Giters

ruby / openssl

Provides SSL, TLS and general purpose cryptography.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Respect system wide minimum TLS version

ekohl opened this issue · comments

commented

It is possible to have a system wide crypto policy for OpenSSL, and Red Hat based distros (Fedora, RHEL & friends) do this out of the box. As far as I can see, the way this is done is in /etc/pki/tls/openssl.cnf:

# Load default TLS policy configuration

openssl_conf = default_modules

[ default_modules ]

ssl_conf = ssl_module

[ ssl_module ]

system_default = crypto_policy

[ crypto_policy ]

.include /etc/crypto-policies/back-ends/opensslcnf.config

Then in /etc/crypto-policies/back-ends/opensslcnf.config there is:

CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1

Note how there's a TLS.MinProtocol. This is not respected by Ruby, and I think it's because of this bit:

openssl/lib/openssl/ssl.rb

Line 25 in 1fa9fc5

:min_version => OpenSSL::SSL::TLS1_VERSION,

It doesn't appear to be possible to set this to nil and I don't see any constant that tells it to use the system default.

When I comment the line out, it does respect the system wide default. This appears to be done for ciphers already.

commented

And Debian (checked on Debian Bullseye (11)) has:

openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2
commented

OpenSSL::SSL::SSLContext#set_params overrides the minimum protocol version based on the discussion in https://bugs.ruby-lang.org/issues/9424. In short, the latest OpenSSL version at that time (1.0.1) still allowed SSL 3.0 and SSL 2.0 by default, and we wanted to disable them.

PR #710 seems reasonable to me.