Ubuntu
openssl package

Unable to configure or disable TLS 1.3 via openssl.cnf

Bug #1832370 reported by Simon Déziel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Invalid
High
Unassigned
Bionic
Invalid
High
Unassigned
Cosmic
Invalid
High
Unassigned
Disco
Invalid
High
Unassigned
Eoan
Invalid
High
Unassigned

Bug Description

[Description]

Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

Here is how I'd expect to be able to turn off TLS 1.3:

# diff -Naur /etc/ssl/openssl.cnf{.orig,}
--- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
+++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400
@@ -12,6 +12,16 @@
 HOME = .
 RANDFILE = $ENV::HOME/.rnd

+ssl_conf = ssl_sect
+
+[ssl_sect]
+
+system_default = system_default_sect
+
+[system_default_sect]
+
+MaxProtocol = TLSv1.2
+
 # Extra OBJECT IDENTIFIER info:
 #oid_file = $ENV::HOME/.oid
 oid_section = new_oids

This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384.

Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

# diff -Naur /etc/ssl/openssl.cnf{.orig,}
--- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
+++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400
@@ -12,6 +12,17 @@
 HOME = .
 RANDFILE = $ENV::HOME/.rnd

+ssl_conf = ssl_sect
+
+[ssl_sect]
+
+system_default = system_default_sect
+
+[system_default_sect]
+
+Ciphers = TLS_AES_128_GCM_SHA256
+Ciphersuites = TLS_AES_128_GCM_SHA256
+
 # Extra OBJECT IDENTIFIER info:
 #oid_file = $ENV::HOME/.oid
 oid_section = new_oids

Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128)

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssl 1.1.1-1ubuntu2.1~18.04.1
ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
Uname: Linux 4.15.0-51-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Jun 11 11:22:47 2019
InstallationDate: Installed on 2018-07-15 (331 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
ProcEnviron:
 LANG=en_CA.UTF-8
 TERM=xterm-256color
 SHELL=/bin/bash
 XDG_RUNTIME_DIR=<set>
 PATH=(custom, no user)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Simon Déziel (sdeziel) wrote :
Dimitri John Ledkov (xnox)
Changed in openssl (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
tags: added: rls-ee-incoming
Changed in openssl (Ubuntu):
assignee: Dimitri John Ledkov (xnox) → nobody
Revision history for this message
Simon Déziel (sdeziel) wrote :

In my tests, I used NGINX with those TLS related params:

# grep -r ssl_ /etc/nginx/nginx.conf /etc/nginx/conf.d/ /etc/nginx/sites-enabled/
/etc/nginx/nginx.conf: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
/etc/nginx/nginx.conf: ssl_prefer_server_ciphers on;
/etc/nginx/conf.d/ssl.conf:ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
/etc/nginx/conf.d/ssl.conf:ssl_session_cache shared:SSL:1m;
/etc/nginx/conf.d/ssl.conf:ssl_session_timeout 1d;
/etc/nginx/conf.d/ssl.conf:ssl_session_tickets off;
/etc/nginx/conf.d/ssl.conf:ssl_certificate /etc/nginx/certs/sdeziel.info/fullchain.pem;
/etc/nginx/conf.d/ssl.conf:ssl_certificate_key /etc/nginx/certs/sdeziel.info/privkey.pem;
/etc/nginx/conf.d/ssl.conf:ssl_stapling on;

I used many variations of ssl_ciphers and ssl_protocols to no avail. My main goal is to have TLS 1.3 and 1.2 enabled with this ciphers list from above but that doesn't work as seen here:
 https://dev.ssllabs.com/ssltest/analyze.html?d=sdeziel.info&s=2001%3a470%3ab1c3%3a7942%3a0%3a0%3a0%3a80&hideResults=on&latest

Dimitri John Ledkov (xnox)
Changed in openssl (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Steve Langasek (vorlon)
Changed in openssl (Ubuntu Bionic):
importance: Undecided → High
Changed in openssl (Ubuntu Cosmic):
importance: Undecided → High
Changed in openssl (Ubuntu Disco):
importance: Undecided → High
Changed in openssl (Ubuntu Eoan):
importance: Undecided → High
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I have started bionic lxd container with nginx and snakeoil certificates.

# patch /etc/ssl/openssl.cnf cap-to-tls1.2.patch
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 353 (offset 2 lines).
# systemctl restart nginx

And connect from the host system which has stock openssl.cnf

$ openssl s_client [fd42:3fcc:8a27:4e69:216:3eff:fe4c:5b9e]:443 | grep -e Protocol -e Cipher
Can't use SSL_get_servername
depth=0 CN = nearby-osprey.lxd
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = nearby-osprey.lxd
verify return:1
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-GCM-SHA384
^C

Back in the container

# patch -R /etc/ssl/openssl.cnf cap-to-tls1.2.patch
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 350 (offset 2 lines).

# patch /etc/ssl/openssl.cnf reorder-tls1.3-ciphersuites.patch
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 353 (offset 2 lines).
# systemctl restart nginx

Connecting to the container again externally:
$ openssl s_client [fd42:3fcc:8a27:4e69:216:3eff:fe4c:5b9e]:443 | grep -e Protocol -e Cipher
Can't use SSL_get_servername
depth=0 CN = nearby-osprey.lxd
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = nearby-osprey.lxd
verify return:1
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
^C

# patch -R /etc/ssl/openssl.cnf reorder-tls1.3-ciphersuites.patch
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 350 (offset 2 lines).
# systemctl restart nginx

So using the above patches to openssl.cnf I was able to reorder chipersuites of stock bionic nginx, and cap to TLSv1.2.

So with attached

Changed in openssl (Ubuntu Bionic):
status: New → Incomplete
Changed in openssl (Ubuntu Disco):
status: New → Incomplete
Changed in openssl (Ubuntu Cosmic):
status: New → Incomplete
Changed in openssl (Ubuntu Eoan):
assignee: Dimitri John Ledkov (xnox) → nobody
status: New → Incomplete
Francis Ginther (fginther)
tags: added: id-5d0269c526b1af4a5c615490
Revision history for this message
Simon Déziel (sdeziel) wrote :

@xnox, thanks it was indeed an error on my part. The key was to have openssl_conf in the default/unnamed section and then not introduce bogus values: Ciphers is not recognized and causes the config section to be ignored.

I believe this bug could be marked as Invalid for all the releases but I'll let you do that as I only tested on Bionic and I don't want to overrule the statuses you set. Thanks again!

Brian Murray (brian-murray)
tags: removed: rls-ee-incoming
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Dimitri John Ledkov (xnox)
Changed in openssl (Ubuntu Bionic):
status: Incomplete → Invalid
Changed in openssl (Ubuntu Cosmic):
status: Incomplete → Invalid
Changed in openssl (Ubuntu Disco):
status: Incomplete → Invalid
Changed in openssl (Ubuntu Eoan):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.