Skip to content

Add TLS 1.2 breaking change #43582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
richlander wants to merge 3 commits into from
Closed

Add TLS 1.2 breaking change #43582

richlander wants to merge 3 commits into from

Conversation

@richlander
Copy link
Member

@richlander richlander commented Nov 15, 2024
edited by github-actions bot
Loading

@richlander richlander requested review from a team and gewarren as code owners November 15, 2024 00:27
@dotnetrepoman dotnetrepoman bot added this to the November 2024 milestone Nov 15, 2024
gewarren
gewarren approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@gewarren gewarren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for adding this!

docs/core/compatibility/toc.yml
Copy link
Contributor

@gewarren gewarren Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also add an entry on line 1263?

richlander and others added 2 commits November 14, 2024 16:46
@richlander @gewarren
Apply suggestions from code review
a347c6d 
Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com>
@richlander
Update other part of TOC
57b9c6b
bartonjs
bartonjs reviewed Nov 15, 2024
View reviewed changes
docs/core/compatibility/containers/8.0/default-ciphers-for-tls-changed.md
description: Learn about the breaking change in containers where .NET 8 Debian container images no longer support TLS 1.2.
ms.date: 08/29/2024
---
# Debian 12 container images no longer support TLS 1.2
Copy link
Member

@bartonjs bartonjs Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not true.

Copy link
Member

@bartonjs bartonjs Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our default ciphersuite list allows any TLS 1.3 ciphersuite, and 8 TLS 1.2 ciphersuites.

The TLS 1.2 ciphersuites we allow aren't particularly esoteric, so it should be the case that we can, by default, talk to any TLS 1.2 endpoint.

Even if the default security level is non-zero, we still shouldn't be boxing out TLS 1.2:

$ openssl ciphers -s -stdname "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256"
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256                        - TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       - ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       - ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         - ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         - ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       - ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       - ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         - ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         - ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256

$ openssl ciphers -s -stdname "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:@SECLEVEL=0"
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256                        - TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       - ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       - ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         - ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         - ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       - ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       - ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         - ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         - ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256

$ openssl ciphers -s -stdname "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:@SECLEVEL=2"
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256                        - TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       - ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       - ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         - ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         - ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       - ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       - ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         - ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         - ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256

$ openssl ciphers -s -stdname "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:@SECLEVEL=5"
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       - ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         - ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       - ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         - ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384

That shows that OpenSSL 3.0.2 on Ubunutu 22.04 interprets our list as the same at the implicit security level, level 0, and level 2. By level 5 it is reduced, but still contains TLS 1.2 in the compatible protocols.

Copy link
Member

@bartonjs bartonjs Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is true is that, by default, SSL3, TLS 1.0, and TLS 1.1 are all no longer supported.

Copy link
Member Author

@richlander richlander Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, why do you think this results in a breaking change, then?

Copy link
Member

@bartonjs bartonjs Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe Debian 11 included

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

That includes a lot more ciphersuites. Plus, we don't (I believe) respect MinProtocol, if someone calls using SslProtocols.None then we map that to (again, I believe) TLS 1.0, 1.1, 1.2, and 1.3. That means that Debian 11 used a config like

$ openssl ciphers -s -stdname "DEFAULT@SECLEVEL=2"
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256                        - TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       - ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         - ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           - DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   - ECDHE-RSA-CHACHA20-POLY1305    TLSv1.2 Kx=ECDH     Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     - DHE-RSA-CHACHA20-POLY1305      TLSv1.2 Kx=DH       Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       - ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         - ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           - DHE-RSA-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       - ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         - ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256           - DHE-RSA-AES256-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       - ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         - ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256           - DHE-RSA-AES128-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          - ECDHE-ECDSA-AES256-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            - ECDHE-RSA-AES256-SHA           TLSv1   Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA1
TLS_DHE_RSA_WITH_AES_256_CBC_SHA              - DHE-RSA-AES256-SHA             SSLv3   Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA1
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          - ECDHE-ECDSA-AES128-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA1
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            - ECDHE-RSA-AES128-SHA           TLSv1   Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA1
TLS_DHE_RSA_WITH_AES_128_CBC_SHA              - DHE-RSA-AES128-SHA             SSLv3   Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA1
TLS_RSA_WITH_AES_256_GCM_SHA384               - AES256-GCM-SHA384              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(256)            Mac=AEAD
TLS_RSA_WITH_AES_128_GCM_SHA256               - AES128-GCM-SHA256              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(128)            Mac=AEAD
TLS_RSA_WITH_AES_256_CBC_SHA256               - AES256-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256               - AES128-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA256
TLS_RSA_WITH_AES_256_CBC_SHA                  - AES256-SHA                     SSLv3   Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA1
TLS_RSA_WITH_AES_128_CBC_SHA                  - AES128-SHA                     SSLv3   Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA1

And the people who are observing breaks are the same people who cause Azure to keep deferring the "we're cutting off TLS 1.0 and 1.1... and we mean it this time" project.

@richlander
Copy link
Member Author

richlander commented Nov 22, 2024

@gewarren and I had a follow-up conversation. This approach isn't going to scale. There are too many OS-specific breaking changes and there seem to be more in recent years. We're going to handle them in a different way, using GH issues.

@richlander richlander closed this Nov 22, 2024
@richlander richlander mentioned this pull request Nov 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bartonjs bartonjs bartonjs left review comments

@gewarren gewarren gewarren approved these changes

Assignees

No one assigned

Labels

dotnet-fundamentals/svc

Projects

None yet

Milestone

November 2024

Development

Successfully merging this pull request may close these issues.

4 participants

@richlander @bartonjs @gewarren