TLSv1 and TLSv1.1 are officially deprecated by RFC 8996 since March of 2021: https://datatracker.ietf.org/doc/rfc8996/
Both protocols should not generally be used (RFC says MUST NOT) and are being actively removed from support by major distributions and libraries. Deprecate these protocols in OVS and turn them off by default. Ability to use them preserved for now with a warning. We'll fully remove support in OVS 3.6. Before this change, OVS would use TLSv1 or later, if the protocols are not specified in the database or command line (this includes TLSv1.3 that is not supported explicitly). After the change, this becomes TLSv1.2 or later. Python library only supports client side of SSL/TLS and doesn't support configuring protocols. So, just turning off TLSv1 and TLSv1.1. Meaning, new python clients will not be able to connect to servers that only have TLSv1.1 or lower. This is a strange configuration for a modern server and can be fixed by allowing the server to use newer protocols. So, there might not be a real need in making client side configurable. If the server is so old that it doesn't support TLSv1.2, it may be a time to update it. Signed-off-by: Ilya Maximets <[email protected]> --- Documentation/howto/ssl.rst | 6 +++--- NEWS | 4 ++++ lib/ssl-connect.man | 5 +++-- lib/stream-ssl.c | 38 ++++++++++++++++++++++++++----------- python/ovs/stream.py | 2 ++ tests/ovsdb-server.at | 2 ++ 6 files changed, 41 insertions(+), 16 deletions(-) diff --git a/Documentation/howto/ssl.rst b/Documentation/howto/ssl.rst index 3085206fb..5350d6ca0 100644 --- a/Documentation/howto/ssl.rst +++ b/Documentation/howto/ssl.rst @@ -34,9 +34,9 @@ This document describes how to configure an Open vSwitch to connect to an OpenFlow controller over SSL. Refer to :doc:`/intro/install/general`. for instructions on building Open vSwitch with SSL support. -Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by RFC 2246, -which is very similar to SSL version 3.0. TLSv1 was released in January 1999, -so all current software and hardware should implement it. +Open vSwitch uses TLS version 1.2 or later (TLSv1.2), as specified by +RFC 5246. TLSv1.2 was released in August 2008, so all current software and +hardware should implement it. This document assumes basic familiarity with public-key cryptography and public-key infrastructure. diff --git a/NEWS b/NEWS index 6e3f56d73..657f79041 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,10 @@ Post-v3.4.0 address fields: nw_dst, nw_src, ipv6_dst and ipv6_src. This allows to significantly reduce amount of datapath flows generated from mixed IPv4+IPv6 flow tables. + - SSL/TLS: + * TLSv1 and TLSv1.1 protocols are deprecated and disabled by default + on OpenFlow and database connections. Use --ssl-protocols to turn + them back on. Support will be fully removed in the next release. - Userspace datapath: * The default zone limit, if set, is now inherited by any zone that does not have a specific value defined, rather than being diff --git a/lib/ssl-connect.man b/lib/ssl-connect.man index 6e54f77ef..693a999b2 100644 --- a/lib/ssl-connect.man +++ b/lib/ssl-connect.man @@ -1,10 +1,11 @@ .IP "\fB\-\-ssl\-protocols=\fIprotocols\fR" Specifies, in a comma- or space-delimited list, the SSL protocols \fB\*(PN\fR will enable for SSL connections. Supported -\fIprotocols\fR include \fBTLSv1\fR, \fBTLSv1.1\fR, and \fBTLSv1.2\fR. +\fIprotocols\fR include \fBTLSv1\fR (deprecated), \fBTLSv1.1\fR (deprecated), +and \fBTLSv1.2\fR. Regardless of order, the highest protocol supported by both sides will be chosen when making the connection. The default when this option is -omitted is \fBTLSv1,TLSv1.1,TLSv1.2\fR. +omitted is \fBTLSv1.2\fR or later. . .IP "\fB\-\-ssl\-ciphers=\fIciphers\fR" Specifies, in OpenSSL cipher string format, the ciphers \fB\*(PN\fR will diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 86747e58b..36e0187f1 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -162,7 +162,7 @@ struct ssl_config_file { static struct ssl_config_file private_key; static struct ssl_config_file certificate; static struct ssl_config_file ca_cert; -static char *ssl_protocols = "TLSv1,TLSv1.1,TLSv1.2"; +static char *ssl_protocols = "TLSv1.2"; static char *ssl_ciphers = "HIGH:!aNULL:!MD5"; /* Ordinarily, the SSL client and server verify each other's certificates using @@ -1076,7 +1076,8 @@ do_ssl_init(void) return ENOPROTOOPT; } - long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + long options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | + SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; #ifdef SSL_OP_IGNORE_UNEXPECTED_EOF options |= SSL_OP_IGNORE_UNEXPECTED_EOF; #endif @@ -1274,6 +1275,15 @@ stream_ssl_set_protocols(const char *arg) SSL_OP_NO_TLSv1_2) #endif long protocol_flags = SSL_OP_NO_SSL_MASK; + struct { + const char *name; + long no_flag; + bool deprecated; + } protocols[] = { + {"TLSv1", SSL_OP_NO_TLSv1, true }, + {"TLSv1.1", SSL_OP_NO_TLSv1_1, true }, + {"TLSv1.2", SSL_OP_NO_TLSv1_2, false}, + }; char *s = xstrdup(arg); char *save_ptr = NULL; @@ -1283,20 +1293,26 @@ stream_ssl_set_protocols(const char *arg) goto exit; } while (word != NULL) { - long on_flag; - if (!strcasecmp(word, "TLSv1.2")){ - on_flag = SSL_OP_NO_TLSv1_2; - } else if (!strcasecmp(word, "TLSv1.1")){ - on_flag = SSL_OP_NO_TLSv1_1; - } else if (!strcasecmp(word, "TLSv1")){ - on_flag = SSL_OP_NO_TLSv1; - } else { + long no_flag = 0; + + for (size_t i = 0; i < ARRAY_SIZE(protocols); i++) { + if (!strcasecmp(word, protocols[i].name)) { + no_flag = protocols[i].no_flag; + if (protocols[i].deprecated) { + VLOG_WARN("%s protocol is deprecated", word); + } + break; + } + } + + if (!no_flag) { VLOG_ERR("%s: SSL protocol not recognized", word); goto exit; } + /* Reverse the no flag and mask it out in the flags * to turn on that protocol. */ - protocol_flags &= ~on_flag; + protocol_flags &= ~no_flag; word = strtok_r(NULL, " ,\t", &save_ptr); }; diff --git a/python/ovs/stream.py b/python/ovs/stream.py index dbb6b2e1f..4fa91beea 100644 --- a/python/ovs/stream.py +++ b/python/ovs/stream.py @@ -795,6 +795,8 @@ class SSLStream(Stream): ctx.verify_mode = ssl.CERT_REQUIRED ctx.options |= ssl.OP_NO_SSLv2 ctx.options |= ssl.OP_NO_SSLv3 + ctx.options |= ssl.OP_NO_TLSv1 + ctx.options |= ssl.OP_NO_TLSv1_1 # If the client has not set the SSL configuration files # exception would be raised. ctx.load_verify_locations(Stream._SSL_ca_cert_file) diff --git a/tests/ovsdb-server.at b/tests/ovsdb-server.at index 4af386058..36caf9202 100644 --- a/tests/ovsdb-server.at +++ b/tests/ovsdb-server.at @@ -911,6 +911,7 @@ AT_CHECK_UNQUOTED( [ovsdb-client: failed to connect to "ssl:127.0.0.1:$SSL_PORT" ], [ignore]) +AT_CHECK([grep -q 'TLSv1 protocol is deprecated' output]) # Check that when ciphers are not compatible, that a negotiation # failure occurs. AT_CHECK( @@ -934,6 +935,7 @@ AT_CHECK_UNQUOTED( [ovsdb-client: failed to connect to "ssl:127.0.0.1:$SSL_PORT" ], [ignore]) +AT_CHECK([grep -q 'TLSv1.1 protocol is deprecated' output]) # The error message for being unable to negotiate a shared ciphersuite # is 'sslv3 alert handshake failure'. This is not the clearest message. # In openssl 3.2.0 all the error messages were updated to replace 'sslv3' -- 2.47.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
