 8.0 and 8.1 will connect to cargo.io and other rust-lang servers using only weak cipher suites because Schannel doesn't have required strong TLS 1.2 cipher suites until Windows 10. And Microsoft won't sunset Windows 8-8.1 until 2023. Also, Active Directory policies can disable specific Schannel cipher suites without users knowing, which can create support issues for rustup and cargo. I don't know if I'm the best person to ask @seanmonstar for security-related changes to Is there anyone assigned to be the official Rust security lead? In hindsight, Ken Thompson's hack showed the world in 1984 that compiler updates over the internet today might be a high value target. |
I can't comment much on schannel. As an additional option, reqwest can be configured to use |
Thanks, I updated the issue based on helpful feedback from both of you. The only 9 cipher suites supported by |
Okay, so two things - one we need to configure @x448 Do you want to check if we're already using |
I'd note that we need to be certain that things like the SSL CA certificate bundles etc which tend to be platform specific and configured by openssl will need to be verified as still working under |
@kinnison I'm not seeing There's no clear-cut winner between Although I prefer
Maybe we should consider our own If some unlucky users have employers that want to decrypt HTTPS traffic to gmail.com, etc. we can use native certs to be compatible with MITM decryption appliances. A 2nd rustup binary or command line option would be a "red pill" for some rust programmers compared to silent fallback. FWIW, Windows cert store can get messy even without snooping employers, e.g. Dell's eDellRoot happened after Lenovo's Superfish: https://www.kb.cert.org/vuls/id/925497/ |
I wouldn't want to not be using the native certificate bundles. It's essential for permitting corporate situations where they MITM SSL etc. |
We can have This would give us the desired cipher suites without having to detect their support & specify them on various platforms and it would also use native certificate bundles. I'm new to rust, so I'm not yet confident of my understanding of .toml files for |
If you wish to try this out progressively, you can enable both |
Merely feeding real-world data to https://github.com/trailofbits/siderophile/ may help you identify interesting targets for fuzzing that reach the largest amount of unsafe code, although I'm not sure how well it would work for an FFI-heavy crate such as |
I believe |
(The rustls/webpki/ring audit is starting next week, should take about 2 weeks.) |
Third-party security audit of
|
I was looking at the Cargo manifests for rustup and the download crate and found it pretty confusing that there seem to be like three download backends all enabled by default. Why is that? |
@djc There's two backends, one with two options for TLS provider, because we've still not managed to bottom the problem which means reqwest wasn't working on armel on snapcraft, and we're not certain yet about the TLS provider change, so while we have a default, we're providing options for testing. |
What's the current outlook on this? |
IMO the migration to rustls by default (which has been merged to main, but not yet released) adequately addresses this issue. |
I'm closing this as resolved by #3798 then. Thanks a lot :) |
Describe the problem you are trying to solve
rustup-init.sh was recently updated to force strong TLS 1.2-1.3 cipher suites for downloading files (if supported by local tools). However, rustup itself isn't doing the same.
Schannel in Windows 7, 8, and 8.1 doesn't support the two strong cipher suites offered by rust servers (as of April 23, 2020), so this request is limited in scope to curl-backend + OpenSSL.
Describe the solution you'd like
Use the same strong TLS 1.2-1.3 cipher suites as rustup-init.sh (if supported by OpenSSL) when rustup is using curl-backend + OpenSSL.One way is to configure
reqwest
to userustls
instead ofnative-tls
.rustls
only supports 9 cipher suites and they're the same 9 we want enabled.Author of
reqwest
says,Thanks @kinnison and @seanmonstar for helpful feedback and suggestions.
Notes
Schannel TLS cipher suites in WIndows 8.1
https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8-1
I don't know how much fuzz testing is/was done for ring, rustls, and reqwest.
ring
is in https://github.com/google/oss-fuzz/tree/master/projectsrustls
security audit getting funded (stay tuned, maybe news "few months" from Feb 2020)Get a security audit done rustls/rustls#189
https://github.com/ctz/rustls-native-certs and https://github.com/ctz/webpki-roots and mkcert.org
Implement optional support for rustls #568 (old issue about supporting
rustls
as an option in rustup)The text was updated successfully, but these errors were encountered: