Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-06 Thread Michael Ströder
On 5/6/21 9:30 PM, Howard Chu wrote:
> With this patch 
> https://git.openldap.org/openldap/openldap/-/commit/cd3567d750b653949e50b6245428e594dff1d8a4
> the above problem will no longer occur.> That is, if your ciphersuite doesn't 
> contain any TLS1.3 ciphers, then
> the existing TLS1.3 ciphersuites will not be changed. So you'll get
> the compiled-in defaults if nothing else was changed. That means you
> can continue to use old configs without any further changes.

That's helpful and will avoid lots of questions on the mailing lists.

Ciao, Michael.


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-06 Thread Howard Chu
Michael Ströder wrote:
> On 5/5/21 1:29 PM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> TLSProtocolMin 3.3
>>> TLSCipherSuite HIGH
>>
>> Then you're getting TLSv1.3 on these connections. Your ciphersuite config
>> has no TLSv1.3 ciphers though; cipher suite "HIGH" only affects TLSv1.2 and
>> below.
> 
> Ah sorry. I've wrongly implied that OpenSSL automagically chooses
> appropriate TLSv1.3 ciphers for HIGH.
> 
>> Change your suite config to include some actual TLSv1.3 suites and it will be
>> fine. There's no bug here, just a change in OpenSSL behavior which is covered
>> in their documentation. https://wiki.openssl.org/index.php/TLS1.3
> 
> Thanks for your explanations.
> 
> Your text seems worth to be added herein:
> 
> https://www.openldap.org/doc/admin25/guide.html#More%20extensive%20TLS%20configuration%20control

With this patch 
https://git.openldap.org/openldap/openldap/-/commit/cd3567d750b653949e50b6245428e594dff1d8a4
the above problem will no longer occur. That is, if your ciphersuite doesn't 
contain any TLS1.3 ciphers,
then the existing TLS1.3 ciphersuites will not be changed. So you'll get the 
compiled-in defaults if nothing
else was changed. That means you can continue to use old configs without any 
further changes. I don't
think there's any security weakness here since the compiled-in defaults are 
strong. Just a question of
whether it's better to force sysadmins to be cognizant of TLS1.3 or let them 
keep going on without thinking
about it.

-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-05 Thread Michael Ströder
On 5/5/21 1:29 PM, Howard Chu wrote:
> Michael Ströder wrote:
>> TLSProtocolMin 3.3
>> TLSCipherSuite HIGH
> 
> Then you're getting TLSv1.3 on these connections. Your ciphersuite config
> has no TLSv1.3 ciphers though; cipher suite "HIGH" only affects TLSv1.2 and
> below.

Ah sorry. I've wrongly implied that OpenSSL automagically chooses
appropriate TLSv1.3 ciphers for HIGH.

> Change your suite config to include some actual TLSv1.3 suites and it will be
> fine. There's no bug here, just a change in OpenSSL behavior which is covered
> in their documentation. https://wiki.openssl.org/index.php/TLS1.3

Thanks for your explanations.

Your text seems worth to be added herein:

https://www.openldap.org/doc/admin25/guide.html#More%20extensive%20TLS%20configuration%20control

Ciao, Michael.


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-05 Thread Michael Ströder
On 5/5/21 2:51 AM, Howard Chu wrote:
> Michael Ströder wrote:
>> I have issues with OpenSSL ciphers on my openSUSE Tumbleweed and release
>> 2.5.4 when connecting to an 2.4 provider:
>>
>> TLS: can't connect: error:141A90B5:SSL
>> routines:ssl_cipher_list_to_bytes:no ciphers available.
>>
>> An 2.4.58 consumer replica works just fine.
>>
>> There is this commit in RE25 and I'm not sure whether that introduces a
>> regression on my system:
>>
>> b72bce2400ce303766f355a1dd37f4012754c942
>> ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1
>>
>> BTW: openSUSE has implemented something like a crypto policy configuration:
>>
>> https://build.opensuse.org/package/view_file/security:tls/openssl-1_1/openssl-1.1.1-system-cipherlist.patch?expand=1
>>
>> Any clue what's going on?
> 
> What ciphers have you configured on your client and server? What versions of 
> OpenSSL are running on each?

