Bug#769279: Bug#769046: inn2: Allow for better TLS configurability
On Thu, 2014-11-20 at 22:10 +, Jonathan Wiltshire wrote: [...] On Wed, Nov 12, 2014 at 01:23:03PM +0100, Marco d'Itri wrote: clone 769046 -1 reassign -1 release.debian.org block 769046 by -1 thanks Can I merge this for jessie? Yes. Any news on that? Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769279: Bug#769046: inn2: Allow for better TLS configurability
Control: retitle -1 (pre-approval) unblock: inn2 Control: reassign -1 release.debian.org Control: tag -1 confirmed On Wed, Nov 12, 2014 at 01:23:03PM +0100, Marco d'Itri wrote: clone 769046 -1 reassign -1 release.debian.org block 769046 by -1 thanks Can I merge this for jessie? Yes. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 signature.asc Description: Digital signature
Bug#769046: inn2: Allow for better TLS configurability
On Wed, November 12, 2014 12:55, Marco d'Itri wrote: Can I merge this for jessie? I'd strongly prefer if we could indeed merge this for jessie. INN, at the moment, supports TLS connections to nnrpd, but does not allow any configuration besides the certificate and key. +=item Itlsprotocols + +The list of TLS protocol versions to support. Valid protocols are +BSSLv2, BSSLv3, BTLSv1, BTLSv1.1 and BTLSv1.2. The default +value is B[ SSLv3 TLSv1 TLSv1.1 TLSv1.2 ]. Can you remove SSLv3 from the default list? You could consider to leave out SSLv2 from the possibilities. +=item Itlscompression + +Whether to enable or disable TLS compression support (boolean). The +default is true. Can we default this to false? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769046: inn2: Allow for better TLS configurability
On Nov 12, Thijs Kinkhorst th...@debian.org wrote: Can you remove SSLv3 from the default list? I do not know the implications wrt clients support. Christian, did you do any tests? +=item Itlscompression +Whether to enable or disable TLS compression support (boolean). The +default is true. Can we default this to false? This is not really useful because CRIME cannot be exploited over NNTP. -- ciao, Marco pgp67An6_kVQD.pgp Description: PGP signature
Bug#769046: inn2: Allow for better TLS configurability
On Wed, November 12, 2014 14:29, Marco d'Itri wrote: On Nov 12, Thijs Kinkhorst th...@debian.org wrote: Can you remove SSLv3 from the default list? I do not know the implications wrt clients support. Christian, did you do any tests? +=item Itlscompression +Whether to enable or disable TLS compression support (boolean). The +default is true. Can we default this to false? This is not really useful because CRIME cannot be exploited over NNTP. Indeed. So that's not really necessary then. Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769046: inn2: Allow for better TLS configurability
On Wed, Nov 12, 2014 at 02:29:07PM +0100, Marco d'Itri wrote: On Nov 12, Thijs Kinkhorst th...@debian.org wrote: Can you remove SSLv3 from the default list? I do not know the implications wrt clients support. Christian, did you do any tests? Not many, just with icedove and openssl s_client. Although I have a few tens of users on my news server, I haven't got the faintest idea what clients they are using, but nobody has complained so far ;-) In the end, I think it'll be the admins decision like it is with web servers. When you integrate this for jessie, I'd suggest using secure defaults, as people upgrading from wheezy would expect things to change. So, no SSLv3, and prefer_server_ciphers true. OTOH, upstream now has compatible defaults in 2.5.4. Please also note that instead of using the patch I attached to the original message, you may want to use https://inn.eyrie.org/trac/changeset/9745 to keep in line with upstream. ciao, cm. -- ** christian mock in vienna, austria -- http://www.tahina.priv.at/ www.flamingtext.com I'd never even heard of that site. I wonder what it'd take to convince the owner's goverment that they're terrorists? -- Lionel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769046: inn2: Allow for better TLS configurability
Le 12.11.2014 13:31, Thijs Kinkhorst a écrit : On Wed, November 12, 2014 12:55, Marco d'Itri wrote: Can I merge this for jessie? I'd strongly prefer if we could indeed merge this for jessie. Please use r9745 in SVN: https://inn.eyrie.org/trac/changeset/9745 (The name of the tlsprefer_server_ciphers keyword is different in upstream, where it is tlspreferserverciphers, without any underscore, like all other inn.conf parameters.) You can change the default values if you want (for instance removing SSLv2 and SSLv3 from the allowed ciphers). +=item Itlsprotocols + +The list of TLS protocol versions to support. Valid protocols are +BSSLv2, BSSLv3, BTLSv1, BTLSv1.1 and BTLSv1.2. The default +value is B[ SSLv3 TLSv1 TLSv1.1 TLSv1.2 ]. Can you remove SSLv3 from the default list? You could consider to leave out SSLv2 from the possibilities. +=item Itlscompression + +Whether to enable or disable TLS compression support (boolean). The +default is true. Can we default this to false? FYI, we keep backwards compatibility in the INN 2.5 upstream branch. Changes scheduled in 2.6 are: - SSL/TLS compression is now disabled by default; - the server decides the preferred cipher; - only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). -- Julien ÉLIE -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769046: inn2: Allow for better TLS configurability
Source: inn2 Severity: wishlist Tags: patch Dear Maintainer, INN, at the moment, supports TLS connections to nnrpd, but does not allow any configuration besides the certificate and key. This means that Wheezy's nnrpd is currently susceptible to the CRIME (because TLS compression is on) and POODLE (because SSLv3 is supported) attacks, should those be exploitable with NNTP. In addition, it supports weak symmetrical ciphers (40 and 56 bit key length). I've patched nnrpd to allow for detailed TLS configuration: protocol versions, cipher suites, compression and whether the client or server choses the cipher can now be configured. With the default configuration, TLS behaviour is unchanged, as to not break existing setups. This patch is to be integrated upstream[0], but ideally I'd like it to be in the next Wheezy point release because I consider the current TLS config to be insecure. The patch, as attached, is against a clean 2.5.4 upstream source, but I'd be happy to provide a patch for quilt if you tell me which package version I should target. regards, cm. [0] https://lists.isc.org/pipermail/inn-workers/2014-November/018339.html diff --git a/doc/pod/inn.conf.pod b/doc/pod/inn.conf.pod index f8f5f79..98ebd6e 100644 --- a/doc/pod/inn.conf.pod +++ b/doc/pod/inn.conf.pod @@ -1054,6 +1054,28 @@ Ipathetc/key.pem. This file must only be readable by the news user or Bnnrpd will refuse to use it. +=item Itlsprotocols + +The list of TLS protocol versions to support. Valid protocols are +BSSLv2, BSSLv3, BTLSv1, BTLSv1.1 and BTLSv1.2. The default +value is B[ SSLv3 TLSv1 TLSv1.1 TLSv1.2 ]. + +=item Itlsciphers + +The string describing the cipher suites OpenSSL will support. See +OpenSSL's Bcipher command documentation for details. The default is +unset, which uses OpenSSL's default cipher suite list. + +=item Itlsprefer_server_ciphers + +Whether to let the client or the server decide the preferred cipher. +This is a boolean and the default is false. + +=item Itlscompression + +Whether to enable or disable TLS compression support (boolean). The +default is true. + =back =head2 Monitoring diff --git a/doc/pod/news.pod b/doc/pod/news.pod index 4315b3f..64cd93b 100644 --- a/doc/pod/news.pod +++ b/doc/pod/news.pod @@ -1,3 +1,17 @@ +=head1 Changes in TLS configuration + +=over 2 + +=item * + +New parameters used by Bnnrpd to fine-tune the TLS configuration: +Itlsprotocols, Itlsciphers, Itlsprefer_server_ciphers and +Itls_compression. If you've been using TLS with Bnnrpd before, be +aware that the defaults of those parameters may differ from the +previous defaults (which depended on your OpenSSL version). + +=back + =head1 Changes in 2.5.4 =over 2 diff --git a/doc/pod/nnrpd.pod b/doc/pod/nnrpd.pod index 9c13821..32698ae 100644 --- a/doc/pod/nnrpd.pod +++ b/doc/pod/nnrpd.pod @@ -224,6 +224,12 @@ run Bnnrpd. (Change the path to Bnnrpd to match your installation.) You may need to replace Cnntps with C563 if Cnntps isn't defined in F/etc/services on your system. +Optionally, you may set the Itlsprotocols, Itlsciphers, +Itlsprefer_server_ciphers and Itlscompression parameters in +Finn.conf to fine-tune the behaviour of the TLS negotiation whenever +a new attack on the TLS protocol or some supported cipher suite is +discovered. + =head1 PROTOCOL DIFFERENCES Bnnrpd implements the NNTP commands defined in SRFC 3977 (NNTP), diff --git a/include/inn/innconf.h b/include/inn/innconf.h index ee16620..669255c 100644 --- a/include/inn/innconf.h +++ b/include/inn/innconf.h @@ -127,6 +127,10 @@ struct innconf { char *tlscapath;/* Path to a directory of CA certificates */ char *tlscertfile; /* Path to the SSL certificate to use */ char *tlskeyfile; /* Path to the key for the certificate */ +bool tlsprefer_server_ciphers; /* Make server select the cipher */ +bool tlscompression; /* Turn TLS compression on/off */ +struct vector *tlsprotocols; /* List of supported TLS versions */ +char *tlsciphers; /* openssl-style cipher string */ #endif /* HAVE_SSL */ /* Monitoring */ diff --git a/lib/innconf.c b/lib/innconf.c index ded674c..9e6183d 100644 --- a/lib/innconf.c +++ b/lib/innconf.c @@ -231,6 +231,10 @@ const struct config config_table[] = { { K(tlscapath), STRING (NULL) }, { K(tlscertfile), STRING (NULL) }, { K(tlskeyfile), STRING (NULL) }, +{ K(tlsprefer_server_ciphers), BOOL (false) }, +{ K(tlscompression), BOOL(true) }, +{ K(tlsprotocols),LIST(NULL) }, +{ K(tlsciphers), STRING (NULL) }, #endif /* HAVE_SSL */ /* The following settings are used by nnrpd and rnews. */ diff --git a/nnrpd/tls.c b/nnrpd/tls.c index 62b1a51..22a00c7 100644 --- a/nnrpd/tls.c +++ b/nnrpd/tls.c @@ -425,7 +425,9 @@ set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) int tls_init_serverengine(int verifydepth, int askcert, int