[PATCH] Add support for lower TLS version than default
The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> --- src/config/all-settings.c | 1 + src/lib-master/master-service-ssl-settings.c | 2 ++ src/lib-master/master-service-ssl-settings.h | 1 + src/login-common/ssl-proxy-openssl.c | 15 ++++++++++++++- 4 files changed, 18 insertions(+), 1 deletion(-) --- a/src/config/all-settings.c +++ b/src/config/all-settings.c @@ -308,6 +308,7 @@ struct master_service_ssl_settings { const char *ssl_cert_username_field; const char *ssl_crypto_device; const char *ssl_options; + const char *ssl_lowest_version; bool ssl_verify_client_cert; bool ssl_require_crl; --- a/src/lib-master/master-service-ssl-settings.c +++ b/src/lib-master/master-service-ssl-settings.c @@ -26,6 +26,7 @@ static const struct setting_define maste DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device), + DEF(SET_STR, ssl_lowest_version), DEF(SET_BOOL, ssl_verify_client_cert), DEF(SET_BOOL, ssl_require_crl), DEF(SET_BOOL, verbose_ssl), @@ -54,6 +55,7 @@ static const struct master_service_ssl_s .ssl_protocols = "!SSLv3", #endif .ssl_cert_username_field = "commonName", + .ssl_lowest_version = NULL, .ssl_crypto_device = "", .ssl_verify_client_cert = FALSE, .ssl_require_crl = TRUE, --- a/src/lib-master/master-service-ssl-settings.h +++ b/src/lib-master/master-service-ssl-settings.h @@ -16,6 +16,7 @@ struct master_service_ssl_settings { const char *ssl_cert_username_field; const char *ssl_crypto_device; const char *ssl_options; + const char *ssl_lowest_version; bool ssl_verify_client_cert; bool ssl_require_crl; --- a/src/login-common/ssl-proxy-openssl.c +++ b/src/login-common/ssl-proxy-openssl.c @@ -1302,7 +1302,20 @@ ssl_server_context_init(const struct log if (ctx->prefer_server_ciphers) SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_options(ssl_ctx, openssl_get_protocol_options(ctx->protocols)); - +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + if (ssl_set->ssl_lowest_version) { + if (!strcmp(ssl_set->ssl_lowest_version, "TLS1.0")) + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); + else if (!strcmp(ssl_set->ssl_lowest_version, "TLS1.1")) + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_1_VERSION); + else if (!strcmp(ssl_set->ssl_lowest_version, "TLS1.2")) + SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_2_VERSION); + else + i_fatal("TLS min version: '%s' is invalid. Only " + "'TLS1.0' and 'TLS1.1' is supported", + ssl_set->ssl_lowest_version); + } +#endif if (ctx->pri.cert != NULL && *ctx->pri.cert != '\0' && ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->pri.cert) != 1) { i_fatal("Can't load ssl_cert: %s",
On 26 Aug 2017, at 19.47, Sebastian Andrzej Siewior <sebastian@breakpoint.cc> wrote:
The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system.
..
DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing ssl_protocols setting?
On 2017-08-27 09:32, Timo Sirainen wrote:
On 26 Aug 2017, at 19.47, Sebastian Andrzej Siewior <sebastian@breakpoint.cc> wrote:
The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. .. DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version), Does it really require a new setting? Couldn't it use the existing ssl_protocols setting?
I think we should set the min protocol version from ssl_protocols, by looking at the lowest SSL protocol field there.
Aki
On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss@iki.fi> wrote:
DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing ssl_protocols setting? You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+. If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too.
Sebastian
On 2017-08-27 13:46, Sebastian Andrzej Siewior wrote:
On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss@iki.fi> wrote:
DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version), Does it really require a new setting? Couldn't it use the existing ssl_protocols setting? You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+. If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too.
Sebastian Yes, that was the plan.
Aki
On 2017-08-27 13:47, Aki Tuomi wrote:
On 2017-08-27 13:46, Sebastian Andrzej Siewior wrote:
On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss@iki.fi> wrote:
DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing ssl_protocols setting? You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+. If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too.
Sebastian Yes, that was the plan.
Aki
In fact, OpenSSL docs say:
These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2
protocol versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use SSL_CTX_set_min_proto_version and SSL_CTX_set_max_proto_version instead.
Which seems to imply that OpenSSL would rather people do not turn off 1.1 but leave 1.0 and 1.2 on. So I suppose we will parse the field, and if OpenSSL is recent enough, we use the set_min_proto/set_max_proto instead of directly setting the protocol flags.
Aki
Aki
On 2017-08-27 12:46:59 [+0200], To Timo Sirainen wrote:
On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss@iki.fi> wrote:
DEF(SET_STR, ssl_protocols), DEF(SET_STR, ssl_cert_username_field), DEF(SET_STR, ssl_crypto_device),
- DEF(SET_STR, ssl_lowest_version),
Does it really require a new setting? Couldn't it use the existing ssl_protocols setting? You need to set a minimal version. SSL_PROTOLS can be set tls1.0 and tls1.2 which avoids tls1.1. Not saying that it is a good thing to do. Also you set it to not do sslv2 and sslv3 which then enables tls1.0+. If you want change its definition to use as a minimal version, be my guest. Or if you plan to scan the string and match for the lowest version then this could work, too.
Now that I looked at the source. There is openssl_get_protocol_options() which could be used to figure out the lowest protocol version. Please be aware that SSL_OP_NO_TLSv1 and friends are deprecated as of openssl 1.1.0. So setting an explicit version looks more future proof. I currently don't have an opinion about "always" enabling TLS1.0 by default (since the !SSLv2 !SSLv3 line would enable TLS1.0+ and so set min protocol version TLS1.0). So it is up to you, I could prepare a patch doing that…
Sebastian
participants (3)
-
Aki Tuomi
-
Sebastian Andrzej Siewior
-
Timo Sirainen