[issue21013] server-specific SSL context configuration
Changes by Antoine Pitrou pit...@free.fr: -- resolution: - fixed stage: - resolved status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: I think I'm happy with this patch, if anyone has a chance to review it and see if it looks OK I'd love that and then I can commit it :) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: Added guards to protect against constants not existing. -- Added file: http://bugs.python.org/file34590/ssl-context-defaults-ssl3-guards.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Roundup Robot added the comment: New changeset 92efd86d1a38 by Donald Stufft in branch '3.4': Issue #21013: Enhance ssl.create_default_context() for server side contexts http://hg.python.org/cpython/rev/92efd86d1a38 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Roundup Robot added the comment: New changeset aa2eb034c4f7 by Donald Stufft in branch 'default': Merge the patch for issue #21013 into default http://hg.python.org/cpython/rev/aa2eb034c4f7 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: Attached is a patch that: * Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection. * Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS * Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions. -- keywords: +patch Added file: http://bugs.python.org/file34569/ssl-server-defaults.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Changes by Alex Gaynor alex.gay...@gmail.com: -- nosy: +alex ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Antoine Pitrou added the comment: (as an aside, Donald, perhaps you want to consider adding yourself to relevant topics in http://docs.python.org/devguide/experts.html ) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: I'll do that :) To be clear about this patch, it raises the upper bounds of security by enabling TLS 1.1, and 1.2 as well as the single use for (EC)DH and preferring the server ciphers. However it also lowers the lower bounds of security and includes SSLv3 which has some issues (see https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_3.0). However there exists clients who only support SSL3 (The primary one I'm aware of is IE6 on Windows XP). We can add OP_NO_SSLv3 to the default context to prevent SSL3 but it's sort of a situational thing. If you're doing something where you need SSL3 clients you don't want OP_NO_SSLv3. So I guess the question is, do we want to be more secure by default and *not* lower the lower bounds of security and require people to add context.options ~ssl.OP_NO_SSLv3 if they want to support SSLv3 connections? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Antoine Pitrou added the comment: We can add OP_NO_SSLv3 to the default context to prevent SSL3 but it's sort of a situational thing. If you're doing something where you need SSL3 clients you don't want OP_NO_SSLv3. So I guess the question is, do we want to be more secure by default and *not* lower the lower bounds of security and require people to add context.options ~ssl.OP_NO_SSLv3 if they want to support SSLv3 connections? Most people won't understand the symptoms if some clients can't connect, so I'd say no. Also, clients should always use the higher possible protocol version, so I don't think security is at stake here. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Alex Gaynor added the comment: Unfortunately most TLS implementations (particularly those in browser stacks) are vulnerable to downgrade attacks, whereby an attacker can send some malicious packets to simulate a connection failure and cause a lower version of the protocol to be negotiated, https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks has some info on it. As a result, whenever possible it's really desirable to completely disallow as many poor choices as possible. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: That's not entirely true unfortunately :( There are downgrade attacks that work all the way up through TLS 1.2. These are not strictly a problem of the protocol specs but instead of the implementations. See: https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks The general gist of it is some servers/firewalls/etc have buggy implementations that cause a TLS1.0+ handshake to fail and some clients (browsers being a big one) decided to handle this by restarting the connection with SSL3.0 instead of TLS1.0+. So thus it is possible to effectively downgrade a client, even one that supports TLS1.2. It is not however possible to do it within a single connection. The version selection process should not be considered a security feature but should instead be looked at as a way to opportunistically add newer features. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: To be clear though, a lot of TLS servers out there still have SSL3.0 enabled by default, primarily because of IE6 / XP. I'm on the fence about what the right answer is for create_default_context. From a strictly best practices for security sense of view you want to disable SSLv3 (and this matches what create_default_context did prior to my patch). Can we perhaps split the difference and disable SSL3.0 and document what the error looks like when you try to connect with SSL3.0 and how to re-enable it? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Antoine Pitrou added the comment: (by which I mean: ok, let's disable SSLv3) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Antoine Pitrou added the comment: Well, I suppose IE6/XP is starting to look very old (though probably deployed quite widely), and TLS 1.0 was standardized in 1999. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: Attached is a new patch. It has: * Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection. * Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS * Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions. * Disables SSLv3 connections explicitly to match lower bounds of the original security of the created context * Moves the restricted ciphers to only apply to servers. Servers can be much more picky about which ciphers they accept than clients can, and further more with how our ciphers are laid out now if RC4 is selected it is entirely the fault of the server we are connecting to. * Document what the type of error message would be if a SSL 3.0 connection is required and how to re-enable it. -- Added file: http://bugs.python.org/file34577/ssl-context-defaults-ssl3-diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
New submission from Antoine Pitrou: Currently, create_default_context() doesn't do anything special for server use. It seems the configuration could be improved, though: - PROTOCOL_TLSv1 is suboptimal for servers: a TLSv1 server can't accept a TLSv1.2 client, but a SSLv23 server will; so we should use PROTOCOL_SSLv23 (!) - we could enable ECDH by calling SSLContext.set_ecdh_curve(something) -- components: Library (Lib) messages: 214405 nosy: christian.heimes, dstufft, pitrou priority: normal severity: normal status: open title: server-specific SSL context configuration type: enhancement versions: Python 3.4, Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Antoine Pitrou added the comment: (also perhaps enable OP_CIPHER_SERVER_PREFERENCE, although it seems it could cause interoperability problems with some clients) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue21013] server-specific SSL context configuration
Donald Stufft added the comment: Nah it should be fine to enable that, and it's preferable to do so. The server selects the cipher anyways in the TLS handshake. That just tells the server to prefer it's list for precedence and not the client list. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21013 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com