Skip to content

Commit

Permalink
stream-ssl: Deprecate and disable TLSv1 and TLSv1.1.
Browse files Browse the repository at this point in the history
TLSv1 and TLSv1.1 are officially deprecated by RFC 8996 since March
of 2021:  https://datatracker.ietf.org/doc/rfc8996/

Both protocols should not generally be used (RFC says MUST NOT) and
are being actively removed from support by major distributions and
libraries.

Deprecate these protocols in OVS and turn them off by default.
Ability to use them preserved for now with a warning.  We'll fully
remove support in OVS 3.6.

Before this change, OVS would use TLSv1 or later, if the protocols
are not specified in the database or command line (this includes
TLSv1.3 that is not supported explicitly).  After the change, this
becomes TLSv1.2 or later.

Signed-off-by: Ilya Maximets <[email protected]>
  • Loading branch information
igsilya committed Dec 7, 2024
1 parent 77ac0b2 commit d4b5497
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 16 deletions.
6 changes: 3 additions & 3 deletions Documentation/howto/ssl.rst
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ This document describes how to configure an Open vSwitch to connect to an
OpenFlow controller over SSL. Refer to :doc:`/intro/install/general`. for
instructions on building Open vSwitch with SSL support.

Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by RFC 2246,
which is very similar to SSL version 3.0. TLSv1 was released in January 1999,
so all current software and hardware should implement it.
Open vSwitch uses TLS version 1.2 or later (TLSv1.2), as specified by
RFC 5246. TLSv1.2 was released in August 2008, so all current software and
hardware should implement it.

This document assumes basic familiarity with public-key cryptography and
public-key infrastructure.
Expand Down
5 changes: 3 additions & 2 deletions lib/ssl-connect.man
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
.IP "\fB\-\-ssl\-protocols=\fIprotocols\fR"
Specifies, in a comma- or space-delimited list, the SSL protocols
\fB\*(PN\fR will enable for SSL connections. Supported
\fIprotocols\fR include \fBTLSv1\fR, \fBTLSv1.1\fR, and \fBTLSv1.2\fR.
\fIprotocols\fR include \fBTLSv1\fR (deprecated), \fBTLSv1.1\fR (deprecated),
and \fBTLSv1.2\fR.
Regardless of order, the highest protocol supported by both sides will
be chosen when making the connection. The default when this option is
omitted is \fBTLSv1,TLSv1.1,TLSv1.2\fR.
omitted is \fBTLSv1.2\fR or later.
.
.IP "\fB\-\-ssl\-ciphers=\fIciphers\fR"
Specifies, in OpenSSL cipher string format, the ciphers \fB\*(PN\fR will
Expand Down
38 changes: 27 additions & 11 deletions lib/stream-ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ struct ssl_config_file {
static struct ssl_config_file private_key;
static struct ssl_config_file certificate;
static struct ssl_config_file ca_cert;
static char *ssl_protocols = "TLSv1,TLSv1.1,TLSv1.2";
static char *ssl_protocols = "TLSv1.2";
static char *ssl_ciphers = "HIGH:!aNULL:!MD5";

/* Ordinarily, the SSL client and server verify each other's certificates using
Expand Down Expand Up @@ -1076,7 +1076,8 @@ do_ssl_init(void)
return ENOPROTOOPT;
}

long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
#endif
Expand Down Expand Up @@ -1274,6 +1275,15 @@ stream_ssl_set_protocols(const char *arg)
SSL_OP_NO_TLSv1_2)
#endif
long protocol_flags = SSL_OP_NO_SSL_MASK;
struct {
const char *name;
long no_flag;
bool deprecated;
} protocols[] = {
{"TLSv1", SSL_OP_NO_TLSv1, true },
{"TLSv1.1", SSL_OP_NO_TLSv1_1, true },
{"TLSv1.2", SSL_OP_NO_TLSv1_2, false},
};

char *s = xstrdup(arg);
char *save_ptr = NULL;
Expand All @@ -1283,20 +1293,26 @@ stream_ssl_set_protocols(const char *arg)
goto exit;
}
while (word != NULL) {
long on_flag;
if (!strcasecmp(word, "TLSv1.2")){
on_flag = SSL_OP_NO_TLSv1_2;
} else if (!strcasecmp(word, "TLSv1.1")){
on_flag = SSL_OP_NO_TLSv1_1;
} else if (!strcasecmp(word, "TLSv1")){
on_flag = SSL_OP_NO_TLSv1;
} else {
long no_flag = 0;

for (size_t i = 0; i < ARRAY_SIZE(protocols); i++) {
if (!strcasecmp(word, protocols[i].name)) {
no_flag = protocols[i].no_flag;
if (protocols[i].deprecated) {
VLOG_WARN("%s protocol is deprecated", word);
}
break;
}
}

if (!no_flag) {
VLOG_ERR("%s: SSL protocol not recognized", word);
goto exit;
}

/* Reverse the no flag and mask it out in the flags
* to turn on that protocol. */
protocol_flags &= ~on_flag;
protocol_flags &= ~no_flag;
word = strtok_r(NULL, " ,\t", &save_ptr);
};

Expand Down
2 changes: 2 additions & 0 deletions tests/ovsdb-server.at
Original file line number Diff line number Diff line change
Expand Up @@ -911,6 +911,7 @@ AT_CHECK_UNQUOTED(
[ovsdb-client: failed to connect to "ssl:127.0.0.1:$SSL_PORT"
],
[ignore])
AT_CHECK([grep -q 'TLSv1 protocol is deprecated' output])
# Check that when ciphers are not compatible, that a negotiation
# failure occurs.
AT_CHECK(
Expand All @@ -934,6 +935,7 @@ AT_CHECK_UNQUOTED(
[ovsdb-client: failed to connect to "ssl:127.0.0.1:$SSL_PORT"
],
[ignore])
AT_CHECK([grep -q 'TLSv1.1 protocol is deprecated' output])
# The error message for being unable to negotiate a shared ciphersuite
# is 'sslv3 alert handshake failure'. This is not the clearest message.
# In openssl 3.2.0 all the error messages were updated to replace 'sslv3'
Expand Down

0 comments on commit d4b5497

Please sign in to comment.