diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2022-10-23 12:27:02 -0400 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2022-11-30 19:04:38 -0500 |
| commit | 326ace4ffd93582b86effee23c1014477c495eaf (patch) | |
| tree | 2f47753113aaa9aa8934fa229324c33db8fa5a23 /src/mod_mbedtls.c | |
| parent | 126cc8d1d8d141e4b3f268132ae6372360fff0e3 (diff) | |
| download | lighttpd-git-326ace4ffd93582b86effee23c1014477c495eaf.tar.gz | |
[TLS] simplify TLS config; remove deprecated opts
simplify TLS config; remove deprecated options
These scheduled lighttpd behavior changes have been announced over
the past year.
lighttpd aims to provide reasonably secure TLS configuration defaults,
and to periodically review and update TLS configuration defaults.
Doing so reduces the need for distros, packagers, and end-users to
specify their own TLS config customizations, which may then be neglected
or cargo-culted far into the future, instead of being periodically
updated to use stronger defaults.
x-ref:
https://wiki.lighttpd.net/Docs_SSL
Diffstat (limited to 'src/mod_mbedtls.c')
| -rw-r--r-- | src/mod_mbedtls.c | 199 |
1 files changed, 22 insertions, 177 deletions
diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index 2eb80eb5..f85590e2 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -126,12 +126,7 @@ typedef struct { /*(used only during startup; not patched)*/ unsigned char ssl_enabled; /* only interesting for setting up listening sockets. don't use at runtime */ unsigned char ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */ - unsigned char ssl_empty_fragments; - unsigned char ssl_use_sslv2; - unsigned char ssl_use_sslv3; const buffer *ssl_cipher_list; - const buffer *ssl_dh_file; - const buffer *ssl_ec_curve; const buffer *ssl_acme_tls_1; array *ssl_conf_cmd; @@ -164,7 +159,6 @@ typedef struct { unsigned char ssl_verifyclient_export_cert; unsigned char ssl_read_ahead; unsigned char ssl_log_noise; - unsigned char ssl_disable_client_renegotiation; const buffer *ssl_verifyclient_username; const buffer *ssl_acme_tls_1; } plugin_config; @@ -554,7 +548,7 @@ mod_mbedtls_merge_config_cpv (plugin_config * const pconf, const config_plugin_v pconf->ssl_read_ahead = (0 != cpv->v.u); break; case 6: /* ssl.disable-client-renegotiation */ - pconf->ssl_disable_client_renegotiation = (0 != cpv->v.u); + /*(ignored; unsafe renegotiation disabled by default)*/ break; case 7: /* ssl.verifyclient.activate */ pconf->ssl_verifyclient = (0 != cpv->v.u); @@ -1470,29 +1464,11 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) return -1; } - /* mbedtls defaults minimum accepted SSL/TLS protocol version TLS v1.0 - * use of SSL v3 should be avoided, and SSL v2 is not supported */ - #ifdef MBEDTLS_SSL_PROTO_SSL3 - if (s->ssl_use_sslv3) - mbedtls_ssl_conf_min_version(s->ssl_ctx, MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_0); - #endif - if (s->ssl_cipher_list) { if (!mod_mbedtls_ssl_conf_ciphersuites(srv,s,NULL,s->ssl_cipher_list)) return -1; } - if (s->ssl_dh_file) { - if (!mod_mbedtls_ssl_conf_dhparameters(srv, s, s->ssl_dh_file)) - return -1; - } - - if (s->ssl_ec_curve) { - if (!mod_mbedtls_ssl_conf_curves(srv, s, s->ssl_ec_curve)) - return -1; - } - /* if needed, attempt to construct certificate chain for server cert */ if (s->pc->need_chain) { s->pc->need_chain = 0; /*(attempt once to complete chain)*/ @@ -1540,8 +1516,7 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) } #endif - if (!s->ssl_use_sslv3 && !s->ssl_use_sslv2) - mod_mbedtls_ssl_conf_proto(srv, s, NULL, 0); /* min */ + mod_mbedtls_ssl_conf_proto(srv, s, NULL, 0); /* min */ if (s->ssl_conf_cmd && s->ssl_conf_cmd->used) { if (0 != mod_mbedtls_ssl_conf_cmd(srv, s)) return -1; @@ -1555,19 +1530,6 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) #else /* server preference is used (default) unless mbedtls is built with * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE defined (not default) */ - #ifndef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - if (!s->ssl_honor_cipher_order) - log_error(srv->errh, __FILE__, __LINE__, - "MTLS: " - "ignoring ssl.honor-cipher-order; mbedtls uses server preference " - "unless mbedtls built MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE"); - #else - if (s->ssl_honor_cipher_order) - log_error(srv->errh, __FILE__, __LINE__, - "MTLS: " - "ignoring ssl.honor-cipher-order; mbedtls uses client preference " - "since mbedtls built MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE"); - #endif #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -1577,8 +1539,7 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p) &p->ctr_drbg, MBEDTLS_CIPHER_AES_256_GCM, 43200); /* ticket timeout: 12 hours */ if (0 != rc) { - elog(srv->errh, __FILE__,__LINE__, rc, - "mbedtls_ssl_ticket_setup()"); + elog(srv->errh,__FILE__,__LINE__,rc,"mbedtls_ssl_ticket_setup()"); return -1; } } @@ -1612,30 +1573,12 @@ mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p) ,{ CONST_STR_LEN("ssl.cipher-list"), T_CONFIG_STRING, T_CONFIG_SCOPE_SOCKET } - ,{ CONST_STR_LEN("ssl.honor-cipher-order"), - T_CONFIG_BOOL, - T_CONFIG_SCOPE_SOCKET } - ,{ CONST_STR_LEN("ssl.dh-file"), - T_CONFIG_STRING, - T_CONFIG_SCOPE_SOCKET } - ,{ CONST_STR_LEN("ssl.ec-curve"), - T_CONFIG_STRING, - T_CONFIG_SCOPE_SOCKET } ,{ CONST_STR_LEN("ssl.openssl.ssl-conf-cmd"), T_CONFIG_ARRAY_KVSTRING, T_CONFIG_SCOPE_SOCKET } ,{ CONST_STR_LEN("ssl.pemfile"), /* included to process global scope */ T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION } - ,{ CONST_STR_LEN("ssl.empty-fragments"), - T_CONFIG_BOOL, - T_CONFIG_SCOPE_SOCKET } - ,{ CONST_STR_LEN("ssl.use-sslv2"), - T_CONFIG_BOOL, - T_CONFIG_SCOPE_SOCKET } - ,{ CONST_STR_LEN("ssl.use-sslv3"), - T_CONFIG_BOOL, - T_CONFIG_SCOPE_SOCKET } ,{ CONST_STR_LEN("ssl.stek-file"), T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER } @@ -1658,9 +1601,6 @@ mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p) plugin_config_socket defaults; memset(&defaults, 0, sizeof(defaults)); - #ifndef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - defaults.ssl_honor_cipher_order = 1; - #endif defaults.ssl_session_ticket = 1; /* enabled by default */ defaults.ssl_cipher_list = &default_ssl_cipher_list; @@ -1690,50 +1630,25 @@ mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p) --count_not_engine; break; case 1: /* ssl.cipher-list */ - if (!buffer_is_blank(cpv->v.b)) + if (!buffer_is_blank(cpv->v.b)) { conf.ssl_cipher_list = cpv->v.b; + /*(historical use might list non-PFS ciphers)*/ + conf.ssl_honor_cipher_order = 1; + log_error(srv->errh, __FILE__, __LINE__, + "%s is deprecated. " + "Please prefer lighttpd secure TLS defaults, or use " + "ssl.openssl.ssl-conf-cmd \"CipherString\" to set custom " + "cipher list.", cpk[cpv->k_id].k); + } break; - case 2: /* ssl.honor-cipher-order */ - conf.ssl_honor_cipher_order = (0 != cpv->v.u); - break; - case 3: /* ssl.dh-file */ - if (!buffer_is_blank(cpv->v.b)) - conf.ssl_dh_file = cpv->v.b; - break; - case 4: /* ssl.ec-curve */ - if (!buffer_is_blank(cpv->v.b)) - conf.ssl_ec_curve = cpv->v.b; - break; - case 5: /* ssl.openssl.ssl-conf-cmd */ + case 2: /* ssl.openssl.ssl-conf-cmd */ *(const array **)&conf.ssl_conf_cmd = cpv->v.a; break; - case 6: /* ssl.pemfile */ + case 3: /* ssl.pemfile */ /* ignore here; included to process global scope when * ssl.pemfile is set, but ssl.engine is not "enable" */ break; - case 7: /* ssl.empty-fragments */ - conf.ssl_empty_fragments = (0 != cpv->v.u); - log_error(srv->errh, __FILE__, __LINE__, - "MTLS: ignoring ssl.empty-fragments; openssl-specific " - "counter-measure against a SSL 3.0/TLS 1.0 protocol " - "vulnerability affecting CBC ciphers, which cannot be handled" - " by some broken (Microsoft) SSL implementations."); - break; - case 8: /* ssl.use-sslv2 */ - conf.ssl_use_sslv2 = (0 != cpv->v.u); - log_error(srv->errh, __FILE__, __LINE__, "MTLS: " - "ssl.use-sslv2 is deprecated and will soon be removed. " - "Many modern TLS libraries no longer support SSLv2."); - break; - case 9: /* ssl.use-sslv3 */ - conf.ssl_use_sslv3 = (0 != cpv->v.u); - log_error(srv->errh, __FILE__, __LINE__, "MTLS: " - "ssl.use-sslv3 is deprecated and will soon be removed. " - "Many modern TLS libraries no longer support SSLv3. " - "If needed, use: " - "ssl.openssl.ssl-conf-cmd = (\"MinProtocol\" => \"SSLv3\")"); - break; - case 10:/* ssl.stek-file */ + case 4: /* ssl.stek-file */ #ifdef MBEDTLS_SSL_SESSION_TICKETS if (!buffer_is_blank(cpv->v.b)) p->ssl_stek_file = cpv->v.b->ptr; @@ -1890,7 +1805,7 @@ SETDEFAULTS_FUNC(mod_mbedtls_set_defaults) T_CONFIG_BOOL, T_CONFIG_SCOPE_CONNECTION } ,{ CONST_STR_LEN("ssl.disable-client-renegotiation"), - T_CONFIG_BOOL, + T_CONFIG_BOOL, /*(directive ignored)*/ T_CONFIG_SCOPE_CONNECTION } ,{ CONST_STR_LEN("ssl.verifyclient.activate"), T_CONFIG_BOOL, @@ -1999,12 +1914,8 @@ SETDEFAULTS_FUNC(mod_mbedtls_set_defaults) } break; case 5: /* ssl.read-ahead */ - break; case 6: /* ssl.disable-client-renegotiation */ - /* (force disabled, the default, if HTTP/2 enabled in server) */ - if (srv->srvconf.h2proto) - cpv->v.u = 1; /* disable client renegotiation */ - break; + /*(ignored; unsafe renegotiation disabled by default)*/ case 7: /* ssl.verifyclient.activate */ case 8: /* ssl.verifyclient.enforce */ break; @@ -2053,7 +1964,6 @@ SETDEFAULTS_FUNC(mod_mbedtls_set_defaults) p->defaults.ssl_verifyclient_enforce = 1; p->defaults.ssl_verifyclient_depth = 9; p->defaults.ssl_verifyclient_export_cert = 0; - p->defaults.ssl_disable_client_renegotiation = 1; p->defaults.ssl_read_ahead = 0; /* initialize p->defaults from global config context */ @@ -2465,17 +2375,6 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_accept) (void *)(intptr_t)hctx->conf.ssl_log_noise); } - /* (mbedtls_ssl_config *) is shared across multiple connections, which may - * overlap, and so renegotiation setting is not reset upon connection close. - * Once enabled, renegotiation will remain so for this mbedtls_ssl_config. - * mbedtls defaults to disable client renegotiation (unless secure) - * and it is recommended to leave it disabled (lighttpd mbedtls default) */ - #ifdef MBEDTLS_SSL_RENEGOTIATION - if (!hctx->conf.ssl_disable_client_renegotiation) - mbedtls_ssl_conf_legacy_renegotiation(hctx->ssl_ctx, - MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION); - #endif - return HANDLER_GO_ON; } @@ -3342,38 +3241,6 @@ static const int suite_TLSv10[] = { }; #endif -#ifdef MBEDTLS_SSL_PROTO_SSL3 -/* SSLv3 cipher list (supported in mbedtls) - * marked with minimum version MBEDTLS_SSL_MINOR_VERSION_0 in - * ciphersuite_definitions[] and then sorted by ciphersuite_preference[] - * from mbedtls library/ssl_ciphersuites.c */ -/* XXX: intentionally not including overlapping eNULL ciphers */ -static const int suite_SSLv3[] = { - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, - MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, - MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, - MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA -}; -#endif - /* HIGH cipher list (mapped from openssl list to mbedtls) */ static const int suite_HIGH[] = { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, @@ -3805,17 +3672,6 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer } #endif - #ifdef MBEDTLS_SSL_PROTO_SSL3 - if (buffer_eq_icase_ss(n, nlen, CONST_STR_LEN("SSLv3"))) { - crt_profile_default = 1; - nids = mod_mbedtls_ssl_append_ciphersuite(srv, ids, nids, idsz, - suite_SSLv3, - (int)(sizeof(suite_SSLv3)/sizeof(*suite_SSLv3))); - if (-1 == nids) return 0; - continue; - } - #endif - /* handle popular recommendations * ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM" * ssl.cipher-list = "AES256+EECDH:AES256+EDH" @@ -4104,6 +3960,7 @@ mod_mbedtls_ssl_conf_ciphersuites (server *srv, plugin_config_socket *s, buffer &mbedtls_x509_crt_profile_next); /* ciphersuites list must be persistent for lifetime of mbedtls_ssl_config*/ + free(s->ciphersuites); s->ciphersuites = malloc(nids * sizeof(int)); force_assert(s->ciphersuites); memcpy(s->ciphersuites, ids, nids * sizeof(int)); @@ -4272,26 +4129,14 @@ mod_mbedtls_ssl_conf_proto (server *srv, plugin_config_socket *s, const buffer * MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */ #endif : - #if defined(MBEDTLS_SSL_MINOR_VERSION_0) \ - || defined(MBEDTLS_SSL_MINOR_VERSION_1) - s->ssl_use_sslv3 - ? - #ifdef MBEDTLS_SSL_MINOR_VERSION_0 - MBEDTLS_SSL_MINOR_VERSION_0 /* SSL v3.0 */ - #else - MBEDTLS_SSL_MINOR_VERSION_1 /* TLS v1.0 */ - #endif - : MBEDTLS_SSL_MINOR_VERSION_1 /* TLS v1.0 */ + #if defined(MBEDTLS_SSL_MINOR_VERSION_1) + MBEDTLS_SSL_MINOR_VERSION_1 /* TLS v1.0 */ #elif defined(MBEDTLS_SSL_MINOR_VERSION_2) - MBEDTLS_SSL_MINOR_VERSION_2 /* TLS v1.1 */ + MBEDTLS_SSL_MINOR_VERSION_2 /* TLS v1.1 */ #else - MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */ + MBEDTLS_SSL_MINOR_VERSION_3 /* TLS v1.2 */ #endif ; - #ifdef MBEDTLS_SSL_MINOR_VERSION_0 - else if (buffer_eq_icase_slen(b, CONST_STR_LEN("SSLv3"))) - v = MBEDTLS_SSL_MINOR_VERSION_0; /* SSL v3.0 */ - #endif #ifdef MBEDTLS_SSL_MINOR_VERSION_1 else if (buffer_eq_icase_slen(b, CONST_STR_LEN("TLSv1.0"))) v = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS v1.0 */ |