This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push: new a8fb42d [security] set minimum TLS protocol version to TSLv1.2 a8fb42d is described below commit a8fb42dc34e8f1f876db5b26fc3f5eb3196ce854 Author: Alexey Serbin <ale...@apache.org> AuthorDate: Thu Apr 1 18:04:29 2021 -0700 [security] set minimum TLS protocol version to TSLv1.2 Since support for CentOS 6/RHEL 6, Ubuntu 14, Ubuntu 16, and Debian 8 is dropped since Kudu 1.14 [1], we can bump the minimum required TLS protocol version up to TLSv1.2 for securing Kudu RPC. That's because * Supported server-side OSes have OpenSSL of at least version 1.0.1 in their stock distribution, so Kudu servers running on supported OSes automatically support TLSv1.2 * Kudu Java client requires Java 8+ in runtime since Kudu 1.10 [2], so Kudu Java clients automatically support TLSv1.2 since then * As of now, with contemporary Linux OS and updated Java 8 [4], Kudu servers and clients should be able to use even TLSv1.3. In addition, this patch updates the list of the preferred TLSv1.2 ciphers, bringing it up-to-date with the "intermediate compatibility" cipher list of the Mozilla Security Server Side TLS recommendations [3] (without the DH AES ciphers). At some point I thought to set TLSv1.2 as the minimum protocol version only for the server side, keeping TLSv1 as the minimum version for the client side to allow newer Kudu clients work with Kudu servers running at no longer supported, beyond-EOL OSes. However, I realized that the set of TLS ciphers supported by Kudu servers in 1.3 -- 1.14 release range contained only a couple of non-TLSv1.2 ciphers suites: * AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA) * AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA) These can be used starting SSLv3, so these are the only ones that Kudu clients and servers could use if either side didn't support TLSv1.2. Both use non-GCM ciphers for data encryption, and data transfer rate with those ciphers is an order of magnitute slower than with TLSv1.2 suites which use GCM ciphers for data encryption. Given all those facts, I realized it's not worth it keeping such a compatibility around. The rationale is: if people are still stuck with RHEL/CentOS 6 or other EOL OS release, they most likely do not care about security and will be able to use one of the workarounds listed below. So, with this patch: * TLSv1.2 is the minimum TLS protocol version that newer Kudu clients are able to use for secure Kudu RPC. The newer clients are not able to communicate with servers built and run with OpenSSL of versions prior to 1.0.1. If such a Kudu cluster is running on a deprecated OS (e.g., RHEL/CentOS 6.4), the following options are available to work around the incompatibility: ** use Kudu clients of 1.14 or earlier versions to communicate with such cluster ** disable RPC encryption and authentication for Kudu RPC, setting --rpc_authentication=disabled and --rpc_encryption=disabled for all masters and tablet servers in the cluster to allow the new client to work with the old cluster * TLSv1.2 is the minimum TLS protocol version that newer Kudu servers are able to use for Kudu RPC. The newer servers are not able to communicate using secure Kudu RPC with Kudu C++ client applications linked with libkudu_client library built against OpenSSL of versions prior to 1.0.1 or with Java client applications run with outdated Java runtime that doesn't support TLSv1.2. The following options are available to work around this incompatibility: ** customize settings for the --rpc_tls_min_protocol and --rpc_tls_ciphers flags on all masters and tablet servers in the cluster, setting --rpc_tls_min_protocol=TLSv1 and adding TLSv1-capable cipher suites (e.g. AES128-SHA and AES256-SHA) into the list ** disable RPC encryption and authentication for Kudu RPC, setting --rpc_authentication=disabled and --rpc_encryption=disabled for all masters and tablet servers in the cluster to allow such Kudu clients to work with newer clusters [1] https://kudu.apache.org/releases/1.14.0/docs/release_notes.html [2] https://issues.apache.org/jira/browse/KUDU-2099 [3] https://wiki.mozilla.org/Security/Server_Side_TLS [4] https://www.oracle.com/java/technologies/javase/8all-relnotes.html Change-Id: I07633a04d3828100f148e5de3905094198d13396 Reviewed-on: http://gerrit.cloudera.org:8080/17268 Reviewed-by: Andrew Wong <aw...@cloudera.com> Tested-by: Alexey Serbin <ale...@apache.org> --- .../java/org/apache/kudu/client/Negotiator.java | 44 +++++++++++----------- src/kudu/security/security_flags.cc | 28 ++++++-------- 2 files changed, 33 insertions(+), 39 deletions(-) diff --git a/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java b/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java index a9c511d..0e3c361 100644 --- a/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java +++ b/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java @@ -115,29 +115,29 @@ public class Negotiator extends SimpleChannelInboundHandler<CallResponse> { /** * The cipher suites, in order of our preference. + * * This list is based on the kDefaultTls13Ciphers and kDefaultTlsCiphers lists * in security_flags.cc: see that file for details on how it was derived. + * + * For the mapping between IANA and OpenSSL