Web lists-archives.com

Re: OpenSSL disables TLS 1.0 and 1.1




Hi,

Am 2017-08-11 15:09, schrieb Sven Hartge:
Unless it has been proven that TLS1.0 and TLS1.1 are as broken as SSL3,
please keep the support for them enabled in OpenSSL, and just change the
defaults in the application to only use TLS1.2 (unless changed by the
administrator).

I remember a talk at Debconf15 about Fedora's system-wide policy for
Crypto stuff:

https://summit.debconf.org/debconf15/meeting/252/enforcement-of-a-system-wide-crypto-policies/

I haven't rewatched the talk, but if I remember correctly, the
whole thing was designed in a way that the administrator could
change both the system-wide policy and also override it per
application.

If we follow through on this, we could then disable anything but
TLS 1.2 in the default system-wide policy - the default settings
would then be more secure while users could then still change the
policy for compatibility reasons if so required. It would also
provide a central nob for the future for users who don't have to
worry about compatibility and perhaps want to disable TLS 1.2 in
favor of 1.3 (which will be part of OpenSSL 1.1.1).


Btw. speaking of this issue: a friend of mine who's an administrator
at a university has had the problem that he can't use the HTTPS
interface of some NAS devices (and I'm talking 19" rack-mounted
storage with internal and external SAS interface) anymore since the
interface only supports either older SSL versions or older ciphers
that modern browsers simply don't accept anymore. (Not even with
about:config options.) And there are no firmware updates for these
devices anymore, so he's now administering these devices via
unencrypted HTTP. Which is definitely worse than HTTPS with even
SSLv3. In his case it's not too bad, because they are in a separate
network that isn't routed to the public (using ssh -D to a gateaway
to access them), but this shows what problems can arise from this.

Don't get me wrong: I do believe it's a huge problem that vendors
of said appliances don't provide updates for these kind of things,
and I wish that we could indeed drop everything except TLS 1.2, but
the real world is unfortunately more complicated, and I think
Debian would do a huge disservice to users if it removed TLS 1.0
and 1.1 from OpenSSL in Buster without a well-documented
possibility for the admin to reenable it.

Regards,
Christian