[Feature]: consider enabling TLS 1.3 for api.nuget.org #9655
Comments
|
This will take some investigation from our team to deliver safely. We have multiple CDN providers as well as multiple non-CDN endpoints (e.g. search). We'd need to assess TLS 1.3 support for this complex server-side mix as well as verify back-compat. Finally, we'd need to ensure the cipher suites mix available on TLS 1.3 across our providers adhere to our security compliance requirements. It may be fine to enable TLS 1.3 in some places but not others but generally I'd hope to keep the whole service as consistent as possible for TLS version support and cipher suites. Let's leave this issue open and gather upvotes. It will certainly come to us eventually as a requirement, but I haven't heard anything about it yet (it may be years out to get the requirement from our internal security council). Right now, this is the first I've heard of the request so I think we should wait for more feedback from customers. Please feel free to upvote the issue since upvotes are one of the ways we determine priority for work items. |
|
Thanks - I understand it’s a non-trivial decision. |
|
Given that my Artifactory using JDK11.0.2 started barfing all over connections to nuget.org on March 23rd, I'm going to guess that TLS 1.3 was implemented for Nuget.org on the night of March 22nd or morning of March 23rd 2024. There's a known bug with versions of JDK 11 less than 11.0.3 with TLS 1.3: https://stackoverflow.com/questions/52574050/javax-net-ssl-sslexception-no-psk-available-unable-to-resume |
Related Problem
The CDN used by api.nuget.org support TLS 1.2 but not 1.3. In most cases this doesn't matter because TLS 1.2 hasn't been deprecated yet but I encountered a problem on a network which uses Palo Alto firewalls to do SSL inspection. The Palo Alto implementation has a long-running lack of support for RFC 5746 (I found references going back at least 3 years) which causes session negotiation with newer versions of OpenSSL to fail with a hard error (
error:0A000152:SSL routines::unsafe legacy renegotiation disabled) when a server supports TLS 1.2 but not 1.3.The Elevator Pitch
It's possible to configure OpenSSL to ignore this warning but I prefer not to train people to weaken security and since it's likely that TLS 1.3 adoption will become advisable at some point in the future, wanted to suggest that enabling it now could simplify life for a certain subset of users. The Alpine Linux team made the same change a few months ago.
Additional Context and Details
No response
The text was updated successfully, but these errors were encountered: