revert tls security level back to 1

Bug #1822984 reported by Dimitri John Ledkov on 2019-04-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Undecided
Unassigned
Cosmic
Undecided
Unassigned
Disco
Undecided
Unassigned

Bug Description

[Impact]
* increase minimum default tls security level from 0 to 1, as is the default upstream

[Test Case]

* generate 80bits TLS certificate and attempt to use it

* with prior openssl it should work, but with this update it should fail

[Regression Potential]

* This increases the minimum required certificate/keys sizes and algorithms, back to what Bionic GA openssl 1.1.0 shipped as. It also now will match upstream default. It is still lower than Debian's default that raises it to 2 by default.

* Cosmic GA shipped with TLS_SECURITY_LEVEL 0, meaning pretty much any weak keys were accepted. With this change keys lower than 112 will be rejected, which are considered to be too weak to be useful by most CAs out there.

Changed in openssl (Ubuntu Disco):
status: New → Fix Committed
Iain Lane (laney) wrote :

that regression potential doesn't really describe what might regress... I think it could be improved.

since you asked me to review, can you give a bit more context for the change please? why did we have the patch before and why can it be removed now?

Iain Lane (laney) wrote :

looks like someone else accepted with this question still pending...

still would appreciate an answer

Steve Langasek (vorlon) wrote :

The patch was added by Dimitri in cosmic to restore compatibility with older and less secure TLS implementations using weak keys. However, bionic shipped without compatibility with those less secure keys, and we are unaware of any complaints about this change in bionic. This distro patch to lower the security baseline of openssl 1.1 was being introduced in SRU to bionic as part of the openssl 1.1.1 backport, and I rejected that upload after discussion with the security team, because it is not justifiable for the SRU to *lower* the security baseline in SRU without specific reports of breakage.

And since the protocol baseline in bionic is incompatible with those servers, there is no reason for newer non-LTS releases to be compatible with them. Hence, dropping the patch for devel is, I believe, obviously correct.

SRUing that same change to cosmic is not as obviously correct since it carries some risk of regression vs. the state of cosmic at time of release.

Dimitri John Ledkov (xnox) wrote :

But equally, I would not want to keep cosmic more insecure than what bionic and disco will be. And currently, cosmic is a release regression w.r.t. bionic GA. Upgrading to newer releases, should not result in looser acceptance of insecure protocols.

description: updated
Changed in openssl (Ubuntu Cosmic):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.1.1b-1ubuntu2

---------------
openssl (1.1.1b-1ubuntu2) disco; urgency=medium

  * debian/rules: Ship openssl.cnf in libssl1.1-udeb, as required to use
    OpenSSL by other udebs, e.g. wget-udeb. LP: #1822898

  * Drop debian/patches/UBUNTU-lower-tls-security-level-for-compat.patch
    to revert TLS_SECURITY_LEVEL back to 1. LP: #1822984

 -- Dimitri John Ledkov <email address hidden> Wed, 03 Apr 2019 11:50:23 +0100

Changed in openssl (Ubuntu Disco):
status: Fix Committed → Fix Released

Hello Dimitri, or anyone else affected,

Accepted openssl into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in openssl (Ubuntu Cosmic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Dimitri John Ledkov (xnox) wrote :

generated new weak key, cert and try to use it with current cosmic's openssl and succeed:

# openssl genrsa -des3 -out myCA.key 600
# openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
# openssl s_server -cert myCA.pem -key myCA.key -WWW

# wget --ca-certificate myCA.pem https://localhost:4433
--2019-04-11 16:18:41-- https://localhost:4433/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:4433... connected.
HTTP request sent, awaiting response... 200 ok
Length: unspecified [text/plain]
Saving to: 'index.html.2'

index.html.2 [ <=> ] 237 --.-KB/s in 0s

2019-04-11 16:18:41 (15.6 MB/s) - 'index.html.2' saved [237]

# dpkg -l | grep libssl
ii libssl1.1:amd64 1.1.1-1ubuntu2

Upgraded to:
# dpkg -l | grep libssl
ii libssl1.1:amd64 1.1.1-1ubuntu2.2

And now wget fails with too small key error, whilst the s_server is still running:

# wget --ca-certificate myCA.pem https://localhost:4433
--2019-04-11 16:20:09-- https://localhost:4433/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:4433... connected.
ERROR: cannot verify localhost's certificate, issued by 'CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU':
  EE certificate key too weak
To connect to localhost insecurely, use `--no-check-certificate'.

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Łukasz Zemczak (sil2100) wrote :

Thanks for the verification! The SRU has some reported autopkgtest regressions - could you take a look at those?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.1.1-1ubuntu2.2

---------------
openssl (1.1.1-1ubuntu2.2) cosmic; urgency=medium

  * debian/rules: Ship openssl.cnf in libssl1.1-udeb, as required to use
    OpenSSL by other udebs, e.g. wget-udeb. LP: #1822898

  * Drop debian/patches/UBUNTU-lower-tls-security-level-for-compat.patch
    to revert TLS_SECURITY_LEVEL back to 1. LP: #1822984

 -- Dimitri John Ledkov <email address hidden> Wed, 03 Apr 2019 20:37:01 +0100

Changed in openssl (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for openssl has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers