-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support OpenSSL version 1.1.1 and TLS protocol version 1.3 #1257
base: master
Are you sure you want to change the base?
Support OpenSSL version 1.1.1 and TLS protocol version 1.3 #1257
Conversation
Cherokee Admin suggests system administrators that they have to enable wanted SSL/TLS protocols for traffic encryption. In general, OpenSSL accepts all SSL/TLS protocols requested by clients that are supported if the provided cipher set and certificates fit. - Add a new checkbox widget type CheckCfgTextInv with following behaviour: ------------------------------------------ |Checkbox Status|Configuration File Value| ------------------------------------------ | Checked | 0 | ------------------------------------------ | Not Checked | 1 | ------------------------------------------ - Update Cherokee Admin Advanced page to use the new checkbox - Add a new style for Notice widgets: Slim boxes with 50% width compared to normal boxes Fixes: cherokee#1254 Signed-off-by: Thomas Reim <[email protected]>
SSL/TLS protocols are hardcoded in Cherokee. Neither at build time nor at run- time SSL/TLS protocols that are supported by the OpenSSL back-end are being checked. This may lead to the dangerous situation that OpenSSL encrypts HTTPS traffic using an SSL/TLS encryption, which is not explicitly supported by Cherokee. Current Cherokee for example does not support TLS protocol version 1.3, which requires ciphersuites for encryption that cannot be configured by Cherokee. More and more OS distribution maintainers now control security of their OpenSSL packages by deactivating unsafe SSL/TLS protocols at build time. For system administrators it is very difficult to identify the root cause for rejected HTTPS communication requests due to suddenly unavailable SSL/TLS protocols. OpenSSL provides only pretty cryptic notifications. This patch implements following improvements: - Check SSL/TLS protocols supported by OpenSSL at build time - configure Displays and logs supported protocols - Abort build with error message if unsupported protocols are detected - Check SSL/TLS protocols supported by the actual OpenSSL back-end at runtime - Log an error message if unsupported protocols are detected - Command-line option -i provides more detailed information about OpenSSL + Build version and actually used version + Supported SSL/TLS protocols + Maintainer deactivated protocols - Make SSL/TLS protocol information available to Cherokee Admin scripts - Fix Cherokee Admin Advanced page to outline support of SSL/TLS protocols: + Mark deactivated protocols + Warn users if SSL/TLS protocols are detected that are not supported by Cherokee + Inform users if OpenSSL/libssl is not supported at all Fixes: cherokee#1255 Signed-off-by: Thomas Reim <[email protected]>
When using modern and safer certificates, e. g. with ECDSA (Elliptic Curve Digital Signature Algorithm) keys, HTTPS connection setup may be rejected by OpenSSL/libssl due to outdated the cipher set configured by Cherokee webserver. Windows 7 clients for example cannot retrieve automatic proxy configuration via HTTPS anymore. Communication is aborted with typical strange error notifications, e. g.: - System - Provider [ Name] Schannel [ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85} EventID 36887 Version 0 Level 2 Task 0 Opcode 0 Keywords 0x8000000000000000 - TimeCreated [ SystemTime] 2021-02-03T00:36:24.530185900Z EventRecordID 319818 Correlation - Execution [ ProcessID] 716 [ ThreadID] 764 Channel System Computer [email protected] - Security [ UserID] S-1-5-18 - EventData AlertDesc 40 Even recent OpenSSL clients may not be able to securely connect to Cherokee webserver. Also here error notifications are not too helpful: CONNECTED(00000003) 139835650114880:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1543:SSL alert number 80
OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long Term Support) release, supported until September 2023. The headline new feature of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security (formerly known as SSL) protocol was published by the IETF as RFC8446. This is a major rewrite of the standard and introduces significant changes, features and improvements which have been reflected in the new OpenSSL version. Main changes to be considered by Cherokee webserver: - Fully compliant implementation of TLSv1.3 (RFC8446) on by default - Support for all five new RFC8446 ciphersuites (TLS v1.3) - Full support of minimum and maximum available TLS protocol version configuration Recently OS distribution maintainers have started to improve OpenSSL security by hardcoded configuration of the min. available TLS protocol version for clients that want to connect to a server using TLS encryption. Cherokee command-line option cherokee -i now reports this hardcoded setting to users. Fixes: cherokee#1256 Signed-off-by: Thomas Reim <[email protected]>
