Message 389003 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Vladyslav.Bondar, bugsrep, christian.heimes, miss-islington, skip.montanaro, taleinat, xtreak
Date	2021-03-18.09:15:20
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1616058920.99.0.671629067162.issue41561@roundup.psfhosted.org>
In-reply-to

Content
I have discussed the problem with downstream engineers on the two issues - https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 - https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 The gist of the issue is: Canonical has taken a different approach than Debian and other distros to set minimum TLS version. Most distros use an openssl.cnf file to set "MinProtocol = TLSv1.2". The config file approach allows application to override the setting with SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION) and to detect the current minimum version with SSL_CTX_get_min_proto_version(ctx) == TLS1_VERSION. Ubuntu doesn't set "MinProtocol = TLSv1.2". Instead the distro has patched OpenSSL source code and modified the meaning of security level "2". Security level is a new OpenSSL API to set various security related settings. On Ubuntu SECLEVEL=2 prevents TLS 1.0 and 1.1 connection. Further SSL_CTX_get_min_proto_version(ctx) returns 0 (dummy value for minimum supported version). SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION) does not fail although TLS 1.0 is prohibited. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html Level 2: SSL version 3 is also not allowed Level 4: TLS versions below 1.2 are not permitted. https://manpages.ubuntu.com/manpages/focal/man3/SSL_CTX_set_security_level.3ssl.html Level 2: On Ubuntu, TLS versions below 1.2 are not permitted The combination of "Ubuntu changed the meaning of security level policy" and "SSL_CTX_get_min_proto_version(ctx) does not report minimum version" breaks our tests. OpenSSL doesn't provide an easy way to check if a SSL_CTX has a sane configuration. There is a way to check if a security policy allows a TLS version. I'm not sure if we should include the check in CPython and where to best put the check: void *sec_ex = SSL_CTX_get0_security_ex_data(ctx); sec_cb = SSL_CTX_get_security_callback(ctx); int result = sec_cb(NULL, ctx, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL, sec_ex); if (result && (SSL_CTX_get_min_proto_version(ctx) >= TLS1_VERSION)) ...

I have discussed the problem with downstream engineers on the two issues

- https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
- https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625

The gist of the issue is: Canonical has taken a different approach than Debian and other distros to set minimum TLS version.

Most distros use an openssl.cnf file to set "MinProtocol = TLSv1.2". The config file approach allows application to override the setting with SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION) and to detect the current minimum version with SSL_CTX_get_min_proto_version(ctx) == TLS1_VERSION.

Ubuntu doesn't set "MinProtocol = TLSv1.2". Instead the distro has patched OpenSSL source code and modified the meaning of security level "2". Security level is a new OpenSSL API to set various security related settings. On Ubuntu SECLEVEL=2 prevents TLS 1.0 and 1.1 connection. Further SSL_CTX_get_min_proto_version(ctx) returns 0 (dummy value for minimum supported version). SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION) does not fail although TLS 1.0 is prohibited.

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
    Level 2: SSL version 3 is also not allowed
    Level 4: TLS versions below 1.2 are not permitted.

https://manpages.ubuntu.com/manpages/focal/man3/SSL_CTX_set_security_level.3ssl.html
    Level 2: On Ubuntu, TLS versions below 1.2 are not permitted

The combination of "Ubuntu changed the meaning of security level policy" and "SSL_CTX_get_min_proto_version(ctx) does not report minimum version" breaks our tests.

OpenSSL doesn't provide an easy way to check if a SSL_CTX has a sane configuration. There is a way to check if a security policy allows a TLS version. I'm not sure if we should include the check in CPython and where to best put the check:

    void *sec_ex = SSL_CTX_get0_security_ex_data(ctx);
    sec_cb = SSL_CTX_get_security_callback(ctx);
    int result = sec_cb(NULL, ctx, SSL_SECOP_VERSION, 0, TLS1_VERSION, NULL, sec_ex);
    if (result && (SSL_CTX_get_min_proto_version(ctx) >=  TLS1_VERSION)) ...

History
Date	User	Action	Args
2021-03-18 09:15:21	christian.heimes	set	recipients: + christian.heimes, skip.montanaro, taleinat, Vladyslav.Bondar, miss-islington, xtreak, bugsrep
2021-03-18 09:15:20	christian.heimes	set	messageid: <1616058920.99.0.671629067162.issue41561@roundup.psfhosted.org>
2021-03-18 09:15:20	christian.heimes	link	issue41561 messages
2021-03-18 09:15:20	christian.heimes	create