Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-03-28 Thread Emeric Brun 
Hi Lukas,

> 
> FYI OpenSSL did a 180 on this, they are implemented a new API call to
> set TLSv1.3 ciphers and enable them by default:
> 
> https://github.com/mattcaswell/openssl/commit/d93e832a82087a5f9bcf7d93ed7ae21bc6c1fed0
> 
> https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
> 

Seems a good news. Thank you Lukas!
 
> 
> cheers,
> lukas
> 

Emeric

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-03-28 Thread Lukas Tribus 
Hello Emeric,


On 12 January 2018 at 15:57, Emeric Brun  wrote:
> Hi All,
>
> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a 
> forced cipher list because
> handshake will fail regardless the tls protocol version if you don't specify 
> a cipher valid for TLSv1.3
> in your cipher list.
>
> https://github.com/openssl/openssl/issues/5057
>
> https://github.com/openssl/openssl/issues/5065
>
> Openssl's team doesn't seem to consider this as an issue and I'm just bored 
> to discuss with them.


FYI OpenSSL did a 180 on this, they are implemented a new API call to
set TLSv1.3 ciphers and enable them by default:

https://github.com/mattcaswell/openssl/commit/d93e832a82087a5f9bcf7d93ed7ae21bc6c1fed0

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html



cheers,
lukas

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-14 Thread Lukas Tribus 
Hello,


On 13 January 2018 at 20:57, Pavlos Parissis  wrote:
> On 13/01/2018 04:22 μμ, Lukas Tribus wrote:
>> Hello,
>>
>>
>> On 13 January 2018 at 15:17, Pavlos Parissis  
>> wrote:
 Not exactly, the moment you force a cipher list that does not include a
 TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS
 handshake will break regardless of what is in the Client hello.

>>>
>>> But, can we have TLSv3 enabled on server side and still accept TLSv2 
>>> sessions?
>>
>> Only if your cipher-list contains TLSv1.3 ciphers, otherwise nothing
>> will work (regardless of the TLS version).
>>
>
> and all those ciphers are supported by all recent browsers, right ?

That's not the point, you can always specify old ciphers as well. It's
just that you MUST specify at least 1 TLSv1.3 cipher (for any TLS
version to work).



>> OpenSSL really goes the extra mile to make everyone's life miserable.
>
> Is this the result of the implementation or of the TLSv1.3 design ?

TLSv1.3 is fine, the discussion in the IETF working-group has lots of
participants and the process works.

The OpenSSL implementation (and especially the API) is decided by a
small number of people, they have (rightfully so) their own opinions,
but I also don't see them receptive of different opinions.


That's why Google forked it and why other are switching to that fork:
https://blog.cloudflare.com/make-ssl-boring-again/


But abandoning OpenSSL for a fork like BoringSSL brings their own
problems, it's certainly not a change at the push of a button.


Lukas

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-13 Thread Pavlos Parissis 
On 13/01/2018 04:22 μμ, Lukas Tribus wrote:
> Hello,
> 
> 
> On 13 January 2018 at 15:17, Pavlos Parissis  
> wrote:
>>> Not exactly, the moment you force a cipher list that does not include a
>>> TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS
>>> handshake will break regardless of what is in the Client hello.
>>>
>>
>> But, can we have TLSv3 enabled on server side and still accept TLSv2 
>> sessions?
> 
> Only if your cipher-list contains TLSv1.3 ciphers, otherwise nothing
> will work (regardless of the TLS version).
> 

and all those ciphers are supported by all recent browsers, right ?

> OpenSSL really goes the extra mile to make everyone's life miserable.
> 
> 

Is this the result of the implementation or of the TLSv1.3 design ?


Cheers,
Pavlos



signature.asc
Description: OpenPGP digital signature

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-13 Thread Lukas Tribus 
Hello,


On 13 January 2018 at 15:17, Pavlos Parissis  wrote:
>> Not exactly, the moment you force a cipher list that does not include a
>> TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS
>> handshake will break regardless of what is in the Client hello.
>>
>
> But, can we have TLSv3 enabled on server side and still accept TLSv2 sessions?

Only if your cipher-list contains TLSv1.3 ciphers, otherwise nothing
will work (regardless of the TLS version).

OpenSSL really goes the extra mile to make everyone's life miserable.


Lukas

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-13 Thread Pavlos Parissis 
On 13/01/2018 01:22 μμ, Moemen MHEDHBI wrote:
> HI Pavlos,
> 
> 
> On 12/01/2018 22:53, Pavlos Parissis wrote:
>> On 12/01/2018 03:57 μμ, Emeric Brun wrote:
>>> Hi All,
>>>
>>> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using 
>>> a forced cipher list because
>>> handshake will fail regardless the tls protocol version if you don't 
>>> specify a cipher valid for TLSv1.3
>>> in your cipher list.
>>>
>>> https://github.com/openssl/openssl/issues/5057
>>>
>>> https://github.com/openssl/openssl/issues/5065
>>>
>>> Openssl's team doesn't seem to consider this as an issue and I'm just bored 
>>> to discuss with them.
>>>
>>> R,
>>> Emeric
>>>
>>
>> So, If we enable TLSv1.3, together with TLSv1.2, on the server side, then 
>> client must support
>> TLSv1.3 otherwise it will get a nice SSL error. Am I right? If I am right, I 
>> hope I'm not, then we
>> have to wait for all clients to support TLSv1.3 before we enabled it on the 
>> server side, this
>> doesn't sound right and I am pretty sure I am completely wrong here.
>>
>> Cheers,
>> Pavlos
>>
>>
> 
> Not exactly, the moment you force a cipher list that does not include a
> TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS
> handshake will break regardless of what is in the Client hello.
> 

But, can we have TLSv3 enabled on server side and still accept TLSv2 sessions?

Cheers,
Pavlos



signature.asc
Description: OpenPGP digital signature

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-13 Thread Moemen MHEDHBI 
HI Pavlos,


On 12/01/2018 22:53, Pavlos Parissis wrote:
> On 12/01/2018 03:57 μμ, Emeric Brun wrote:
>> Hi All,
>>
>> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a 
>> forced cipher list because
>> handshake will fail regardless the tls protocol version if you don't specify 
>> a cipher valid for TLSv1.3
>> in your cipher list.
>>
>> https://github.com/openssl/openssl/issues/5057
>>
>> https://github.com/openssl/openssl/issues/5065
>>
>> Openssl's team doesn't seem to consider this as an issue and I'm just bored 
>> to discuss with them.
>>
>> R,
>> Emeric
>>
>
> So, If we enable TLSv1.3, together with TLSv1.2, on the server side, then 
> client must support
> TLSv1.3 otherwise it will get a nice SSL error. Am I right? If I am right, I 
> hope I'm not, then we
> have to wait for all clients to support TLSv1.3 before we enabled it on the 
> server side, this
> doesn't sound right and I am pretty sure I am completely wrong here.
>
> Cheers,
> Pavlos
>
>

Not exactly, the moment you force a cipher list that does not include a
TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS
handshake will break regardless of what is in the Client hello.

-- 
Moemen MHEDHBI

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-12 Thread Gibson, Brian (IMS) 
The way I read it you just have to be sure to specify a valid tls 1.3 cipher.  
I have not attempted the configuration though to confirm.

Sent from Nine<http://www.9folders.com/>

From: Pavlos Parissis <pavlos.paris...@gmail.com>
Sent: Friday, January 12, 2018 4:55 PM
To: Emeric Brun; haproxy@formilux.org
Subject: Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming 
v1.1.1) could break handshakes for all protocol versions .

On 12/01/2018 03:57 μμ, Emeric Brun wrote:
> Hi All,
>
> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a 
> forced cipher list because
> handshake will fail regardless the tls protocol version if you don't specify 
> a cipher valid for TLSv1.3
> in your cipher list.
>
> https://github.com/openssl/openssl/issues/5057
>
> https://github.com/openssl/openssl/issues/5065
>
> Openssl's team doesn't seem to consider this as an issue and I'm just bored 
> to discuss with them.
>
> R,
> Emeric
>


So, If we enable TLSv1.3, together with TLSv1.2, on the server side, then 
client must support
TLSv1.3 otherwise it will get a nice SSL error. Am I right? If I am right, I 
hope I'm not, then we
have to wait for all clients to support TLSv1.3 before we enabled it on the 
server side, this
doesn't sound right and I am pretty sure I am completely wrong here.

Cheers,
Pavlos





Information in this e-mail may be confidential. It is intended only for the 
addressee(s) identified above. If you are not the addressee(s), or an employee 
or agent of the addressee(s), please note that any dissemination, distribution, 
or copying of this communication is strictly prohibited. If you have received 
this e-mail in error, please notify the sender of the error.

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-12 Thread Pavlos Parissis 
On 12/01/2018 03:57 μμ, Emeric Brun wrote:
> Hi All,
> 
> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a 
> forced cipher list because
> handshake will fail regardless the tls protocol version if you don't specify 
> a cipher valid for TLSv1.3
> in your cipher list.
> 
> https://github.com/openssl/openssl/issues/5057
> 
> https://github.com/openssl/openssl/issues/5065
> 
> Openssl's team doesn't seem to consider this as an issue and I'm just bored 
> to discuss with them.
> 
> R,
> Emeric
> 


So, If we enable TLSv1.3, together with TLSv1.2, on the server side, then 
client must support
TLSv1.3 otherwise it will get a nice SSL error. Am I right? If I am right, I 
hope I'm not, then we
have to wait for all clients to support TLSv1.3 before we enabled it on the 
server side, this
doesn't sound right and I am pretty sure I am completely wrong here.

Cheers,
Pavlos




signature.asc
Description: OpenPGP digital signature

Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2018-01-12 Thread Emeric Brun 
Hi All,

FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a 
forced cipher list because
handshake will fail regardless the tls protocol version if you don't specify a 
cipher valid for TLSv1.3
in your cipher list.

https://github.com/openssl/openssl/issues/5057

https://github.com/openssl/openssl/issues/5065

Openssl's team doesn't seem to consider this as an issue and I'm just bored to 
discuss with them.

R,
Emeric