openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

Bug #1963834 reported by Dominique Fortier
48
This bug affects 9 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04

openssl:
  Installé : 3.0.1-0ubuntu1
  Candidat : 3.0.1-0ubuntu1
 Table de version :
 *** 3.0.1-0ubuntu1 500
        500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

Using Ubuntu 22.04, I now get the following error message when attempting to connect to our office VPN using "gp-saml-gui (https://github.com/dlenski/gp-saml-gui)" :

#########
dominique@Doombuntu:~$ .local/bin/gp-saml-gui server_url
Looking for SAML auth tags in response to https://server_url/global-protect/prelogin.esp...
usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] [--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f EXTRA] server [openconnect_extra ...]
gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)
#########
#########
#########

gp-saml-gui uses python module requests.
Using python ide, I can get the same results :

#########
>>> r = requests.get('https://server_url')
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.10/ssl.py", line 1070, in _create
    self.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)')))
#########
#########
#########

I believe in OpenSSL 3.0 that SSL_OP_LEGACY_SERVER_CONNECT is now disabled by default, as opposed to the version used in earlier Ubuntu versions (tested to work fine with 20.04 and 21.10).

I can't tell what should be done here. Is there something I can do to allow enable "SSL_OP_LEGACY_SERVER_CONNECT" for this connection ? Can something be done in the python module, or does this require a change in or parameter or config to be set in OpenSSL ?

Tags: openssl3

CVE References

tags: added: openssl3
Revision history for this message
Seth Arnold (seth-arnold) wrote :

It looks like this was added in:

https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3

in order to address servers that have not yet been updated for CVE-2009-3555.

It's possible to add a flag at the C level to connect insecurely, SSL_OP_LEGACY_SERVER_CONNECT, but I don't see this added to python:

https://bugs.python.org/issue44888
https://github.com/python/cpython/pull/27776

Thus it might not be easily reachable from Python programs.

Best would be to update the remote server to address CVE-2009-3555 (it might also be known as "support RFC 5746"). I'm not sure what to suggest for programs written in Python.

Thanks

Revision history for this message
Simon Chopin (schopin) wrote :

To be clear, the root issue is that the server is using an outdated, insecure protocol that has been deemed so for more than a decade, and OpenSSL finally decided to disable it by default. The "proper" way to fix this would be for them to upgrade.

Now, that being said, we live in the real world and our users probably don't have the power to make this decision.

I really don't understand why the upstream Python PR has been closed, it'd have made our lives easier. We *could* carry the patch in our Python 3.10 package, but that's just moving the problem, as our more technical users would have this escape hatch but the others would still be left out.

I'll get in touch with OpenSSL upstream to see if it's conceivable to expose this flag as a configuration option.

Revision history for this message
Simon Chopin (schopin) wrote :

... And while looking for what exactly to suggest upstream, I realized that GitHub search only prints out the first match in a given file, which mean I missed the config options part of https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd_value_type.html (search for UnsafeLegacyServerConnect), which, combined with https://www.openssl.org/docs/man3.0/man5/config.html makes me think the following snippet should work, assuming the Python modules actually loads the config file:

[ssl_configuration]
 client = client_tls_config

 [client_tls_config]
 Options = UnsafeLegacyServerConnect

This is completely untested though :)

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

FWIW I'm seeing this with the openconnect-sso (https://github.com/vlaci/openconnect-sso) package on jammy. I just tried adding the following to my /etc/ssl/openssl.cfg:

[ssl_configuration]
client = client_tls_config

[client_tls_config]
Options = UnsafeLegacyServerConnect

With no luck :(

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

I tried also adding the following:

[openssl_init]
providers = provider_sect
ssl_conf = ssl_configuration

as I wasn't sure whether the [ssl_configuration] section would otherwise get used for anything, but that didn't seem to make a difference.

The end of the file is

[ssl_configuration]
client = client_tls_config

# https://www.mail-archive.com/openssl-users%40openssl.org/msg90598.htm
l
# https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834
[client_tls_config]
Options = UnsafeLegacyRenegotiation

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Ok, I did get my case to work by creating ~/ssl.conf containing:

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

And then did OPENSSL_CONF=~/ssl.conf do-my-command

that works. I don't know why the system-wide file does not.