The Advanced page has been restructured and is now displayed in two flavours: 1.) OpenSSL version 1.1.1 and later Configuration of SSL/TLS protocols is now focused on setting minimum and maximum available protocol versions. Since OpenSSL 1.1.1 disabling of selected has been deprecated. This section plus a warning has been moved to the page's bottom. 2.) OpenSSL version 1.1.0 and below System administrator still have to disable selected SSL/TLS protocol versions that Cherokee webserver should not offer to its clients. TLS v1.3 has been added to the page. On the Virtual Server page Ciphersuites have been added and the hint where to find suited and safe cipher sets has been adapted to recommend Mozilla Intermediate compatibility ciphers for OpenSSL 1.1.1 and later. Mozilla Old compatibility ciphers are recommended of using OpenSSL version 1.1.0 and below as TLS back-end. Fixes: cherokee#1256 Signed-off-by: Thomas Reim <[email protected]>
Vulnerable and insecure SSL protocols SSLv2 and SSLv3 must not be used by applications (RFC7568 and RFC6176). Recent scans of the Internet at large show that more than 5.9 million Web servers, comprising 17 percent of all HTTPS-protected machines, directly support SSLv2. That's a troubling finding, given widely repeated advice that SSLv2 be disabled. More troubling still, even when a server doesn't allow SSLv2 connections, it may still be susceptible to attack if the underlying RSA key pair is reused on a separate server that does support the old protocol. A website, e. g., that forbids SSLv2 may still be vulnerable if its key is used on an e-mail server that allows SSLv2. Cherokee disables both protocols by default. Users can override this by explicitly enabling the protocols in the configuration file. On the other hand IETF does not allow to use both SSL protocols anymore due to their vulnerabilities, which also affect security of more recent TLS protocols. Remove SSLv2 and SSLv3 settings from existing (legacy) configuration files during installation to allow safe operation of Cherokee webserver. Users that for whatever reason still require use of SSLv2 or SSLv3 can enable the protocol again after installation using cherokee-admin. Note: Use of SSLv2 or SSLv3 also depends on OpenSSL. Recent versions of OpenSSL removed SSLv2 and most distribution now also disable SSLv3. This patch adds a new mechanism to Cherokee that allows for intermediate security updates of the configuration file when a regular update to a new Cherokee version is not (yet) available. Fixes: cherokee#1253 Signed-off-by: Thomas Reim <[email protected]>
Compile and linker flags are not correctly set when building Cherokee webserver using a local (additional) installation of OpenSSL (e. g. in /usr/local/openssl). When users pass an OpenSSL path, with option, e. g., --with-libssl=/usr/local/openssl Cherokee checks for existence of: - libssl and libcrypto in /usr/local/openssl/lib - openssl in /usr/local/openssl/bin During further build process these paths are used to analyze, compile and link Cherokee against the correct TLS back-end. This patch also adds some further checks of OpenSSL header files. Fixes: cherokee#1251 Signed-off-by: Thomas Reim <[email protected]>
OpenSSL silently discards invalid ciphers that are provided within the configured cipher set list. The actually available SSL/TLS protocols and TLS v1.3 ciphersuites for a virtual server are important information for system administrators in case of Cherokee not accepting HTTPS connections. Without this information it is extremely difficult to investigate on the root cause of encrypt web traffic issues in the network. Trace information for each virtual server on the main SSL/TLS configuration settings. Fixes: cherokee#1252 Signed-off-by: Thomas Reim <[email protected]>
On modern systems Python3 is now standard. Cherokee has been prepared for this change. Users can use option --with-python to specify the correct path to Python2 but some Makefiles ignore this directive (e. g. make test). Furthermore, Python byte code files that are created during build process are not removed by the clean target of some Makefiles. This patch configures Autoconf to detect the correct path to a Python2 interpreter. Autoconf will terminate the build process with error if a Python2 interpreter cannot be found. This is required as Python is also used to compile Cherokee's error header file. Python byte code files are no cleaned by make clean. Fixes: cherokee#1250 Signed-off-by: Thomas Reim <[email protected]>
