[wishlist] Add TLSv1.3 support to apache2 on Bionic

Bug #1845263 reported by Simon Déziel on 2019-09-24
30
This bug affects 4 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Medium
Unassigned
Bionic
High
Ubuntu Security Team
Disco
Medium
Unassigned

Bug Description

Since LP: #1797386, openssl with TLS 1.3 support is available on Bionic. This had the nice side effect of enabling TLS 1.3 for various services (nginx, postfix, dovecot, etc) but not apache2.

TLS 1.3 support is required to use the "modern compatibility" configuration recommended by Mozilla [1]. Since Bionic is an LTS release and apache2 is popular and in main, it would be nice to have support for TLS 1.3.

According to [2], support for TLS 1.3 was added in version 2.4.36 while Bionic ships 2.4.29. Disco ships with 2.4.38 so should be OK.

1: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
2: https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=modern&openssl-version=1.1.1

CVE References

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed
tags: added: server-next

Thanks Simon for the report, yes I've seen similar bugs for a few other packages already.
In many cases the security Team already has a plan or opinion about it.
Therefore I'm assigning the security team to first give us their guidance if:
- it should not be enabled, because ?
- it will be enabled by them later
- it should be enabled, but someone else has to try doing it

Changed in apache2 (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Ubuntu Security Team (ubuntu-security)

"Testcase" (less than full cert setup):
$ apt install apache2
$ a2enmod ssl
$ vim /etc/apache2/mods-enabled/ssl.conf:
Change protocols to:
  SSLProtocol all -SSLv3 +TLSv1.2 TLSv1.3
For an SRU we might want more, but that is enough to check if a given apache already has TLSv1.3

With that I confirmed your expectation that >=Disco is already fine in that regard.

Changed in apache2 (Ubuntu Bionic):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Changed in apache2 (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
status: Confirmed → Fix Released
Changed in apache2 (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → High
Changed in apache2 (Ubuntu Disco):
status: New → Fix Released
importance: Undecided → Medium

Umm, for the above test I forgot then restart apache2 and see if it complains:

good: (no message, server starts)

bad:
Sep 25 08:12:21 b apachectl[16488]: AH00526: Syntax error on line 73 of /etc/apache2/mods-enabled/ssl.conf:
Sep 25 08:12:21 b apachectl[16488]: SSLProtocol: Illegal protocol 'TLSv1.3'
Sep 25 08:12:21 b apachectl[16488]: Action 'start' failed.

While in many projects it is just a rebuild, here it is quite some code.

From changes in 2.4.36:
 106 *) SECURITY: CVE-2019-0215 (cve.mitre.org)
 107 mod_ssl: Fix access control bypass for per-location/per-dir client
 108 certificate verification in TLSv1.3.
=> commit https://github.com/apache/httpd/commit/84edf5f49db23ced03259812bbf9426685f7d82a

 294 *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
 295 behavioural changes compared to v1.2 and earlier; client and
 296 configuration changes should be expected. SSLCipherSuite is
 297 enhanced for TLSv1.3 ciphers, but applies at vhost level only.
 298 [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
=> branch https://github.com/apache/httpd/commits/tlsv1.3-for-2.4.x

I'm not sure on this one ...
It won't be easy and the fallout might be high.
It almost seems safer to consider MREing something >=2.4.36 completely.

But all of that is up to the security Teams guidance anyway.
Waiting on them to comment.

tags: added: bionic-openssl-1.1
Dimitri John Ledkov (xnox) wrote :

I've had a deep look into either cherrypicking just the v1.3 support, or backporting all of mod_ssl module, and both things looked hard.

The point of openssl 1.1.1 SRU to Bionic was not to enable TLSv1.3 everywhere. But rather to ensure it is long-term supportable. The potential availability of TLSv1.3 was an added cherry on top.

I feel like marking this wont-fix for bionic.

@Xnox - I did a similar check, not a deep look but maybe 30 minutes of diff parsing.
I did come to the same conclusion. My gut feeling was more like "If security wants to get TLSv1.3 into Bionic Apache then we'd be better off considering to make the 2.4.38 of Disco available in Bionic (with all the Pros and Cons that comes with).

So yeah, IMHO 'Won't Fix' or 'Consider backport new major version'. In between those two would be the backports pocket, but the support statement for -backports is too weak.

Marc Deslauriers (mdeslaur) wrote :

I put a first stab at a TLSv1.3 backport for bionic's apache2 in my testing PPA here:

https://launchpad.net/~mdeslaur/+archive/ubuntu/testing

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers