FS#60409 - [nginx] disable TLS 1.3

Attached to Project: Arch Linux
Opened by Sakuraba Amane (tobiichiamane) - Sunday, 14 October 2018, 17:53 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Wednesday, 28 November 2018, 10:27 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
When building this version of nginx, openssl was still at 1.1.0 and didn't provide "SSL_OP_NO_TLSv1_3", thus resulted in not disabling TLS v1.3. But openssl is at 1.1.1 now, which enables TLS v1.3 by default if not being disabled. Maybe it's time to rebuild the nginx package.

Additional info:
* package version(s)
* config and/or log files etc.
nginx 1.14.0-1

Steps to reproduce:
none.
This task depends upon

Closed by  Bartłomiej Piotrowski (Barthalion)
Wednesday, 28 November 2018, 10:27 GMT
Reason for closing:  Fixed
Additional comments about closing:  Package has been updated in November.
Comment by Sakuraba Amane (tobiichiamane) - Sunday, 14 October 2018, 18:00 GMT
Sorry for not entering a summary. I was too tired when reporting.
Comment by Eli Schwartz (eschwartz) - Sunday, 14 October 2018, 18:21 GMT
  • Field changed: Summary ([nginx] PLEASE ENTER SUMMARY → [nginx] disable TLS 1.3)
Why do you want to disable a useful new feature that makes websites better and more secure?
Comment by Ariel AxionL (axionl) - Monday, 15 October 2018, 00:32 GMT
Thank you for your answer.As you said, it's not a necessary problem to disable tls1.3,just let it be under control.
Comment by Sakuraba Amane (tobiichiamane) - Monday, 15 October 2018, 00:45 GMT
Indeed. What Ariel said was what I meant. It is not necessary to disable TLS v1.3, but it should be under some sort of control.
Comment by Eli Schwartz (eschwartz) - Tuesday, 16 October 2018, 03:26 GMT
Wouldn't this just be setting the ssl_protocols configuration key to a non-default value that is less than the default? I'm desperately confused -- what's the actual issue here?
Comment by Sakuraba Amane (tobiichiamane) - Tuesday, 16 October 2018, 03:41 GMT
It seems that there is no actual "bug" here. Sorry for the inconvenience and my disturbing you.
Comment by Ken Anderson (kand) - Tuesday, 23 October 2018, 03:05 GMT
  • Field changed: Percent Complete (100% → 0%)
This is indeed a bug. Because current nginx is compiled against openssl 1.1.0, there was no "SSL_OP_NO_TLSv1_3" C macro at compile time. By way of #ifdef, nginx's "disable TLS v1.3" code is not even compiled. Therefore it can't disable it when it is asked to do so in the config file. A rebuild with current openssl version will fix this defect.
Comment by Bartłomiej Piotrowski (Barthalion) - Tuesday, 23 October 2018, 07:29 GMT
This brings question if we shouldn't actually rebuild all packages dependent on OpenSSL, just in case.
Comment by Ken Anderson (kand) - Tuesday, 23 October 2018, 13:39 GMT
I think we should, because essentially every package compiled with openssl 1.1.0 but now running with 1.1.1 loses the ability to disable TLSv1.3 due to the lack of that macro at compile time.
Comment by Eli Schwartz (eschwartz) - Tuesday, 23 October 2018, 14:33 GMT
How many packages actually have a compile-time check for a runtime configuration option? I'd assume most executables simply let openssl take care of this however it likes?

nginx is a web server, so I'd understand why this is tunable -- though I still wonder why it's a compile-time macro in order to enable the parsing of a config option. Seems sort of backward, which is why I initially closed the bug after asking if the reporter was able to disable it using the config key (maybe we had mixed signals when communicating).
Comment by Ken Anderson (kand) - Tuesday, 23 October 2018, 18:58 GMT
I don't know how many packages are affected. But clients may choose to fine-tune TLS versions too (for example, curl has --tls-max among others).

The parsing of a config file option does not need that macro from openssl. Instead, in order to actually disable TLSv1.3, it needs to call

SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);

Notice that here SSL_OP_NO_TLSv1_3 is a C macro provided by openssl. When this macro is missing during compile time, the actual value of SSL_OP_NO_TLSv1_3 (which is 0x20000000U by the way) is unknown. In the case of nginx, the code block that contains the previous function call will be left out from compiling. Other software might as well similarly ignore the parsed option to disable TLSv1.3 because it can't disable TLSv1.3 during runtime when it is compiled without this macro.

Loading...