Revision history for this message
schte bo (schte) wrote :

We are having the same issue.
Out setup:
Ubuntu 22.04 (daily) + GlobalProtect Version 6 from Palo Alto Networks + SAML Auth
We found a system-wide workaround.
Modify the existing openssl config file, path: /usr/lib/ssl/openssl.cnf
with your already mentioned settings (just add the missings ones):
====>8======================================
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
====8<======================================

For the moment it is working fine for us.

Revision history for this message
Simon Chopin (schopin) wrote :

I'm marking this bug as `Won't Fix` as this new behavior is a deliberate upstream choice that is documented in their migration documentation https://www.openssl.org/docs/manmaster/man7/migration_guide.html

Granted, the documentation in question isn't exactly obvious (search for RFC 5746), but we've showed here that there's a workaround for those who can't convince their server admins to upgrade to a more secure SSL implementation. Thank you all for your work on testing and documenting said workarounds!

Changed in openssl (Ubuntu):
status: New → Won't Fix
Revision history for this message
Matthew Geier (matthew-acfr) wrote :

It's a bit of an 'own goal' if this gets marked as 'won't fix'. As students upgrade to 22.04 where I work they will find they can't connect to the institutions or research centre wireless network. They won't care that the SSL change is protecting them from an old SSL bug, they will just come back 'it works in windows but not Ubuntu'.
Central IT services who run the wireless will just shrug and say 'Linux not supported'.
Need to make it easier to find how to turn on the Legacy insecure mode.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Yes, managing the configurations for the huge variety of cryptography toolkits on a Linux system is definitely something of a chore. It would be nice to give people one command they could use to return to unsafe-but-compatible cryptography -- or enforce only modern cryptography.

Our friends at Red Hat have prepared https://gitlab.com/redhat-crypto/fedora-crypto-policies -- while a version of this is packaged: https://launchpad.net/ubuntu/+source/crypto-policies -- I don't believe it actually works on Ubuntu: https://bugs.launchpad.net/ubuntu/+source/crypto-policies/+bug/1926664

Maybe someday.

Thanks

Revision history for this message
cosine (mvanross) wrote :

FYI, to restart wpa-supplicant after these edits:

systemctl restart wpa_supplicant

Revision history for this message
Unim Dahal (unikdahal) wrote :

Can someone please tell the process of the workaround as i upgraded to ubuntu 22.04 and can't connect to my university wifi and i can't understand the details you guys are talking about

Revision history for this message
cacate (cacate) wrote :

I am from this bug post: https://www.reddit.com/r/Ubuntu/comments/uf68rn/major_issues_connecting_ubuntu_2204_lts_to/

I am wondering if this but report is related to it. I got the following error message when using the python version of SecureW2 client:

(Pdb) key_valid(self.file, passphrase=passphrase)
*** sslengine.SSLEngineError: Failed to invoke /bin/openssl with arguments ['pkcs12', '-in', '/home/leo/.joinnow/tls-client-certs/sw2-joinnow-client-cert-da39a3ee5e6b4b0d3255bfef95601890afd80709_20210721-101520_3815.p12', '-nocerts', '-nomacver', '-out', '/home/leo/.joinnow/tls-client-certs/sw2-joinnow-client-cert-da39a3ee5e6b4b0d3255bfef95601890afd80709_20210721-101520_3815.key', '-passin', 'file:/proc/12303/fd/5', '-aes256', '-passout', 'file:/proc/12303/fd/6']: Command '['/bin/openssl', 'pkcs12', '-in', '/home/leo/.joinnow/tls-client-certs/sw2-joinnow-client-cert-da39a3ee5e6b4b0d3255bfef95601890afd80709_20210721-101520_3815.p12', '-nocerts', '-nomacver', '-out', '/home/leo/.joinnow/tls-client-certs/sw2-joinnow-client-cert-da39a3ee5e6b4b0d3255bfef95601890afd80709_20210721-101520_3815.key', '-passin', 'file:/proc/12303/fd/5', '-aes256', '-passout', 'file:/proc/12303/fd/6']' returned non-zero exit status 1.

where the `key_valid` is from module `sslengine`.

How can I fix this issue?

Revision history for this message
Simon Chopin (schopin) wrote :

You'll need to contact your provider. I'm guessing their script isn't compatible with OpenSSL 3.0, but without more information (such as the stdout/stderr of the openssl CLI invocation here) there isn't much we can do on this end.

Whatever the precise issue though, it's almost certainly NOT related to the OP bug :).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.