Disabling SSLv3 or other TLS versions (1.0, 1.1) and unsecure ciphers when listening ssl ?

berrfred commented 2 years ago

Is it possible to disable SSLv3 and possibly also TLSv1.0 / TLSv1.1 when listening ssl ?

Nmap reports unsecure protocols / ciphers:

grobian commented 2 years ago

it isn't but probably a good idea to add something to allow setting which versions/ciphers, etc.

berrfred commented 2 years ago

I've checked that if the relay was compiled with OpenSSL 1.1.1 then we can play with the openssl.cnf configuration file (MinProtocol, CipherString, CipherSuites) to have everything under control... and then it is not necessary to implement those parameters at the application level.

Unfortunately this not true any longer if the relay was compiled with a previous OpenSSL release such as 1.0.2k that we commonly find on CentOS7 systems. In that case it would be helpful to have some parameters at the application level.

Please let me know if you can think of any other solution. Thanks

flucrezia commented 2 years ago

Hi Frederic, one possible, different solution, without touching the carbon-c-relay code would be to add an HAproxy in front of the relay to terminate TLS/SSL connections...I don't know if this is suited for your scenario but it's a fast, clean and "micro-service" oriented setup. Regards, Francesco

grobian commented 2 years ago

I tried implementing support for this (per listener), I'd appreciate some feedback whether or not this is useful :) thanks!

berrfred commented 2 years ago

I tried implementing support for this (per listener), I'd appreciate some feedback whether or not this is useful :) thanks!

That would definitely be very useful in my case and I am available to test it asap. Putting HAproxy in front of the relay as suggested is an option but it sounds a bit like hiding the dust under the carpet and that would surely not pass a security audit.

grobian commented 2 years ago

just to be sure, I made the commit, do you need something in order to build from git sources?

berrfred commented 2 years ago

just to be sure, I made the commit, do you need something in order to build from git sources?

I think you should explain me the right procedure to achieve building from git sources ... I have downloaded sources and tried as I usually do with the release version: configure and then make. Also installed automake and autoconf as I got some errors trying to run make.

Now I'm stuck with the following errors:

CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh '/home/frederic/Downloads/INSTALL/carbon-c-relay-master/missing' aclocal-1.16 -I m4
aclocal-1.16: warning: couldn't open directory 'm4': No such file or directory
configure.ac:4: error: Autoconf version 2.71 or higher is required
configure.ac:4: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal-1.16: error: echo failed with exit status: 63
WARNING: 'aclocal-1.16' is probably too old.
         You should only need it if you modified 'acinclude.m4' or
         'configure.ac' or m4 files included by 'configure.ac'.
         The 'aclocal' program is part of the GNU Automake package:
         <https://www.gnu.org/software/automake>
         It also requires GNU Autoconf, GNU m4 and Perl in order to run:
         <https://www.gnu.org/software/autoconf>
         <https://www.gnu.org/software/m4/>
         <https://www.perl.org/>
make: *** [Makefile:507: aclocal.m4] Error 63

P.S. I'm using Fedora fc35 to give a first try, then I'll have to build on CentOS 7 ... both systems have autoconf 2.69 available.

berrfred commented 2 years ago

Solved after downloading and compiling autoconf 2.71 + installing libtool.

Also checked protomin parameter works fine on my Fedora laptop, e.g. setting tls1.3 would exclude tls1.2 (previous versions are already excluded by default OpenSSL 1.1.1l configuration).

Will compile and check tomorrow morning on the CentOS 7 target system with OpenSSL 1.0.2k.

grobian commented 2 years ago

ah, sorry. --disable-maintainer-mode configure argument should help a bit with this

berrfred commented 2 years ago

Does not compile on CentOS 7 ... which makes sense since I believe TLS1_3_VERSION does not exist in OpenSSL 1.0.2k.

gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT relay.o -MD -MP -MF .deps/relay.Tpo -c -o relay.o relay.c
In file included from relay.c:39:0:
router.h:66:21: error: ‘TLS1_3_VERSION’ undeclared here (not in a function)
  TLSVER(_rp_TLS1_3, TLS1_3_VERSION)
                     ^
router.h:56:26: note: in definition of macro ‘TLSVER’
 # define TLSVER(S,V) S = V

grobian commented 2 years ago

ah, ok

--- a/router.h
+++ b/router.h
@@ -54,6 +54,9 @@ typedef struct {
  * reference them, even though they will never get used */
 #ifdef HAVE_SSL
 # define TLSVER(S,V) S = V
+# ifndef TLS1_3_VERSION
+#  define TLS1_3_VERSION 0x0304
+# endif
 #else
 # define TLSVER(S,V) S
 #endif

does that work for you?

berrfred commented 2 years ago

make[1]: Entering directory `/root/Downloads/carbon-c-relay-master'
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT relay.o -MD -MP -MF .deps/relay.Tpo -c -o relay.o relay.c
mv -f .deps/relay.Tpo .deps/relay.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT md5.o -MD -MP -MF .deps/md5.Tpo -c -o md5.o md5.c
mv -f .deps/md5.Tpo .deps/md5.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT consistent-hash.o -MD -MP -MF .deps/consistent-hash.Tpo -c -o consistent-hash.o consistent-hash.c
mv -f .deps/consistent-hash.Tpo .deps/consistent-hash.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT receptor.o -MD -MP -MF .deps/receptor.Tpo -c -o receptor.o receptor.c
receptor.c: In function ‘ssllisten’:
receptor.c:41:2: warning: implicit declaration of function ‘TLS_server_method’ [-Wimplicit-function-declaration]
  const SSL_METHOD *m = TLS_server_method();
  ^
receptor.c:41:24: warning: initialization makes pointer from integer without a cast [enabled by default]
  const SSL_METHOD *m = TLS_server_method();
                        ^
receptor.c:52:3: warning: implicit declaration of function ‘SSL_CTX_set_min_proto_version’ [-Wimplicit-function-declaration]
   if (SSL_CTX_set_min_proto_version(lsnr->ctx, lsnr->protomin) == 0) {
   ^
receptor.c:59:3: warning: implicit declaration of function ‘SSL_CTX_set_max_proto_version’ [-Wimplicit-function-declaration]
   if (SSL_CTX_set_max_proto_version(lsnr->ctx, lsnr->protomax) == 0) {
   ^
mv -f .deps/receptor.Tpo .deps/receptor.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT dispatcher.o -MD -MP -MF .deps/dispatcher.Tpo -c -o dispatcher.o dispatcher.c
mv -f .deps/dispatcher.Tpo .deps/dispatcher.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT conffile.tab.o -MD -MP -MF .deps/conffile.tab.Tpo -c -o conffile.tab.o conffile.tab.c
mv -f .deps/conffile.tab.Tpo .deps/conffile.tab.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT conffile.yy.o -MD -MP -MF .deps/conffile.yy.Tpo -c -o conffile.yy.o conffile.yy.c
mv -f .deps/conffile.yy.Tpo .deps/conffile.yy.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT allocator.o -MD -MP -MF .deps/allocator.Tpo -c -o allocator.o allocator.c
mv -f .deps/allocator.Tpo .deps/allocator.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT router.o -MD -MP -MF .deps/router.Tpo -c -o router.o router.c
mv -f .deps/router.Tpo .deps/router.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT queue.o -MD -MP -MF .deps/queue.Tpo -c -o queue.o queue.c
mv -f .deps/queue.Tpo .deps/queue.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT server.o -MD -MP -MF .deps/server.Tpo -c -o server.o server.c
mv -f .deps/server.Tpo .deps/server.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT collector.o -MD -MP -MF .deps/collector.Tpo -c -o collector.o collector.c
mv -f .deps/collector.Tpo .deps/collector.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT aggregator.o -MD -MP -MF .deps/aggregator.Tpo -c -o aggregator.o aggregator.c
mv -f .deps/aggregator.Tpo .deps/aggregator.Po
gcc -std=gnu11   -o relay relay.o md5.o consistent-hash.o receptor.o dispatcher.o conffile.tab.o conffile.yy.o allocator.o router.o queue.o server.o collector.o aggregator.o -lz   -lssl -lcrypto   -lpcreposix -ldl -lm  -pthread
relay.o: In function `main':
/root/Downloads/carbon-c-relay-master/relay.c:873: undefined reference to `SSL_library_init'
/root/Downloads/carbon-c-relay-master/relay.c:874: undefined reference to `SSL_load_error_strings'
/root/Downloads/carbon-c-relay-master/relay.c:875: undefined reference to `OPENSSL_add_all_algorithms_noconf'
receptor.o: In function `ssllisten':
/root/Downloads/carbon-c-relay-master/receptor.c:59: undefined reference to `SSL_CTX_set_max_proto_version'
/root/Downloads/carbon-c-relay-master/receptor.c:52: undefined reference to `SSL_CTX_set_min_proto_version'
server.o: In function `server_new':
/root/Downloads/carbon-c-relay-master/server.c:1109: undefined reference to `SSLv23_client_method'
collect2: error: ld returned 1 exit status
make[1]: *** [relay] Error 1
make[1]: Leaving directory `/root/Downloads/carbon-c-relay-master'
make: *** [all] Error 2

grobian commented 2 years ago

hmmm, joy, let me do some digging here

berrfred commented 2 years ago

Compilation output on a clean CentOS 7 system with regular OpenSSL 1.0.2k


make[1]: Entering directory `/home/gadmin/Downloads/carbon-c-relay-master'
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT relay.o -MD -MP -MF .deps/relay.Tpo -c -o relay.o relay.c
mv -f .deps/relay.Tpo .deps/relay.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT md5.o -MD -MP -MF .deps/md5.Tpo -c -o md5.o md5.c
mv -f .deps/md5.Tpo .deps/md5.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT consistent-hash.o -MD -MP -MF .deps/consistent-hash.Tpo -c -o consistent-hash.o consistent-hash.c
mv -f .deps/consistent-hash.Tpo .deps/consistent-hash.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT receptor.o -MD -MP -MF .deps/receptor.Tpo -c -o receptor.o receptor.c
receptor.c: In function ‘ssllisten’:
receptor.c:41:2: warning: implicit declaration of function ‘TLS_server_method’ [-Wimplicit-function-declaration]
  const SSL_METHOD *m = TLS_server_method();
  ^
receptor.c:41:24: warning: initialization makes pointer from integer without a cast [enabled by default]
  const SSL_METHOD *m = TLS_server_method();
                        ^
receptor.c:52:3: warning: implicit declaration of function ‘SSL_CTX_set_min_proto_version’ [-Wimplicit-function-declaration]
   if (SSL_CTX_set_min_proto_version(lsnr->ctx, lsnr->protomin) == 0) {
   ^
receptor.c:59:3: warning: implicit declaration of function ‘SSL_CTX_set_max_proto_version’ [-Wimplicit-function-declaration]
   if (SSL_CTX_set_max_proto_version(lsnr->ctx, lsnr->protomax) == 0) {
   ^
mv -f .deps/receptor.Tpo .deps/receptor.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT dispatcher.o -MD -MP -MF .deps/dispatcher.Tpo -c -o dispatcher.o dispatcher.c
mv -f .deps/dispatcher.Tpo .deps/dispatcher.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT conffile.tab.o -MD -MP -MF .deps/conffile.tab.Tpo -c -o conffile.tab.o conffile.tab.c
mv -f .deps/conffile.tab.Tpo .deps/conffile.tab.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT conffile.yy.o -MD -MP -MF .deps/conffile.yy.Tpo -c -o conffile.yy.o conffile.yy.c
mv -f .deps/conffile.yy.Tpo .deps/conffile.yy.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT allocator.o -MD -MP -MF .deps/allocator.Tpo -c -o allocator.o allocator.c
mv -f .deps/allocator.Tpo .deps/allocator.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT router.o -MD -MP -MF .deps/router.Tpo -c -o router.o router.c
mv -f .deps/router.Tpo .deps/router.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT queue.o -MD -MP -MF .deps/queue.Tpo -c -o queue.o queue.c
mv -f .deps/queue.Tpo .deps/queue.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT server.o -MD -MP -MF .deps/server.Tpo -c -o server.o server.c
mv -f .deps/server.Tpo .deps/server.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT collector.o -MD -MP -MF .deps/collector.Tpo -c -o collector.o collector.c
mv -f .deps/collector.Tpo .deps/collector.Po
gcc -std=gnu11 -DHAVE_CONFIG_H -I.     -g -O2 -D_GNU_SOURCE -DGIT_VERSION=\"2021-11-09\" -pthread -MT aggregator.o -MD -MP -MF .deps/aggregator.Tpo -c -o aggregator.o aggregator.c
mv -f .deps/aggregator.Tpo .deps/aggregator.Po
gcc -std=gnu11   -o relay relay.o md5.o consistent-hash.o receptor.o dispatcher.o conffile.tab.o conffile.yy.o allocator.o router.o queue.o server.o collector.o aggregator.o -lz   -lssl -lcrypto   -lpcreposix -ldl -lm  -pthread
receptor.o: In function `ssllisten':
/home/gadmin/Downloads/carbon-c-relay-master/receptor.c:41: undefined reference to `TLS_server_method'
/home/gadmin/Downloads/carbon-c-relay-master/receptor.c:59: undefined reference to `SSL_CTX_set_max_proto_version'
/home/gadmin/Downloads/carbon-c-relay-master/receptor.c:52: undefined reference to `SSL_CTX_set_min_proto_version'
collect2: error: ld returned 1 exit status
make[1]: *** [relay] Error 1
make[1]: Leaving directory `/home/gadmin/Downloads/carbon-c-relay-master'
make: *** [all] Error 2```

grobian commented 2 years ago

can you try b4b3a99

berrfred commented 2 years ago

Compiling fine, restricting to tls1.2 works fine ... but we remain with several weak ciphers.

Starting Nmap 7.92SVN ( https://nmap.org ) at 2022-02-07 10:55 CET
Nmap scan report for sans-db.telecomitalia.local (10.224.115.43)
Host is up (0.0060s latency).

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       64-bit block cipher IDEA vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Forward Secrecy not supported by any cipher
|_  least strength: C

grobian commented 2 years ago

right, so the next phase here is to somehow select which ciphers to use

grobian commented 2 years ago

ok, can you try d55f953?

I guess ciphers HIGH should get you scores that work better, else you'd have to set the list manually (see ciphers(1))

berrfred commented 2 years ago

Compiles fine. Works fine as before without specifying ciphers. Do not start (coredumps ?) if I use ciphers HIGH in the configuration.

listen
  type linemode transport plain ssl /etc/pki/tls/private/tgds_2048_cert_key.pem protomin tls1.2 ciphers HIGH
    8443 proto tcp
  ;

Is there any other information I can grab to help you ?

● carbon-c-relay.service - Enhanced C implementation of Carbon relay, aggregator and rewriter
   Loaded: loaded (/usr/lib/systemd/system/carbon-c-relay.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/carbon-c-relay.service.d
           └─limits.conf
   Active: failed (Result: start-limit) since Mon 2022-02-07 16:41:59 CET; 3s ago
  Process: 32284 ExecStart=/usr/bin/carbon-c-relay -f /etc/carbon-c-relay.conf $ARGS (code=dumped, signal=SEGV)
 Main PID: 32284 (code=dumped, signal=SEGV)

Feb 07 16:41:59 sans-db systemd[1]: Unit carbon-c-relay.service entered failed state.
Feb 07 16:41:59 sans-db systemd[1]: carbon-c-relay.service failed.
Feb 07 16:41:59 sans-db systemd[1]: carbon-c-relay.service holdoff time over, scheduling restart.
Feb 07 16:41:59 sans-db systemd[1]: Stopped Enhanced C implementation of Carbon relay, aggregator and rewriter.
Feb 07 16:41:59 sans-db systemd[1]: start request repeated too quickly for carbon-c-relay.service
Feb 07 16:41:59 sans-db systemd[1]: Failed to start Enhanced C implementation of Carbon relay, aggregator and rewriter.
Feb 07 16:41:59 sans-db systemd[1]: Unit carbon-c-relay.service entered failed state.
Feb 07 16:41:59 sans-db systemd[1]: carbon-c-relay.service failed.

