Michael Ströder wrote:
On 5/5/21 2:51 AM, Howard Chu wrote:
Michael Ströder wrote:
I have issues with OpenSSL ciphers on my openSUSE Tumbleweed and release 2.5.4 when connecting to an 2.4 provider:
TLS: can't connect: error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available.
An 2.4.58 consumer replica works just fine.
There is this commit in RE25 and I'm not sure whether that introduces a regression on my system:
b72bce2400ce303766f355a1dd37f4012754c942 ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1
BTW: openSUSE has implemented something like a crypto policy configuration:
https://build.opensuse.org/package/view_file/security:tls/openssl-1_1/openss...
Any clue what's going on?
What ciphers have you configured on your client and server? What versions of OpenSSL are running on each?
TL;DR: If I comment TLSCipherSuite in the 2.5.4 slapd.conf everything works.
It fails when setting this in slapd provider (2.4.58) *and* consumer (2.5.4):
TLSProtocolMin 3.3 TLSCipherSuite HIGH
BTW: I didn't know that these server-side settings also affect the syncrepl-client config.
This works when connecting with 2.5.4 CLI tools to 2.4.58 server:
LDAPNOINIT=1 LDAPTLS_PROTOCOL_MIN=3.3 LDAPTLS_CIPHER_SUITE=HIGH /opt/openldap-ms/bin/ldapwhoami ..
But connecting even only with openssl s_client to 2.5.4 server does not work with the above TLSCipherSuite settings.
All systems have OpenSSL 1.1.1k.
Then you're getting TLSv1.3 on these connections. Your ciphersuite config has no TLSv1.3 ciphers though; cipher suite "HIGH" only affects TLSv1.2 and below.
When you leave the suite unconfigured, it works because the hardcoded default in OpenSSL includes a set of TLSv1.3 suites. When you set the TLSCipherSuite parameter, all defaults are zeroed out and then your settings are configured.
The OpenSuSE patch you pointed to also only sets the suites for TLSv1.2 and below, it doesn't call the OpenSSL API to set TLSv1.3 suites so the hardcoded defaults are still in effect.
Change your suite config to include some actual TLSv1.3 suites and it will be fine. There's no bug here, just a change in OpenSSL behavior which is covered in their documentation. https://wiki.openssl.org/index.php/TLS1.3
I've seen in other software that they've split their cipher config to use CIPHER_LIST to configure TLSv1.2 and below, and CIPHER_SUITE to configure TLSv1.3. Since our config keyword already uses CIPHERSUITE our approach was simply to use it for both, scanning the provided string for TLSv1.3 suite names before doing the usual TLSv1.2 processing. This behavior is also in accordance with OpenSSL's own tools, which always list the TLSv1.3 ciphers along with the TLSv1.2 ciphers when you query it for configured cipher suites. I.e., even though OpenSSL itself configures them separately, it always displays the configuration as a single list, so conceptually, for us anyway, it is still a single parameter list.
The symlink /etc/crypto-policies/back-ends/openssl.config points to /usr/share/crypto-policies/DEFAULT/openssl.txt which has this single line:
@SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Not sure what is really affected by this file.
You can see how RPMs are built in OBS:
https://build.opensuse.org/package/show/security:tls/openssl-1_1
https://build.opensuse.org/package/show/home:stroeder:openldap25/openldap-ms
Ciao, Michael.