Bug#927461: [Pkg-openssl-devel] Bug#927461: release-notes: Document how to handle openssls new defaults
Hi Sebastian, On 24-04-2019 22:00, Sebastian Andrzej Siewior wrote: > On 2019-04-21 16:52:30 [+0200], Paul Gevers wrote: [...] > The system default is valid for package that links against libssl1.1. > Some packages (like wpa_supplicant) override the limit so they may use > TLSv1 even if it is disabled. > Is the text above more or less what you asked for? It's a bit long, and in the current state it is a bit out of context, but I think we'll be able to manage that, thanks. Paul signature.asc Description: OpenPGP digital signature
Bug#927461: [Pkg-openssl-devel] Bug#927461: release-notes: Document how to handle openssls new defaults
On 2019-04-21 16:52:30 [+0200], Paul Gevers wrote: > Hi Kurt, Christoph, Sebastian, others, Hi Paul, > Could somebody of the openssl team propose a text that can be added to > the release-notes about the new defaults? I am not asking for package > specific text (although that is welcome of course), but rather a generic > description of the change, what it means, how it can be circumvented and > what the drawbacks of that are. We have this [0]: | Following various security recommendations, the default minimum TLS version | has been changed from TLSv1 to TLSv1.2. Mozilla, Microsoft, Google and Apple | plan to do same around March 2020. | | The default security level for TLS connections has also be increased from | level 1 to level 2. This moves from the 80 bit security level to the 112 bit | security level and will require 2048 bit or larger RSA and DHE keys, 224 bit | or larger ECC keys, and SHA-2. | | The system wide settings can be changed in /etc/ssl/openssl.cnf. Applications | might also have a way to override the defaults. | | In the default /etc/ssl/openssl.cnf there is a MinProtocol and CipherString | line. The CipherString can also sets the security level. Information about the | security levels can be found in the SSL_CTX_set_security_level(3ssl) manpage. | The list of valid strings for the minimum protocol version can be found in | SSL_CONF_cmd(3ssl). Other information can be found in ciphers(1ssl) and | config(5ssl). | | Changing back the defaults in /etc/ssl/openssl.cnf to previous system wide | defaults can be done using: | MinProtocol = None | CipherString = DEFAULT | | It's recommended that you contact the remote site in case the defaults cause | problems. The system default is valid for package that links against libssl1.1. Some packages (like wpa_supplicant) override the limit so they may use TLSv1 even if it is disabled. Is the text above more or less what you asked for? [0] /usr/share/doc/libssl1.1/NEWS.Debian.gz > Paul Sebastian
Bug#927461: release-notes: Document how to handle openssls new defaults
Hi Kurt, Christoph, Sebastian, others, On Sat, 20 Apr 2019 06:07:00 + Niels Thykier wrote: > clone 927435 -1 > reassign -1 release-notes > retitle -1 release-notes: Document how to handle openssls new defaults > > After upgrading to buster, unbound-control would fail to run with this > > error.. > > > > error: Error setting up SSL_CTX client cert > > 139765110753216:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key > > too small:../ssl/ssl_rsa.c:310: > > > > To fix this I had to regenerate the certs and keys by removing the old ones > > and > > running unbound-control-setup, then restarting unbound. This fixed the > > issue. > > > > $ cd /etc/unbound/ > > $ sudo rm *.key *.pem > > $ sudo unbound-control-setup > > $ sudo systemctl restart unbound > > > > Note that with unbound-control broken, that broke `systemctl reload > > unbound` as > > it depends on unbound-control. > > > > [...] > > > I have split it into two bugs: > * One for the release-notes because the stricter defaults in OpenSSL >affects multiple programs (I have seen similar issues from e.g. >wpa_supplicant). At this point, we should probably document the >knobs involved[1]. > [1] I believe the alternative is to update /etc/ssl/openssl.cnf, finding > """ > [system_default_sect] > ... > CipherString = DEFAULT@SECLEVEL=2 > """ > > And change that SECLEVEL=2 to SECLEVEL=1. Obviously, this has > system-wide effects and reduces the minimum key size for all things that > do not set their own CipherString (e.g. webservers have configuration to > do that and wpa_supplicant overrides the new default as well as most > WiFi have small keys). Could somebody of the openssl team propose a text that can be added to the release-notes about the new defaults? I am not asking for package specific text (although that is welcome of course), but rather a generic description of the change, what it means, how it can be circumvented and what the drawbacks of that are. Paul signature.asc Description: OpenPGP digital signature