Respect system wide minimum TLS version
ekohl opened this issue · comments
It is possible to have a system wide crypto policy for OpenSSL, and Red Hat based distros (Fedora, RHEL & friends) do this out of the box. As far as I can see, the way this is done is in /etc/pki/tls/openssl.cnf
:
# Load default TLS policy configuration
openssl_conf = default_modules
[ default_modules ]
ssl_conf = ssl_module
[ ssl_module ]
system_default = crypto_policy
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/opensslcnf.config
Then in /etc/crypto-policies/back-ends/opensslcnf.config
there is:
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1
Note how there's a TLS.MinProtocol. This is not respected by Ruby, and I think it's because of this bit:
Line 25 in 1fa9fc5
It doesn't appear to be possible to set this to nil
and I don't see any constant that tells it to use the system default.
When I comment the line out, it does respect the system wide default. This appears to be done for ciphers already.
And Debian (checked on Debian Bullseye (11)) has:
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2
OpenSSL::SSL::SSLContext#set_params
overrides the minimum protocol version based on the discussion in https://bugs.ruby-lang.org/issues/9424. In short, the latest OpenSSL version at that time (1.0.1) still allowed SSL 3.0 and SSL 2.0 by default, and we wanted to disable them.
PR #710 seems reasonable to me.