cipher names, run + * `openssl ciphers -stdname` on OpenSSL 1.1.1 (and newer) or see + * https://www.openssl.org/docs/man1.1.1/man1/ciphers.html + * https://wiki.mozilla.org/Security/Cipher_Suites + * + * For information on TLSv1.3 (JEP 332) and appropriate ciphers in Java 8 + * updates, see + * https://www.oracle.com/java/technologies/javase/8all-relnotes.html */ static final String[] PREFERRED_CIPHER_SUITES = new String[] { - "TLS_AES_128_GCM_SHA256", // Java 8 (updated), Java 11 (TLS 1.3+ only) - "TLS_AES_256_GCM_SHA384", // Java 8 (updated), Java 11 (TLS 1.3+ only) - "TLS_CHACHA20_POLY1305_SHA256", // Java 8 (updated), Java 11 (TLS 1.3+ only) - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", // Java 8 - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", // Java 8 - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", // Java 8 - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // Java 8 - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", // Java 7 (TLS 1.2+ only) - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", // Java 7 (TLS 1.2+ only) - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", // Java 7 (TLS 1.2+ only) - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", // Java 7 (TLS 1.2+ only) - "TLS_RSA_WITH_AES_256_GCM_SHA384", // Java 8 - "TLS_RSA_WITH_AES_128_GCM_SHA256", // Java 8 - "TLS_RSA_WITH_AES_256_CBC_SHA256", // Java 7 (TLS 1.2+ only) - "TLS_RSA_WITH_AES_128_CBC_SHA256", // Java 7 (TLS 1.2+ only) - // The following two are critical to allow the client to connect to - // servers running versions of OpenSSL that don't support TLS 1.2. - "TLS_RSA_WITH_AES_256_CBC_SHA", // All Java versions - "TLS_RSA_WITH_AES_128_CBC_SHA" // All Java versions + "TLS_AES_128_GCM_SHA256", // TLSv1.3: Java 8 updates (8u261), Java 11 + "TLS_AES_256_GCM_SHA384", // TLSv1.3: Java 8 updates (8u261), Java 11 + "TLS_CHACHA20_POLY1305_SHA256", // TLSv1.3: Java 12 + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",// TLSv1.2: Java 8 + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // TLSv1.2: Java 8 + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",// TLSv1.2: Java 8 + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", // TLSv1.2: Java 8 + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // TLSv1.2: Java 12 + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", // TLSv1.2: Java 12 }; /** @@ -145,10 +145,8 @@ public class Negotiator extends SimpleChannelInboundHandler<CallResponse> { * This list is based on the kDefaultTlsMinVersion in security_flags.cc. */ static final String[] PREFERRED_PROTOCOLS = new String[]{ - "TLSv1.3", - "TLSv1.2", - "TLSv1.1", - "TLSv1", + "TLSv1.3", // Java 8 updates (8u261), Java 11 + "TLSv1.2", // Java 8 }; private enum State { diff --git a/src/kudu/security/security_flags.cc b/src/kudu/security/security_flags.cc index bfd09fb..ae7e36c 100644 --- a/src/kudu/security/security_flags.cc +++ b/src/kudu/security/security_flags.cc @@ -17,26 +17,20 @@ #include "kudu/security/security_flags.h" +// The list of ciphers and minimum TLS protocol versions are influenced by the +// Mozilla Security Server Side TLS recommendations accessed March 2021, at +// https://wiki.mozilla.org/Security/Server_Side_TLS namespace kudu { namespace security { -// This is the "modern compatibility" cipher list of the Mozilla Security -// Server Side TLS recommendations, accessed Feb. 2017, with the addition of -// the non ECDH/DH AES cipher suites from the "intermediate compatibility" -// list. These additional ciphers maintain compatibility with RHEL 6.5 and -// below. The DH AES ciphers are not included since we are not configured to -// use DH key agreement. -// TODO(aserbin): refresh the list to drop RHEL6/CentOS6 ciphers and -// sync it with https://wiki.mozilla.org/Security/Server_Side_TLS +// This is TLSv1.2-related section from the "intermediate compatibility" cipher +// list of the Mozilla Security Server Side TLS recommendations without the +// DH AES ciphers: they are not included since we are not configured to use +// the DH key agreement. const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCiphers = - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" - "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:" "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:" - "ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:" - "ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:" - "AES256-GCM-SHA384:AES128-GCM-SHA256:" - "AES256-SHA256:AES128-SHA256:" - "AES256-SHA:AES128-SHA"; + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"; // This is the "modern compatibility" TLSv1.3 cipher list of the Mozilla // Security Server Side TLS recommendations, accessed March 2021. @@ -44,7 +38,9 @@ const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCiphers = const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCipherSuites = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"; -const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsMinVersion = "TLSv1"; +// According to the cipher lists above, the minimum supported TLS version among +// all the cipher suites is TLSv1.2. +const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsMinVersion = "TLSv1.2"; } // namespace security } // namespace kudu