Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates
Hi On 04.08.2017 18:37, Hauke Mehrtens wrote: I agree to put this into LEDE 17.01 and the master branch for now. It should be merged to LEDE 17.01 to maintain feature compatibility. I disagree that it should be merged to master, as this is a feature we (should) want to break in the long run. There are probably a lot of old certificates out there that are still in use and are SHA1. As the public CAs are not issuing any SHA1 certificates any more and creating a own certificate and not just modifying an existing is certificate is harder, I think there is no big security problem here. Let's take the two examples brought up so far - certificates used with OpenVPN, and certificates used with general HTTPS connections. 1. HTTPS As you said, public CAs have not issued SHA-1 certs for some time. In addition, all major desktop web browsers consider sites with SHA-1 certs insecure, and throw big fat warnings in the face of users if they connect to one. Any site that wants any visitors at all will either offer their sites over HTTP only, or install a new cert with SHA-256 fingerprint. The major browsers have already put their combined force together to push for security over compatibility. I don't see why we should pull in the opposite direction, given that our influence in this context is insignificant in comparison. 2. OpenVPN OpenVPN does not rely on the public CA system, so the changes in that regard does not push OpenVPN servers/providers to do anything about their setup (trusting a public CA in an OpenVPN setup greatly reduces the security). The issue I have in this case isn't that "security trumps everything everytime", but that it puts all users at risk. When we help out the people who still have some work to do with their services, we also put the people who have done their homework at risk, with no easy way out. I can't tell my OpenVPN server to only trust certs with SHA-256 fingerprints, because OpenVPN trusts the TLS library to decide which algorithms are acceptable and which are not. This isn't specific to OpenVPN, most applications provide little or no tweaking of these things. Since mbedTLS is not runtime-configurable, the question becomes "who should we tell to compile their own library to fix their issue?", be it security concerns or compatibility issues. In the master branch, I think it's fair to make such a breaking change now - we aren't early birds in this regard, web browsers have been forcing people to fix their certs for more than 6 months now. Regards /Magnus ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates
On 07/30/2017 05:57 PM, Baptiste Jonglez wrote: > From: Baptiste Jonglez> > Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. > This breaks openvpn clients that try to connect to servers that > present a TLS certificate signed with SHA1, which is fairly common. > > Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. > > Fixes: FS#942 > > Signed-off-by: Baptiste Jonglez I agree to put this into LEDE 17.01 and the master branch for now. There are probably a lot of old certificates out there that are still in use and are SHA1. As the public CAs are not issuing any SHA1 certificates any more and creating a own certificate and not just modifying an existing is certificate is harder, I think there is no big security problem here. If nobody disagrees I would merge this in one week. Hauke ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates
On Sun, Jul 30, 2017 at 06:00:48PM +0200, Baptiste Jonglez wrote: > On Sun, Jul 30, 2017 at 05:57:37PM +0200, Baptiste Jonglez wrote: > > Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. > > This breaks openvpn clients that try to connect to servers that > > present a TLS certificate signed with SHA1, which is fairly common. > > > > Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. > > > > Fixes: FS#942 > > This can be cherry-picked cleanly on the lede-17.01 branch. I think it > should be done, because the update to 2.5.1 broke a working use-case. See the discussion on Flyspray: https://bugs.lede-project.org/index.php?do=details_id=942 As a compromise between security and stability, it makes sense to merge this to lede-17.01 only, and keep SHA1 disabled in master. > > Signed-off-by: Baptiste Jonglez> > --- > > package/libs/mbedtls/Makefile | 2 +- > > package/libs/mbedtls/patches/200-config.patch | 9 + > > 2 files changed, 10 insertions(+), 1 deletion(-) > > > > diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile > > index 4cceb743d5..101324de07 100644 > > --- a/package/libs/mbedtls/Makefile > > +++ b/package/libs/mbedtls/Makefile > > @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk > > > > PKG_NAME:=mbedtls > > PKG_VERSION:=2.5.1 > > -PKG_RELEASE:=1 > > +PKG_RELEASE:=2 > > PKG_USE_MIPS16:=0 > > > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz > > diff --git a/package/libs/mbedtls/patches/200-config.patch > > b/package/libs/mbedtls/patches/200-config.patch > > index 39de3cc1ec..fb5a74fc65 100644 > > --- a/package/libs/mbedtls/patches/200-config.patch > > +++ b/package/libs/mbedtls/patches/200-config.patch > > @@ -269,3 +269,12 @@ > > > > /* \} name SECTION: mbed TLS modules */ > > > > +@@ -2646,7 +2646,7 @@ > > + * recommended because of it is possible to generte SHA-1 collisions, > > however > > + * this may be safe for legacy infrastructure where additional controls > > apply. > > + */ > > +-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES > > ++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES > > + > > + /** > > + * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake > ___ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev signature.asc Description: PGP signature ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates
On Sun, Jul 30, 2017 at 05:57:37PM +0200, Baptiste Jonglez wrote: > Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. > This breaks openvpn clients that try to connect to servers that > present a TLS certificate signed with SHA1, which is fairly common. > > Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. > > Fixes: FS#942 This can be cherry-picked cleanly on the lede-17.01 branch. I think it should be done, because the update to 2.5.1 broke a working use-case. > Signed-off-by: Baptiste Jonglez> --- > package/libs/mbedtls/Makefile | 2 +- > package/libs/mbedtls/patches/200-config.patch | 9 + > 2 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile > index 4cceb743d5..101324de07 100644 > --- a/package/libs/mbedtls/Makefile > +++ b/package/libs/mbedtls/Makefile > @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=mbedtls > PKG_VERSION:=2.5.1 > -PKG_RELEASE:=1 > +PKG_RELEASE:=2 > PKG_USE_MIPS16:=0 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz > diff --git a/package/libs/mbedtls/patches/200-config.patch > b/package/libs/mbedtls/patches/200-config.patch > index 39de3cc1ec..fb5a74fc65 100644 > --- a/package/libs/mbedtls/patches/200-config.patch > +++ b/package/libs/mbedtls/patches/200-config.patch > @@ -269,3 +269,12 @@ > > /* \} name SECTION: mbed TLS modules */ > > +@@ -2646,7 +2646,7 @@ > + * recommended because of it is possible to generte SHA-1 collisions, > however > + * this may be safe for legacy infrastructure where additional controls > apply. > + */ > +-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES > ++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES > + > + /** > + * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake signature.asc Description: PGP signature ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev