Set TLS minimum proto version to 1.2 or greater.

Question

Set TLS minimum proto version to 1.2 or greater.

MMChrisHinshaw opened this issue 5 months ago · comments

One of our security team ran some tests and found that the Zeek broker ports were TLS 1.0 and 1.1. After digging into the broker code (and falling for a red herring in the libcaf_openssl source), it was found that the minimum TLS version is not applied to the SSL context. If I am understanding the code properly, the right place to apply the limit would be in ./src/internal/connector.cc at around line 209. NOTE: The patch file below is from the broker associated with Zeek 5.2.2, not the latest.

diff --git a/src/internal/connector.cc b/src/internal/connector.cc
index 1e9ae0d0..92f40be5 100644
--- a/src/internal/connector.cc
+++ b/src/internal/connector.cc
@@ -205,6 +205,7 @@ ssl_context_from_cfg(const openssl_options_ptr& cfg) {
 #endif
   auto ctx = caf::net::openssl::make_ctx(method);
   BROKER_DEBUG(BROKER_ARG2("authentication", cfg->authentication_enabled()));
+  SSL_CTX_set_min_proto_version(ctx.get(), TLS1_2_VERSION);
   if (cfg->authentication_enabled()) {
     // Require valid certificates on both sides.
     ERR_clear_error();

It would be great if this could be a configurable item (if it is not already), but the above change would satisfy our security team requirements.

Chris Hinshaw · Answer 1 · Thu Feb 22 2024 01:12:59 GMT+0800 (China Standard Time)

Hmmm... The above change didn't actually stop TLS 1.0 or 1.1 connections. Below is a simplified test (note that ZeekPort is set to 7760 in zeekctl.cfg).

#!/bin/bash

for PROTO in tls1 tls1_1 tls1_2 tls1_3 ; do
    echo "Testing $PROTO"
    openssl s_client -connect 0.0.0.0:7761 -$PROTO 2>/dev/null | grep Protocol
    echo "Result $?"
done

The output shows that TLS 1.0 and 1.1 connections are valid, even with the above code change to broker.

Testing tls1
    Protocol  : TLSv1
Result 0
Testing tls1_1
    Protocol  : TLSv1.1
Result 0
Testing tls1_2
    Protocol  : TLSv1.2
Result 0
Testing tls1_3
Result 1

Dominik Charousset · Answer 2 · Thu Feb 22 2024 05:38:52 GMT+0800 (China Standard Time)

Hmmm... The above change didn't actually stop TLS 1.0 or 1.1 connections.

That change only affects the zeek-to-zeek (binary) connections. I'll look into the WS part.

@timwoj, @ckreibich: do you guys see a reason to make this configurable or can we simply put TLS 1.2 as the minimum (for both native and WebSocket)?