[7684475.056173] carbon-c-relay[32263]: segfault at 7f50588b7380 ip 00007f50572ca8c1 sp 00007ffeb2c72568 error 4 in libc-2.17.so[7f505715b000+1c4000]
[7684475.437812] carbon-c-relay[32271]: segfault at 7f41c5cf1380 ip 00007f41c47048c1 sp 00007ffcaf7a57e8 error 4 in libc-2.17.so[7f41c4595000+1c4000]
[7684475.687372] carbon-c-relay[32274]: segfault at 7fbc047ad380 ip 00007fbc031c08c1 sp 00007ffd05e4e7e8 error 4 in libc-2.17.so[7fbc03051000+1c4000]
[7684475.933754] carbon-c-relay[32279]: segfault at 7f41afa5a380 ip 00007f41ae46d8c1 sp 00007ffd8ad31ba8 error 4 in libc-2.17.so[7f41ae2fe000+1c4000]
[7684476.186330] carbon-c-relay[32284]: segfault at 7f1e9618f380 ip 00007f1e94ba28c1 sp 00007ffc8d5e9aa8 error 4 in libc-2.17.so[7f1e94a33000+1c4000]

Same behaviour on FC35 with OpenSSL 1.1.1l

[36011.068374] carbon-c-relay[46065]: segfault at 7fa223ae54f8 ip 00007fa223d8295d sp 00007ffdc0f20568 error 4 in libc.so.6[7fa223c2f000+176000]
[36011.068398] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 33 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 57 f3 0f bc c0 c5 f8 77 c3 66 66
[36011.635055] carbon-c-relay[46082]: segfault at 7fde66a594f8 ip 00007fde66cf695d sp 00007ffff19e16f8 error 4 in libc.so.6[7fde66ba3000+176000]
[36011.635104] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 33 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 57 f3 0f bc c0 c5 f8 77 c3 66 66
[36012.127304] carbon-c-relay[46089]: segfault at 7f6281ff14f8 ip 00007f628228e95d sp 00007fffb251d3a8 error 4 in libc.so.6[7f628213b000+176000]
[36012.127334] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 33 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 57 f3 0f bc c0 c5 f8 77 c3 66 66
[36012.618649] carbon-c-relay[46100]: segfault at 7fa01aeff4f8 ip 00007fa01b19c95d sp 00007ffcf6cf5bf8 error 4 in libc.so.6[7fa01b049000+176000]
[36012.618667] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 33 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 57 f3 0f bc c0 c5 f8 77 c3 66 66
[36012.918043] carbon-c-relay[46111]: segfault at 7f71498274f8 ip 00007f7149ac495d sp 00007ffc24f77fd8 error 4 in libc.so.6[7f7149971000+176000]
[36012.918056] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 33 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 57 f3 0f bc c0 c5 f8 77 c3 66 66

grobian commented 2 years ago

cool, crashes for me too, but only on Linux, not on Darwin/macOS

grobian commented 2 years ago

I'm a tool, fix comin' up shortly :)

grobian commented 2 years ago

please try 5a63c36

berrfred commented 2 years ago

Great man ... i'll do some more tests after dinner if family allows, otherwise tomorrow ... but it works as expected.

Starting Nmap 7.92SVN ( https://nmap.org ) at 2022-02-07 19:41 CET
Nmap scan report for sans-db.telecomitalia.local (10.224.115.43)
Host is up (0.0055s latency).