Cherokee's Autoconf files are pretty outdated. Checking with autoscan results in several warnings. Fix autoscan warnings and correct deprecated syntax (e. g. AC_CONFIG_FILES, AC_OUTPUT). Fixes: cherokee#1249 Signed-off-by: Thomas Reim <[email protected]>
Fixes: cherokee#1248 Signed-off-by: Thomas Reim <[email protected]>
Since OpenSSL version 1.1.0 the OpenSSL team has implemented a new strategy and has extended automatic configuration of the libssl back-end. This increases security and removes the burden from application developers to keep care of the many and various bits and pieces that are required to setup a safe and powerful TLS back-end. Several functions have no effect anymore and have been deprecated. Remove deprecated OpenSSL functions functions from the code if Cherokee is operated using OpenSSL/libssl version 1.1.0 or later. In addition, fix OpenSSL related traces. OpenSSL tries to load a PKCS11 engine for support of smartcard stored keys. This engine is not part of regular OpenSSL packages and has to be installed on top of OpenSSL. If libcrypto cannot find the PKCS11 engine library error notifications are issued, which are ignored by Cherokee, as the missing engine does not harm operation. But system administrators will find the error messages when operating Cherokee with traces enabled. This is confusing as the hidden OpenSSL internal errors are not immediately queried during libssl setup. The first OpenSSL error query is during virtual server setup. Fix this by immediately querying potential OpenSSL errors during engine setup and informing users about the requested OpenSSL task. Signed-off-by: Thomas Reim <[email protected]>
Signed-off-by: Thomas Reim <[email protected]>
- Added new strings to be translated - Fixed German translation file (correct translation checked for about 50%) Signed-off-by: Thomas Reim <[email protected]>
Ubuntu packages for Cherokee Webserver with this pull request are available in Launchpad. Supported releases are Ubuntu Focal and Ubuntu Bionic. All packages have been built with option --enable-trace for better testing. |
Thanks for this effort! I'll review this later :-) |
Hi, I tested on my side, merged master with your branch, fix little conflicts on qa/Makefile.am and configure.ac. work wheel with openssl 1.1.1n. Big thanks rdratlos for stuff. |
Yes, I have tested this for many months in production as well. |
OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long
Term Support) release, supported until September 2023. The headline new feature
of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security
(formerly known as SSL) protocol was published by the IETF as RFC8446. This is a
major rewrite of the standard and introduces significant changes, features and
improvements which have been reflected in the new OpenSSL version. Main changes
to be considered by Cherokee webserver:
OpenSSL 1.1.1 continues the new strategy of the OpenSSL development team started
in version 1.1.0 to extend automatic configuration of the libssl back-end. This
increases security and removes the burden from application developers to keep
care of the many and various bits and pieces that are required to setup a safe
and powerful TLS back-end.
Current Cherokee implementation does not explicitly support TLSv1.3 and other new
OpenSSL 1.1.1 features. But OpenSSL/libssl back-end silently applies TLSv1.3
encryption of traffic between clients and Cherokee webserver. This is dangerous
as Cherokee application must control SSL/TLS protocol availability and cipher set
configuration for clients. Cherokee is responsible for security and not the used
TLS back-end.
This PR implements a major update of Cherokee's OpenSSL/libssl back-end management
and control. Several issues related to SSL/TLS are fixed. In particular a security
issue that legacy Cherokee webservers even though software has been updated
periodically may still silently offer prohibited SSLv2/v3 protocols to clients.
Per default Cherokee does not make use of these protocols anymore but this can be
overwritten by the SSL/TLS settings within an outdated unattended configuration
file. This update fixes the issue by removing SSLv2/v3 protocol entries from
an existing configuration file during installation.
The following lists provides a short summary of the implemented changes:
Following issue are fixed by this PR:
The subsequent set of patches was tested on Ubuntu Focal, Ubuntu Bionic and ArchLinux. The existing build tests all pass. Testing was performed with and without OpenSSL/libssl support, for package as well as local installations of Cherokee webserver and for OpenSSL version 1.1.1 as well as legacy OpenSSL 0.9.8.
Please review and comment.