Force TLS1.2 connections. Only accept and make TLS1.2 connections. DO not accept downgrades to any other version/protocol.

cconstab commented 3 years ago

This is required in server and client code

[x] PoC code @cconstab
[x] Root server
[x] Secondary server
[x] Client code
[x] Other places ?

Everything covered as this is now part of the base Dart Language..

cpswan commented 3 years ago

Moved out of backlog whilst we wait for https://github.com/dart-lang/sdk/issues/37173 to be resolved (it looks like an outcome is near).

cpswan commented 3 years ago

Now we just need to wait for dart-lang/sdk 8062c4c to find its way into a release. As it's a breaking change I think this might not turn up until 2.15

cconstab commented 2 years ago

2.15 is here needs to be tested next!

cpswan commented 2 years ago

2.15 is already in production, as it's been carried along by FROM dart in our Dockerfiles

Some quick tests:

If no TLS version is specified then default behaviour is 1.3:

$ openssl s_client -connect 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone:1912 -ign_eof -brief

CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Peer certificate: CN = 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone
Hash used: SHA256
Signature type: RSA-PSS
Verification: OK
Server Temp Key: X25519, 253 bits
@

If we force TLS 1.2 that works fine:

$ openssl s_client -connect 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone:1912 -tls1_2 -ign_eof -brief

CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Peer certificate: CN = 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone
Hash used: SHA256
Signature type: RSA-PSS
Verification: OK
Supported Elliptic Curve Point Formats: uncompressed
Server Temp Key: X25519, 253 bits
@

But if we force TLS 1.1:

$ openssl s_client -connect 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone:1912 -tls1_1

CONNECTED(00000003)
140164297622848:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

or TLS 1.0:

openssl s_client -connect 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone:1912 -tls1

CONNECTED(00000003)
140024612635968:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

It's a similar picture with the root servers.

@cconstab you had additional items on the original checklist, but I'm not sure how applicable they are, so I think this can be closed.

cpswan commented 2 years ago

A related issue that's still lurking is 3DES support, which is apparently vulnerable to SWEET32 attack:

$ nmap --script ssl-enum-ciphers -p 1912 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone

Starting Nmap 7.80 ( https://nmap.org ) at 2022-01-07 14:27 GMT
Nmap scan report for 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone (34.121.142.209)
Host is up (0.10s latency).
Other addresses for 8fe461b7-9d18-5ccf-9e3b-9ffe4cd09571.hornet.atsign.zone (not scanned): 35.224.8.66 34.69.132.163 34.122.47.129
rDNS record for 34.121.142.209: 209.142.121.34.bc.googleusercontent.com

PORT     STATE SERVICE
1912/tcp open  rhp-iibp
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|_  least strength: C

Nmap done: 1 IP address (1 host up) scanned in 6.95 seconds

cconstab commented 2 years ago

@cpswan thanks for the testing!

Everything covered as this is now part of the base Dart Language..

cconstab commented 2 years ago

testing bot connection

atsign-foundation / at_server

Force TLS1.2 connections. Only accept and make TLS1.2 connections. DO not accept downgrades to any other version/protocol. #124