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Forward Secrecy not supported by any cipher
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds

berrfred commented 2 years ago

I made another try with the following configuration and that works perfectly:

listen
  type linemode transport plain ssl /etc/pki/tls/private/tgds_2048_cert_key.pem
    protomin tls1.2 ciphers AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256
    8443 proto tcp
  ;

Starting Nmap 7.92SVN ( https://nmap.org ) at 2022-02-07 21:02 CET
Nmap scan report for sans-db.telecomitalia.local (10.224.115.43)
Host is up (0.013s latency).

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Forward Secrecy not supported by any cipher
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds

berrfred commented 2 years ago

Thanks a lot for your super fast support ... that was also very interesting for me to understand how easily an application can control SSL protocol and ciphers through the api with SSL_CTX_set_options, SSL_CTX_set_cipher_list and SSL_CTX_set_ciphersuites.

Do you plan to issue soon an official 3.7.4 release including those new SSL functionalities or should I start using it as is and an official release will come later ?

Thanks again.

grobian commented 2 years ago

Hey that's great to hear!

I'll give it a few days, perhaps something pops up in your testing, and then I'll make a new release. How about that?

berrfred commented 2 years ago

Fine for me, I think it is a good idea to observe the behaviour in my testing lab until the end of the week and should I see any abnormal behaviour I'll provide a feedback. Otherwise feel free to release.

Hereafter the last test of this morning on my laptop just to check the behaviour with an updated OpenSSL library (1.1.1 instead of 1.0.2 in the lab). I decided to leave open only TLSv1.3 (protomin tls1.3) and that also works fine.

Starting Nmap 7.92SVN ( https://nmap.org ) at 2022-02-08 08:41 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00017s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
2003/tcp open  finger
| ssl-enum-ciphers: 
|   TLSv1.3: 
|     ciphers: 
|       TLS_AKE_WITH_AES_128_CCM_SHA256 (ecdh_x25519) - A
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|     cipher preference: client
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds

grobian commented 2 years ago

good plan! 👍

By the way TLS1.3 basically is TLS1.2 with a restricted set of ciphers IIRC. Dunno why, but for TLS1.3 you can set ciphersuites to any of the 5 that is supported, like TLS_AES_256_GCM_SHA384.

berrfred commented 2 years ago

So far so good ... also made a test with OpenSSL 1.1.1 to try the ciphersuites parameter and that also works fine.

listen
  type linemode transport plain ssl /etc/pki/tls/private/tgds_2048_cert_key.pem
    protomin tls1.3 ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
    2003 proto tcp
  ;

Starting Nmap 7.92SVN ( https://nmap.org ) at 2022-02-09 15:19 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00017s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
2003/tcp open  finger
| ssl-enum-ciphers: 
|   TLSv1.3: 
|     ciphers: 
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|     cipher preference: client
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

berrfred commented 2 years ago

Hi Fabian, everything is fine for me, this is exactly the security evolution that I needed.

In the meantime I was thinking that the "nec plus ultra" security option would be to require a client certificate to be validated against a CAfile containing one or more allowed CA. What do you think of it, do you have time and are you willing to integrate such an option ?

grobian commented 2 years ago

I think you mean mTLS, right?

I need to research how that's done (with OpenSSL), the impact on the code is likely not that big, and it certainly seems to be a mode of operation that's fairly common (in cloud settings). So yes, I'd like to support it, but I cannot estimate at this point how much work it is. Let's do it in another bug though. I'll make a release this weekend for this work, ok?

berrfred commented 2 years ago

Yes, I mean mTLS aka mutual authentication ... I will open another issue just for that ... and yes again the intended use is linked to the evolution towards the cloud where you have less control on source IP to be used in FW settings, therefore relying on a valid client certificate will soon be (if it's not already) the best solution to control who is asking to connect.

Absolutely fine for me, please do release what we have already tested.

grobian commented 2 years ago

released in 3.7.4

grobian / carbon-c-relay

Disabling SSLv3 or other TLS versions (1.0, 1.1) and unsecure ciphers when listening ssl ? #442