Re: openldap TLSv1.0 is enabled

On Wed, 14 Dec 2022, Jeffrey Walton wrote:

On Wed, Dec 14, 2022 at 4:29 AM Philip Guenther pguenther@proofpoint.com wrote:

...

On Wed, 14 Dec 2022, Stuart Henderson wrote:

...

On 2022/12/14 06:22, Andre Rodier wrote:

...

...

olcTLSProtocolMin: 3.3

There is no TLS 3.3; try a valid version like 1.2 or 1.3.

No, that's correct. slapd.conf(5):

   TLSProtocolMin <major>[.<minor>]
          Specifies   minimum   SSL/TLS  protocol  version  that  will  be
          negotiated.   If  the  server  doesn't  support  at  least  that
          version,  the  SSL  handshake  will fail.  To require TLS 1.x or
          higher, set this option to 3.(x+1), e.g.,

               TLSProtocolMin 3.2

          would require TLS 1.1.  Specifying a minimum that is higher than
          that  supported by the OpenLDAP implementation will result in it
          requiring  the  highest  level  that  it  does  support.    This
          directive is ignored with GnuTLS.

A small nit... There is no SSL/TLS minimum and maximum version numbers.

Your statement may be true in the context of the on-the-wire TLS representation, but the above quote is about TLS versions supported by slapd, which does have a minimum whenever TLS is enabled at all.

My recall is that OpenSSL's TLSv1.3 support involves a bunch of new functions. Hopefully OpenLDAP's support for that does or will include whatever it takes to make TLSProtocolMin 3.4 disable TLS v1.[012].

...

Years ago I argued the TLS Working Group should interpret them as min and max version numbers because that's how people interpreted them.

I certainly agree with you that people really want to think of protocol version support as a range.

Min and max matched the mental models of users. The Working Group rejected the arguments stating the min-max range could have holes in it. That is, a server may support TLS 1.0 and 1.3, but lack TLS 1.1 and 1.2 support.

That's hilarious, because that sort of config will have clients fail the TLS handshake with version mismatch despite having a common supported version: if the other side does 1.0 and either 1.1 or 1.2, but not 1.3, then it'll fail despite both supporting 1.0. Very few clients do any sort of retry while offering fewer version. If WG members claimed that non-contiguous versions are reliable in practice they would be incorrect.

Philip Guenther