TL;DR: If I comment TLSCipherSuite in the 2.5.4 slapd.conf everything works.

It fails when setting this in slapd provider (2.4.58) *and* consumer
(2.5.4):

TLSProtocolMin 3.3
TLSCipherSuite HIGH

BTW: I didn't know that these server-side settings also affect the
syncrepl-client config.

This works when connecting with 2.5.4 CLI tools to 2.4.58 server:

LDAPNOINIT=1 LDAPTLS_PROTOCOL_MIN=3.3 LDAPTLS_CIPHER_SUITE=HIGH
/opt/openldap-ms/bin/ldapwhoami ..

But connecting even only with openssl s_client to 2.5.4 server does not
work with the above TLSCipherSuite settings.

All systems have OpenSSL 1.1.1k. The symlink
/etc/crypto-policies/back-ends/openssl.config points to
/usr/share/crypto-policies/DEFAULT/openssl.txt which has this single line:

@SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8

Not sure what is really affected by this file.

You can see how RPMs are built in OBS:

https://build.opensuse.org/package/show/security:tls/openssl-1_1

https://build.opensuse.org/package/show/home:stroeder:openldap25/openldap-ms

Ciao, Michael.


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-05 Thread Howard Chu
Michael Ströder wrote:
> On 5/5/21 1:29 PM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> TLSProtocolMin 3.3
>>> TLSCipherSuite HIGH
>>
>> Then you're getting TLSv1.3 on these connections. Your ciphersuite config
>> has no TLSv1.3 ciphers though; cipher suite "HIGH" only affects TLSv1.2 and
>> below.
> 
> Ah sorry. I've wrongly implied that OpenSSL automagically chooses
> appropriate TLSv1.3 ciphers for HIGH.
> 
>> Change your suite config to include some actual TLSv1.3 suites and it will be
>> fine. There's no bug here, just a change in OpenSSL behavior which is covered
>> in their documentation. https://wiki.openssl.org/index.php/TLS1.3

This appears to be one of the things they changed between OpenSSL 1.1.0 and 
1.1.1.
It's overall pretty user-unfriendly, I've submitted a patch to them to make 
things
a little easier. https://github.com/openssl/openssl/pull/15161

Perhaps this problem can go away in a future OpenSSL release.
> 
> Thanks for your explanations.
> 
> Your text seems worth to be added herein:
> 
> https://www.openldap.org/doc/admin25/guide.html#More%20extensive%20TLS%20configuration%20control
> 
> Ciao, Michael.
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-05 Thread Howard Chu
Michael Ströder wrote:
> Filed ITS:
> 
> https://bugs.openldap.org/show_bug.cgi?id=9546

Not a bug. Closing.
> 
> Ciao, Michael.
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-05 Thread Howard Chu
Michael Ströder wrote:
> On 5/5/21 2:51 AM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> I have issues with OpenSSL ciphers on my openSUSE Tumbleweed and release
>>> 2.5.4 when connecting to an 2.4 provider:
>>>
>>> TLS: can't connect: error:141A90B5:SSL
>>> routines:ssl_cipher_list_to_bytes:no ciphers available.
>>>
>>> An 2.4.58 consumer replica works just fine.
>>>
>>> There is this commit in RE25 and I'm not sure whether that introduces a
>>> regression on my system:
>>>
>>> b72bce2400ce303766f355a1dd37f4012754c942
>>> ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1
>>>
>>> BTW: openSUSE has implemented something like a crypto policy configuration:
>>>
>>> https://build.opensuse.org/package/view_file/security:tls/openssl-1_1/openssl-1.1.1-system-cipherlist.patch?expand=1
>>>
>>> Any clue what's going on?
>>
>> What ciphers have you configured on your client and server? What versions of 
>> OpenSSL are running on each?
> 
> TL;DR: If I comment TLSCipherSuite in the 2.5.4 slapd.conf everything works.
> 
> It fails when setting this in slapd provider (2.4.58) *and* consumer
> (2.5.4):
> 
> TLSProtocolMin 3.3
> TLSCipherSuite HIGH
> 
> BTW: I didn't know that these server-side settings also affect the
> syncrepl-client config.
> 
> This works when connecting with 2.5.4 CLI tools to 2.4.58 server:
> 
> LDAPNOINIT=1 LDAPTLS_PROTOCOL_MIN=3.3 LDAPTLS_CIPHER_SUITE=HIGH
> /opt/openldap-ms/bin/ldapwhoami ..
> 
> But connecting even only with openssl s_client to 2.5.4 server does not
> work with the above TLSCipherSuite settings.
> 
> All systems have OpenSSL 1.1.1k.

Then you're getting TLSv1.3 on these connections. Your ciphersuite config
has no TLSv1.3 ciphers though; cipher suite "HIGH" only affects TLSv1.2 and
below.

When you leave the suite unconfigured, it works because the hardcoded default
in OpenSSL includes a set of TLSv1.3 suites. When you set the TLSCipherSuite
parameter, all defaults are zeroed out and then your settings are configured.

The OpenSuSE patch you pointed to also only sets the suites for TLSv1.2 and
below, it doesn't call the OpenSSL API to set TLSv1.3 suites so the hardcoded
defaults are still in effect.

Change your suite config to include some actual TLSv1.3 suites and it will be
fine. There's no bug here, just a change in OpenSSL behavior which is covered
in their documentation. https://wiki.openssl.org/index.php/TLS1.3

I've seen in other software that they've split their cipher config to use
CIPHER_LIST to configure TLSv1.2 and below, and CIPHER_SUITE to configure
TLSv1.3. Since our config keyword already uses CIPHERSUITE our approach was
simply to use it for both, scanning the provided string for TLSv1.3 suite
names before doing the usual TLSv1.2 processing. This behavior is also in
accordance with OpenSSL's own tools, which always list the TLSv1.3 ciphers
along with the TLSv1.2 ciphers when you query it for configured cipher suites.
I.e., even though OpenSSL itself configures them separately, it always displays
the configuration as a single list, so conceptually, for us anyway, it is
still a single parameter list.


> The symlink
> /etc/crypto-policies/back-ends/openssl.config points to
> /usr/share/crypto-policies/DEFAULT/openssl.txt which has this single line:
> 
> @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
> 
> Not sure what is really affected by this file.
> 
> You can see how RPMs are built in OBS:
> 
> https://build.opensuse.org/package/show/security:tls/openssl-1_1
> 
> https://build.opensuse.org/package/show/home:stroeder:openldap25/openldap-ms
> 
> Ciao, Michael.
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-05 Thread Michael Ströder
Filed ITS:

https://bugs.openldap.org/show_bug.cgi?id=9546

Ciao, Michael.


Re: ssl_cipher_list_to_bytes:no ciphers available

2021-05-04 Thread Howard Chu
Michael Ströder wrote:
> HI!
> 
> I have issues with OpenSSL ciphers on my openSUSE Tumbleweed and release
> 2.5.4 when connecting to an 2.4 provider:
> 
> TLS: can't connect: error:141A90B5:SSL
> routines:ssl_cipher_list_to_bytes:no ciphers available.
> 
> An 2.4.58 consumer replica works just fine.
> 
> There is this commit in RE25 and I'm not sure whether that introduces a
> regression on my system:
> 
> b72bce2400ce303766f355a1dd37f4012754c942
> ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1
> 
> BTW: openSUSE has implemented something like a crypto policy configuration:
> 
> https://build.opensuse.org/package/view_file/security:tls/openssl-1_1/openssl-1.1.1-system-cipherlist.patch?expand=1
> 
> Any clue what's going on?

What ciphers have you configured on your client and server? What versions of 
OpenSSL are running on each?
> 
> Ciao, Michael.
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/