Set TLS minimum proto version to 1.2 or greater.
MMChrisHinshaw opened this issue · comments
One of our security team ran some tests and found that the Zeek broker ports were TLS 1.0 and 1.1. After digging into the broker code (and falling for a red herring in the libcaf_openssl source), it was found that the minimum TLS version is not applied to the SSL context. If I am understanding the code properly, the right place to apply the limit would be in ./src/internal/connector.cc
at around line 209. NOTE: The patch file below is from the broker associated with Zeek 5.2.2, not the latest.
diff --git a/src/internal/connector.cc b/src/internal/connector.cc
index 1e9ae0d0..92f40be5 100644
--- a/src/internal/connector.cc
+++ b/src/internal/connector.cc
@@ -205,6 +205,7 @@ ssl_context_from_cfg(const openssl_options_ptr& cfg) {
#endif
auto ctx = caf::net::openssl::make_ctx(method);
BROKER_DEBUG(BROKER_ARG2("authentication", cfg->authentication_enabled()));
+ SSL_CTX_set_min_proto_version(ctx.get(), TLS1_2_VERSION);
if (cfg->authentication_enabled()) {
// Require valid certificates on both sides.
ERR_clear_error();
It would be great if this could be a configurable item (if it is not already), but the above change would satisfy our security team requirements.
Hmmm... The above change didn't actually stop TLS 1.0 or 1.1 connections. Below is a simplified test (note that ZeekPort is set to 7760 in zeekctl.cfg).
#!/bin/bash
for PROTO in tls1 tls1_1 tls1_2 tls1_3 ; do
echo "Testing $PROTO"
openssl s_client -connect 0.0.0.0:7761 -$PROTO 2>/dev/null | grep Protocol
echo "Result $?"
done
The output shows that TLS 1.0 and 1.1 connections are valid, even with the above code change to broker.
Testing tls1
Protocol : TLSv1
Result 0
Testing tls1_1
Protocol : TLSv1.1
Result 0
Testing tls1_2
Protocol : TLSv1.2
Result 0
Testing tls1_3
Result 1
Hmmm... The above change didn't actually stop TLS 1.0 or 1.1 connections.
That change only affects the zeek-to-zeek (binary) connections. I'll look into the WS part.
@timwoj, @ckreibich: do you guys see a reason to make this configurable or can we simply put TLS 1.2 as the minimum (for both native and WebSocket)?