https://bugs.openldap.org/show_bug.cgi?id=10035
Issue ID: 10035 Summary: TLSv1.3 cipher suites can be set incorrectly Product: OpenLDAP Version: 2.6.4 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: ipuleston@sonicwall.com Target Milestone: ---
I noticed that, on the client side, when I use LDAP_OPT_X_TLS_CIPHER_SUITE to set an OpenSSL cipher-suites list that contains a TLSv1.3 cipher suite, that may or may not get set correctly, depending on where it is located in the list. The following is what I am seeing with TLS versions 1.2 and 1.3 enabled:
If I set this cipher-suites list:
"3DES:TLS_AES_128_GCM_SHA256:!eNULL"
Then WireShark shows shows it offering these ciphers in the TLS Client Hello, which is correct (the single given TLSv1.3 suite, plus 6 using 3-DES):
Cipher Suites (7 suites) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
However, if I set this cipher-suites list:
"!eNULL:3DES:TLS_AES_128_GCM_SHA256"
Then it now incorrectly offers two additional TLSv1.3 suites:
Cipher Suites (9 suites) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Those first three are all of the TLSv3 ciphers supported by OpenSSL in this system.
https://bugs.openldap.org/show_bug.cgi?id=10035
--- Comment #1 from ipuleston@sonicwall.com ipuleston@sonicwall.com --- (In reply to ipuleston@sonicwall.com from comment #0)
Then WireShark shows shows it offering these ciphers in the TLS Client Hello, which is correct (the single given TLSv1.3 suite, plus 6 using 3-DES):
Cipher Suites (7 suites) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Minor correction there: I should have said "plus 5 using 3-DES and the empty thingy on the end".
https://bugs.openldap.org/show_bug.cgi?id=10035
--- Comment #2 from ipuleston@sonicwall.com ipuleston@sonicwall.com --- I tracked this down to a bug in function tlso_ctx_cipher13() in tls_o.c. I added this temporary printf at the end of it where the extracted TLSv1.3 suite names are passed to OpenSSL:
printf("TLSv1.3 suites set: '%s' !!!!!!!\n", tls13_suites); if ( tls13_suites[0] ) SSL_CTX_set_ciphersuites( ctx, tls13_suites );
And with another one printing the list set via LDAP_OPT_X_TLS_CIPHER_SUITE, this is what I see from those:
Working:
Setting LDAP TLS cipher suites to '3DES:TLS_AES_128_GCM_SHA256:!eNULL' TLSv1.3 suites set: 'TLS_AES_128_GCM_SHA256' !!!!!!!
Not working:
Setting LDAP TLS cipher suites to '!eNULL:3DES:TLS_AES_128_GCM_SHA256' TLSv1.3 suites set: '3DES' !!!!!!!
It doesn't work when the last name in the list is a TLSv1.3 one. In that case it erroneously copies the preceding name into the tls13_suites.
And note that if the TLSv1.3 cipher suite name is the only one in the suites list, then it will copy whatever uninitialized garbage happens to be on the stack in sname[].
I will supply a patch shortly, once I've finished testing it.
https://bugs.openldap.org/show_bug.cgi?id=10035
--- Comment #3 from ipuleston@sonicwall.com ipuleston@sonicwall.com --- Created attachment 955 --> https://bugs.openldap.org/attachment.cgi?id=955&action=edit Patch to fix this
The fix has been tested and a patch is uploaded.
https://bugs.openldap.org/show_bug.cgi?id=10035
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED
--- Comment #4 from Howard Chu hyc@openldap.org --- Committed to git, thanks.
https://bugs.openldap.org/show_bug.cgi?id=10035
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.15 Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10035
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- head:
• 818e2a54 by Ian Puleston at 2023-03-31T02:15:49+01:00 ITS#10035 Fix setting TLSv1.3 ciphersuite
RE26:
• 67164c7b by Ian Puleston at 2023-04-27T15:36:40+00:00 ITS#10035 Fix setting TLSv1.3 ciphersuite
RE25:
• dd1af1a0 by Ian Puleston at 2023-04-27T15:37:48+00:00 ITS#10035 Fix setting TLSv1.3 ciphersuite
https://bugs.openldap.org/show_bug.cgi?id=10035
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org