Conversation
|
This PR contains significantly more than an upgrade of the version of Ubuntu. From a glance, I can see various things that are likely to break. I think this would need a pretty thorough explanation to warrant a review. |
|
Thanks for the feedback @lgarron. That's correct. The upgrade to 24.04 pulls in a more recent versions of OpenSSL and nginx which have some limitations on the supported set ups. But from my understanding, pulling this new version will allows us to add proper support for TLS 1.3 eventually. I had a few conversations with @christhompson about this change. I am expecting him to review these as well.
Great. Would you be able to share these so I can improve the commits? Thanks. |
Alright, good to know. I leave infrastructure concerns to @christhompson
Is there a plan for doing so without breaking old SSL setups (even something blunt like using two IPs)? |
|
Yeah @tweksteen has offered to help me with (finally) updating BadSSL (and more importantly the live BadSSL.com site) to an actual supported version of Ubuntu. The current state is somewhat untenable, even with the small risk profile of a static nginx site. My recommended first step here was to work on updating the Dockerfile to use the latest Ubuntu LTS, and work through the fallout from that upgrade as it impacts test cases etc. When I went through an initial attempt at this before, it became immediately clear that we won't be able to keep all of the old test cases functioning. OpenSSL/nginx as shipped just don't have support any more for lots of very legacy things. Other things can technically still be achieved if we compiled our own copies of OpenSSL/nginx. When I last poked at this, getting things like DES support required the Legacy provider, and to have that work on Ubuntu required manually compiling it with specific flags (you couldn't just specify it in the runtime configs for OpenSSL and nginx). IMO getting support for modern ciphersuites (or upcoming things like MTCs!) and TLS 1.3 lets us set up test cases that are actively useful today for development and testing, and things like a "null cipher" or the 3DES test page are just not very interesting anymore. In the interest of actually being able to keep the site operating, dropping old test cases seemed like a reasonable tradeoff to me. Maybe we should keep some support for the local server running the old stuff? That is, maybe we have an "Old BadSSL" Dockerfile and a "Current BadSSL" Dockerfile instead? Running a very old Ubuntu build with the old test cases for no-longer-supported-on-the-live-site stuff seems fine (the same way we have other "local-only" test cases for things that we can't get live certs for, like cases that violate the BRs). Opinions very welcome, especially from you @lgarron though. |
|
Going through and figuring out what works if we can get the Legacy Provider configured at runtime vs. what would need a full recompile (for e.g. the |
Because of the more recent Nginx and OpenSSL (3.0.13) versions included in 24.04, some tests are not supported anymore and therefore removed. This includes: - 3DES => requires enable-weak-ssl-ciphers [1] - RC4 => requires enable-weak-ssl-ciphers [1] - RC4-MD5 => requires enable-weak-ssl-ciphers [1] - DH480 => openssl dhparam 480 fails [2][3] - DH512 => no DHE weaker than 1024-bits [3] Enabling any of these would require building OpenSSL manually and/or patching OpenSSL. Loading the legacy provider does not help here. Other tests have been updated to use @SECLEVEL=0 in their ssl_ciphers option, including: - TLS default - DH1024 - DH Composite - Mozilla Old On the infrastructure side, use the distribution Ruby and Jekyll packages. This is the least amount of changes required to update Ubuntu and still have nginx starts without any fatal error. [1] https://github.com/openssl/openssl/blob/85cf92f55d9e2ac5aacf92bedd33fb890b9f8b4c/ssl/s3_lib.c#L161 [2] https://github.com/openssl/openssl/blob/85cf92f55d9e2ac5aacf92bedd33fb890b9f8b4c/crypto/dh/dh_gen.c#L167 [3] https://github.com/openssl/openssl/blob/85cf92f55d9e2ac5aacf92bedd33fb890b9f8b4c/ssl/ssl_cert.c#L1038
tweksteen
force-pushed
the
ubuntu-upgrade
branch
from
010542a to
e589d83
Compare
|
Thanks. I went through the OpenSSL source code for 3.0.13 to better understand which cipher suite would require a rebuild. There are 5 tests that I think we should drop (see commit message). Using the legacy provider did not help here: for instance for 3DES, the triple version of DES is still in the default provider, but requires the For some tests, using This one commit has the minimum changes for at least having Nginx starts without any fatal error. Other changes will be necessary after that to: limit warning logs, update some cipher list (Mozilla), clean up HTML links... PTAL and let me know. Thanks. |
3 participants
No description provided.