Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support OpenSSL version 1.1.1 and TLS protocol version 1.3 #1257

Open
wants to merge 14 commits into
base: master
Choose a base branch
from

Conversation

rdratlos
Copy link

@rdratlos rdratlos commented Apr 3, 2021

OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long
Term Support) release, supported until September 2023. The headline new feature
of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security
(formerly known as SSL) protocol was published by the IETF as RFC8446. This is a
major rewrite of the standard and introduces significant changes, features and
improvements which have been reflected in the new OpenSSL version. Main changes
to be considered by Cherokee webserver:

  • Fully compliant implementation of TLSv1.3 (RFC8446) on by default
  • Support for all five new RFC8446 ciphersuites (TLS v1.3)
  • Full support of minimum and maximum available TLS protocol version configuration

OpenSSL 1.1.1 continues the new strategy of the OpenSSL development team started
in version 1.1.0 to extend automatic configuration of the libssl back-end. This
increases security and removes the burden from application developers to keep
care of the many and various bits and pieces that are required to setup a safe
and powerful TLS back-end.

Current Cherokee implementation does not explicitly support TLSv1.3 and other new
OpenSSL 1.1.1 features. But OpenSSL/libssl back-end silently applies TLSv1.3
encryption of traffic between clients and Cherokee webserver. This is dangerous
as Cherokee application must control SSL/TLS protocol availability and cipher set
configuration for clients. Cherokee is responsible for security and not the used
TLS back-end.

This PR implements a major update of Cherokee's OpenSSL/libssl back-end management
and control. Several issues related to SSL/TLS are fixed. In particular a security
issue that legacy Cherokee webservers even though software has been updated
periodically may still silently offer prohibited SSLv2/v3 protocols to clients.
Per default Cherokee does not make use of these protocols anymore but this can be
overwritten by the SSL/TLS settings within an outdated unattended configuration
file. This update fixes the issue by removing SSLv2/v3 protocol entries from
an existing configuration file during installation.

The following lists provides a short summary of the implemented changes:

  • Support of TLS protocol version 1.3
  • Support of new ciphersuites
  • New default cipher sets
    • Mozilla Intermediate compatible cipher set (OpenSSL 1.1.1 and later)
    • Mozilla Old compatible cipher set (OpenSSL 1.1.0 and previous)
  • Support of min./max. TLS protocol availability configuration
  • New mechanism to apply security updates to existing configuration files during installation and update (e. g. remove SSLv2/v3)
  • New modern TLS protocol and cipher management by Cherokee Admin
  • Update of documentation

Following issue are fixed by this PR:

  • Issue 1256: Missing Support for OpenSSL 1.1.1 and TLS v1.3
  • Issue 1255: Cherokee Ignores SSL/TLS Protocols Supported by OpenSSL
  • Issue 1254: OpenSSL/libssl only Allows to Disable Selected SSL/TLS Protocols
  • Issue 1253: Remove Prohibited SSL Protocols from Configuration File
  • Issue 1252: Trace Function Ignores SSL/TLS Protocol Configuration
  • Issue 1251: Cherokee does not Correctly Build with Local Installation of OpenSSL
  • Issue 1250: Cherokee may use Wrong Python Interpreter
  • Issue 1249: Cherokee does not Correctly Build with Local Installation of OpenSSL
  • Issue 1248: Dead Bug Report Link.

The subsequent set of patches was tested on Ubuntu Focal, Ubuntu Bionic and ArchLinux. The existing build tests all pass. Testing was performed with and without OpenSSL/libssl support, for package as well as local installations of Cherokee webserver and for OpenSSL version 1.1.1 as well as legacy OpenSSL 0.9.8.

Please review and comment.

Cherokee Admin suggests system administrators that they have to enable wanted
SSL/TLS protocols for traffic encryption. In general, OpenSSL accepts all
SSL/TLS protocols requested by clients that are supported if the provided cipher
set and certificates fit.

- Add a new checkbox widget type CheckCfgTextInv with following behaviour:
  ------------------------------------------
  |Checkbox Status|Configuration File Value|
  ------------------------------------------
  |    Checked    |           0            |
  ------------------------------------------
  |  Not Checked  |           1            |
  ------------------------------------------
- Update Cherokee Admin Advanced page to use the new checkbox
- Add a new style for Notice widgets:
  Slim boxes with 50% width compared to normal boxes

Fixes: cherokee#1254

Signed-off-by: Thomas Reim <[email protected]>
SSL/TLS protocols are hardcoded in Cherokee. Neither at build time nor at run-
time SSL/TLS protocols that are supported by the OpenSSL back-end are being
checked. This may lead to the dangerous situation that OpenSSL encrypts HTTPS
traffic using an SSL/TLS encryption, which is not explicitly supported by
Cherokee. Current Cherokee for example does not support TLS protocol version
1.3, which requires ciphersuites for encryption that cannot be configured by
Cherokee.

More and more OS distribution maintainers now control security of their OpenSSL
packages by deactivating unsafe SSL/TLS protocols at build time. For system
administrators it is very difficult to identify the root cause for rejected
HTTPS communication requests due to suddenly unavailable SSL/TLS protocols.
OpenSSL provides only pretty cryptic notifications.

This patch implements following improvements:
- Check SSL/TLS protocols supported by OpenSSL at build time
- configure Displays and logs supported protocols
- Abort build with error message if unsupported protocols are detected
- Check SSL/TLS protocols supported by the actual OpenSSL back-end at runtime
- Log an error message if unsupported protocols are detected
- Command-line option -i provides more detailed information about OpenSSL
  + Build version and actually used version
  + Supported SSL/TLS protocols
  + Maintainer deactivated protocols
- Make SSL/TLS protocol information available to Cherokee Admin scripts
- Fix Cherokee Admin Advanced page to outline support of SSL/TLS protocols:
  + Mark deactivated protocols
  + Warn users if SSL/TLS protocols are detected that are not supported by
    Cherokee
  + Inform users if OpenSSL/libssl is not supported at all

Fixes: cherokee#1255

Signed-off-by: Thomas Reim <[email protected]>
When using modern and safer certificates, e. g. with ECDSA (Elliptic Curve
Digital Signature Algorithm) keys, HTTPS connection setup may be rejected
by OpenSSL/libssl due to outdated the cipher set configured by Cherokee
webserver. Windows 7 clients for example cannot retrieve automatic proxy
configuration via HTTPS anymore. Communication is aborted with typical
strange error notifications, e. g.:
- System
  - Provider
   [ Name]  Schannel
   [ Guid]  {1F678132-5938-4686-9FDC-C8FF68F15C85}
   EventID 36887
   Version 0
   Level 2
   Task 0
   Opcode 0
   Keywords 0x8000000000000000
  - TimeCreated
   [ SystemTime]  2021-02-03T00:36:24.530185900Z
   EventRecordID 319818
   Correlation
  - Execution
   [ ProcessID]  716
   [ ThreadID]  764
    Channel System
    Computer [email protected]
   - Security
   [ UserID]  S-1-5-18
- EventData
  AlertDesc 40
Even recent OpenSSL clients may not be able to securely connect to Cherokee
webserver. Also here error notifications are not too helpful:
CONNECTED(00000003)
139835650114880:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1543:SSL alert number 80
OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long
Term Support) release, supported until September 2023. The headline new feature
of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security
(formerly known as SSL) protocol was published by the IETF as RFC8446. This is a
major rewrite of the standard and introduces significant changes, features and
improvements which have been reflected in the new OpenSSL version. Main changes
to be considered by Cherokee webserver:
- Fully compliant implementation of TLSv1.3 (RFC8446) on by default
- Support for all five new RFC8446 ciphersuites (TLS v1.3)
- Full support of minimum and maximum available TLS protocol version configuration

Recently OS distribution maintainers have started to improve OpenSSL security
by hardcoded configuration of the min. available TLS protocol version for clients
that want to connect to a server using TLS encryption. Cherokee command-line
option cherokee -i now reports this hardcoded setting to users.

Fixes: cherokee#1256

Signed-off-by: Thomas Reim <[email protected]>
The Advanced page has been restructured and is now displayed in two flavours:
1.) OpenSSL version 1.1.1 and later
    Configuration of SSL/TLS protocols is now focused on setting minimum and
    maximum available protocol versions. Since OpenSSL 1.1.1 disabling of
    selected has been deprecated. This section plus a warning has been moved to
    the page's bottom.
2.) OpenSSL version 1.1.0 and below
    System administrator still have to disable selected SSL/TLS protocol
    versions that Cherokee webserver should not offer to its clients.

TLS v1.3 has been added to the page.

On the Virtual Server page Ciphersuites have been added and the hint where to
find suited and safe cipher sets has been adapted to recommend Mozilla
Intermediate compatibility ciphers for OpenSSL 1.1.1 and later. Mozilla
Old compatibility ciphers are recommended of using OpenSSL version 1.1.0 and
below as TLS back-end.

Fixes: cherokee#1256

Signed-off-by: Thomas Reim <[email protected]>
Vulnerable and insecure SSL protocols SSLv2 and SSLv3 must not be used
by applications (RFC7568 and RFC6176).

Recent scans of the Internet at large show that more than 5.9 million Web
servers, comprising 17 percent of all HTTPS-protected machines, directly support
SSLv2. That's a troubling finding, given widely repeated advice that SSLv2 be
disabled. More troubling still, even when a server doesn't allow SSLv2
connections, it may still be susceptible to attack if the underlying RSA key
pair is reused on a separate server that does support the old protocol.
A website, e. g., that forbids SSLv2 may still be vulnerable if its key is used
on an e-mail server that allows SSLv2.

Cherokee disables both protocols by default. Users can override this by
explicitly enabling the protocols in the configuration file. On the other
hand IETF does not allow to use both SSL protocols anymore due to their
vulnerabilities, which also affect security of more recent TLS protocols.
Remove SSLv2 and SSLv3 settings from existing (legacy) configuration files
during installation to allow safe operation of Cherokee webserver.

Users that for whatever reason still require use of SSLv2 or SSLv3 can
enable the protocol again after installation using cherokee-admin.

Note: Use of SSLv2 or SSLv3 also depends on OpenSSL. Recent versions
      of OpenSSL removed SSLv2 and most distribution now also disable
      SSLv3.

This patch adds a new mechanism to Cherokee that allows for intermediate
security updates of the configuration file when a regular update to a new
Cherokee version is not (yet) available.

Fixes: cherokee#1253

Signed-off-by: Thomas Reim <[email protected]>
Compile and linker flags are not correctly set when building Cherokee webserver
using a local (additional) installation of OpenSSL (e. g. in /usr/local/openssl).

When users pass an OpenSSL path, with option, e. g., --with-libssl=/usr/local/openssl
Cherokee checks for existence of:
- libssl and libcrypto in /usr/local/openssl/lib
- openssl in /usr/local/openssl/bin
During further build process these paths are used to analyze, compile and link
Cherokee against the correct TLS back-end.

This patch also adds some further checks of OpenSSL header files.

Fixes: cherokee#1251

Signed-off-by: Thomas Reim <[email protected]>
OpenSSL silently discards invalid ciphers that are provided
within the configured cipher set list. The actually available SSL/TLS
protocols and TLS v1.3 ciphersuites for a virtual server are important
information for system administrators in case of Cherokee not accepting
HTTPS connections.
Without this information it is extremely difficult to investigate on the
root cause of encrypt web traffic issues in the network.

Trace information for each virtual server on the main SSL/TLS configuration
settings.

Fixes: cherokee#1252

Signed-off-by: Thomas Reim <[email protected]>
On modern systems Python3 is now standard. Cherokee has been prepared for this
change. Users can use option --with-python to specify the correct path to
Python2 but some Makefiles ignore this directive (e. g. make test). Furthermore,
Python byte code files that are created during build process are not removed
by the clean target of some Makefiles.

This patch configures Autoconf to detect the correct path to a Python2
interpreter. Autoconf will terminate the build process with error if a Python2
interpreter cannot be found. This is required as Python is also used to compile
Cherokee's error header file.

Python byte code files are no cleaned by make clean.

Fixes: cherokee#1250

Signed-off-by: Thomas Reim <[email protected]>
Cherokee's Autoconf files are pretty outdated. Checking with autoscan results
in several warnings.

Fix autoscan warnings and correct deprecated syntax (e. g. AC_CONFIG_FILES,
AC_OUTPUT).

Fixes: cherokee#1249

Signed-off-by: Thomas Reim <[email protected]>
Fixes: cherokee#1248

Signed-off-by: Thomas Reim <[email protected]>
Since OpenSSL version 1.1.0 the OpenSSL team has implemented a new strategy and
has extended automatic configuration of the libssl back-end. This increases
security and removes the burden from application developers to keep care of the
many and various bits and pieces that are required to setup a safe and powerful
TLS back-end. Several functions have no effect anymore and have been deprecated.

Remove deprecated OpenSSL functions functions from the code if Cherokee is
operated using OpenSSL/libssl version 1.1.0 or later.

In addition, fix OpenSSL related traces. OpenSSL tries to load a PKCS11 engine
for support of smartcard stored keys. This engine is not part of regular OpenSSL
packages and has to be installed on top of OpenSSL. If libcrypto cannot find the
PKCS11 engine library error notifications are issued, which are ignored by
Cherokee, as the missing engine does not harm operation. But system administrators
will find the error messages when operating Cherokee with traces enabled. This is
confusing as the hidden OpenSSL internal errors are not immediately queried during
libssl setup. The first OpenSSL error query is during virtual server setup.
Fix this by immediately querying potential OpenSSL errors during engine setup and
informing users about the requested OpenSSL task.

Signed-off-by: Thomas Reim <[email protected]>
- Added new strings to be translated
- Fixed German translation file (correct translation checked for about 50%)

Signed-off-by: Thomas Reim <[email protected]>
@rdratlos
Copy link
Author

rdratlos commented Apr 3, 2021

Ubuntu packages for Cherokee Webserver with this pull request are available in Launchpad. Supported releases are Ubuntu Focal and Ubuntu Bionic. All packages have been built with option --enable-trace for better testing.
Please follow the instructions of the Launchpad PPA in order to enable the repository and install Cherokee Webserver on your test server.

@skinkie
Copy link
Member

skinkie commented Apr 3, 2021

Thanks for this effort! I'll review this later :-)

@skinkie skinkie self-requested a review April 3, 2021 13:50
@skinkie skinkie self-assigned this Apr 3, 2021
@shannara
Copy link

Hi,

I tested on my side, merged master with your branch, fix little conflicts on qa/Makefile.am and configure.ac.
Warning about obsolete macros, but compile done :
AC_PROG_CC_STDC
AC_PROG_LEX without either yywrap or noyywrap
AC_PROG_LIBTOOL

work wheel with openssl 1.1.1n.
I check on qualys lab, T because it's self cert, if trusted cert A.
TLS 1.3 | Yes
TLS 1.2 | Yes
TLS 1.1 | No
TLS 1.0 | No
SSL 3 | No (disable on my openssl build)
SSL 2 | No

Big thanks rdratlos for stuff.

@skinkie
Copy link
Member

skinkie commented Mar 23, 2023

Yes, I have tested this for many months in production as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants