Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates

2017-08-04 Thread Magnus Kroken 

Hi

On 04.08.2017 18:37, Hauke Mehrtens wrote:

I agree to put this into LEDE 17.01 and the master branch for now.


It should be merged to LEDE 17.01 to maintain feature compatibility. I 
disagree that it should be merged to master, as this is a feature we 
(should) want to break in the long run.



There are probably a lot of old certificates out there that are still in
use and are SHA1. As the public CAs are not issuing any SHA1
certificates any more and creating a own certificate and not just
modifying an existing is certificate is harder, I think there is no big
security problem here.


Let's take the two examples brought up so far - certificates used with 
OpenVPN, and certificates used with general HTTPS connections.


1. HTTPS
As you said, public CAs have not issued SHA-1 certs for some time. In 
addition, all major desktop web browsers consider sites with SHA-1 certs 
insecure, and throw big fat warnings in the face of users if they 
connect to one. Any site that wants any visitors at all will either 
offer their sites over HTTP only, or install a new cert with SHA-256 
fingerprint. The major browsers have already put their combined force 
together to push for security over compatibility. I don't see why we 
should pull in the opposite direction, given that our influence in this 
context is insignificant in comparison.


2. OpenVPN
OpenVPN does not rely on the public CA system, so the changes in that 
regard does not push OpenVPN servers/providers to do anything about 
their setup (trusting a public CA in an OpenVPN setup greatly reduces 
the security).


The issue I have in this case isn't that "security trumps everything 
everytime", but that it puts all users at risk. When we help out the 
people who still have some work to do with their services, we also put 
the people who have done their homework at risk, with no easy way out. 
I can't tell my OpenVPN server to only trust certs with SHA-256 
fingerprints, because OpenVPN trusts the TLS library to decide which 
algorithms are acceptable and which are not. This isn't specific to 
OpenVPN, most applications provide little or no tweaking of these things.


Since mbedTLS is not runtime-configurable, the question becomes "who 
should we tell to compile their own library to fix their issue?", be it 
security concerns or compatibility issues. In the master branch, I think 
it's fair to make such a breaking change now - we aren't early birds in 
this regard, web browsers have been forcing people to fix their certs 
for more than 6 months now.


Regards
/Magnus

___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates

2017-08-04 Thread Hauke Mehrtens 
On 07/30/2017 05:57 PM, Baptiste Jonglez wrote:
> From: Baptiste Jonglez 
> 
> Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
> This breaks openvpn clients that try to connect to servers that
> present a TLS certificate signed with SHA1, which is fairly common.
> 
> Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
> 
> Fixes: FS#942
> 
> Signed-off-by: Baptiste Jonglez 

I agree to put this into LEDE 17.01 and the master branch for now.

There are probably a lot of old certificates out there that are still in
use and are SHA1. As the public CAs are not issuing any SHA1
certificates any more and creating a own certificate and not just
modifying an existing is certificate is harder, I think there is no big
security problem here.

If nobody disagrees I would merge this in one week.

Hauke

___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates

2017-07-30 Thread Baptiste Jonglez 
On Sun, Jul 30, 2017 at 06:00:48PM +0200, Baptiste Jonglez wrote:
> On Sun, Jul 30, 2017 at 05:57:37PM +0200, Baptiste Jonglez wrote:
> > Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
> > This breaks openvpn clients that try to connect to servers that
> > present a TLS certificate signed with SHA1, which is fairly common.
> > 
> > Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
> > 
> > Fixes: FS#942
> 
> This can be cherry-picked cleanly on the lede-17.01 branch.  I think it
> should be done, because the update to 2.5.1 broke a working use-case.

See the discussion on Flyspray: 
https://bugs.lede-project.org/index.php?do=details_id=942

As a compromise between security and stability, it makes sense to merge
this to lede-17.01 only, and keep SHA1 disabled in master.

> > Signed-off-by: Baptiste Jonglez 
> > ---
> >  package/libs/mbedtls/Makefile | 2 +-
> >  package/libs/mbedtls/patches/200-config.patch | 9 +
> >  2 files changed, 10 insertions(+), 1 deletion(-)
> > 
> > diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
> > index 4cceb743d5..101324de07 100644
> > --- a/package/libs/mbedtls/Makefile
> > +++ b/package/libs/mbedtls/Makefile
> > @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
> >  
> >  PKG_NAME:=mbedtls
> >  PKG_VERSION:=2.5.1
> > -PKG_RELEASE:=1
> > +PKG_RELEASE:=2
> >  PKG_USE_MIPS16:=0
> >  
> >  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
> > diff --git a/package/libs/mbedtls/patches/200-config.patch 
> > b/package/libs/mbedtls/patches/200-config.patch
> > index 39de3cc1ec..fb5a74fc65 100644
> > --- a/package/libs/mbedtls/patches/200-config.patch
> > +++ b/package/libs/mbedtls/patches/200-config.patch
> > @@ -269,3 +269,12 @@
> >   
> >   /* \} name SECTION: mbed TLS modules */
> >   
> > +@@ -2646,7 +2646,7 @@
> > +  * recommended because of it is possible to generte SHA-1 collisions, 
> > however
> > +  * this may be safe for legacy infrastructure where additional controls 
> > apply.
> > +  */
> > +-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
> > ++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
> > + 
> > + /**
> > +  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake



> ___
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev



signature.asc
Description: PGP signature
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH] mbedtls: Re-allow SHA1-signed certificates

2017-07-30 Thread Baptiste Jonglez 
On Sun, Jul 30, 2017 at 05:57:37PM +0200, Baptiste Jonglez wrote:
> Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
> This breaks openvpn clients that try to connect to servers that
> present a TLS certificate signed with SHA1, which is fairly common.
> 
> Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
> 
> Fixes: FS#942

This can be cherry-picked cleanly on the lede-17.01 branch.  I think it
should be done, because the update to 2.5.1 broke a working use-case.

> Signed-off-by: Baptiste Jonglez 
> ---
>  package/libs/mbedtls/Makefile | 2 +-
>  package/libs/mbedtls/patches/200-config.patch | 9 +
>  2 files changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
> index 4cceb743d5..101324de07 100644
> --- a/package/libs/mbedtls/Makefile
> +++ b/package/libs/mbedtls/Makefile
> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
>  
>  PKG_NAME:=mbedtls
>  PKG_VERSION:=2.5.1
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>  PKG_USE_MIPS16:=0
>  
>  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
> diff --git a/package/libs/mbedtls/patches/200-config.patch 
> b/package/libs/mbedtls/patches/200-config.patch
> index 39de3cc1ec..fb5a74fc65 100644
> --- a/package/libs/mbedtls/patches/200-config.patch
> +++ b/package/libs/mbedtls/patches/200-config.patch
> @@ -269,3 +269,12 @@
>   
>   /* \} name SECTION: mbed TLS modules */
>   
> +@@ -2646,7 +2646,7 @@
> +  * recommended because of it is possible to generte SHA-1 collisions, 
> however
> +  * this may be safe for legacy infrastructure where additional controls 
> apply.
> +  */
> +-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
> ++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
> + 
> + /**
> +  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake


signature.asc
Description: PGP signature
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev