Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASP.NET 5 docker image fails to communicate with TLS1.2 server #48337

Closed
jchannon opened this issue Feb 16, 2021 · 13 comments
Closed

ASP.NET 5 docker image fails to communicate with TLS1.2 server #48337

jchannon opened this issue Feb 16, 2021 · 13 comments
Labels
area-System.Net.Security
Milestone
8.0.0

Comments

@jchannon
Copy link

Description

We have a ASP.NET Core app inside mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim that talks to a server via https (via HttpClient) that seems to report it has TLS1.2 support and ciphers that the image should support. It fails to connect via HttpClient with an SSL exception and also can be seen in curl
curl

The SSL labs report can be seen here https://www.ssllabs.com/ssltest/analyze.html?d=stdapi.webflotta.hu

I found this document about changes in Linux and .NET 5 and changed the container's ciphers to match the minimal conf file at the bottom of this document and it started working https://docs.microsoft.com/en-us/dotnet/core/compatibility/cryptography/5.0/default-cipher-suites-for-tls-on-linux

Should the MS Docker images have the SSL conf match what is in that document?

@bartonjs
@dotnet-issue-labeler dotnet-issue-labeler bot added area-System.Net.Security untriaged New issue has not been triaged by the area owner labels Feb 16, 2021
@ghost
Copy link

ghost commented Feb 16, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

We have a ASP.NET Core app inside mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim that talks to a server via https (via HttpClient) that seems to report it has TLS1.2 support and ciphers that the image should support. It fails to connect via HttpClient with an SSL exception and also can be seen in curl
curl

The SSL labs report can be seen here https://www.ssllabs.com/ssltest/analyze.html?d=stdapi.webflotta.hu

I found this document about changes in Linux and .NET 5 and changed the container's ciphers to match the minimal conf file at the bottom of this document and it started working https://docs.microsoft.com/en-us/dotnet/core/compatibility/cryptography/5.0/default-cipher-suites-for-tls-on-linux

Should the MS Docker images have the SSL conf match what is in that document?

@bartonjs

Author: jchannon
Assignees: -
Labels:

area-System.Net.Security, untriaged
Milestone: -

@vcsjones
Copy link
Member

vcsjones commented Feb 16, 2021
edited
Loading

Well, the curl issue reproduces in the original debian:buster docker image, and likely in Debian as well.

This isn't exactly a cipher suite issue. Using the stock Debian container, I can see that the client and server agree on ECDHE-RSA-AES256-GCM-SHA384, but fail because the SigAlg being used is SHA1:

openssl s_client -connect stdapi.webflotta.hu:443 -security_debug_verbose

Security callback: Check Signature Algorithm scheme=rsa_pkcs1_sha1, security bits=80: no
140237302592640:error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../ssl/t1_lib.c:1111

By changing the SECLEVEL, you're permitting SHA1 signatures.

Interestingly, if you disable SNI, it works:

openssl s_client -connect stdapi.webflotta.hu:443 -security_debug_verbose -noservername

Security callback: Check Signature Algorithm scheme=rsa_pkcs1_sha256, security bits=128: yes

This leads me to believe that the server is using a buggy version of OpenSSL, where signature algorithms were offered incorrectly when using SNI, and is fixed here openssl/openssl#4554.

Any chance you know how the server at stdapi.webflotta.hu is configured? It looks like it's using nginx, possibly with a version of OpenSSL that has the issue you are working around.

@jchannon
Copy link
Author

jchannon commented Feb 16, 2021 via email

@ManickaP
Copy link
Member

Triage: this might not be an issue with .NET 5.0 but a server problem.
@jchannon does the issue happen outside of docker as well?

@ManickaP ManickaP added needs more info and removed untriaged New issue has not been triaged by the area owner labels Feb 18, 2021
@ManickaP ManickaP added this to the 6.0.0 milestone Feb 18, 2021
@jchannon
Copy link
Author

jchannon commented Feb 18, 2021 via email

@vcsjones
Copy link
Member

Triage: this might not be an issue with .NET 5.0 but a server problem.

I can reproduce it with openssl in plain Debian buster images.

FROM debian:buster
RUN apt-get update && apt-get install -y openssl
CMD openssl s_client -connect stdapi.webflotta.hu:443 -security_debug_verbose

Debian buster takes a fairly aggressive stance on disabling old algorithms by default, in this case SHA1 signature algorithms. The site is using a configuration that uses SHA1 signature algorithms. My suspicion is that the site uses a buggy version of OpenSSL, indicated by the varying behavior of SNI.

@wfurt
Copy link
Member

wfurt commented Feb 18, 2021

Purpose of the change was to have secure defaults @jchannon so I think the answer is no. I also feel that is ok if different bistro vends have their unique setting to reflect their preferences.

I try same command @vcsjones on Ubuntu 20 and it seems to work.

Could you try 5.0-focal @jchannon to see if that works for you?

@vcsjones
Copy link
Member

@wfurt this actually fails for me in Ubuntu focal as well. When you tested did you get an exit code of 0 or 1?

@wfurt
Copy link
Member

wfurt commented Feb 18, 2021

yeah. I spoke too soon. 20.04 fails. Ubuntu 18.04 works with & without SNI

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

That suggest there should be some solution for this particular server.

@karelz karelz modified the milestones: 6.0.0, Future May 4, 2021
@ghost ghost added the no-recent-activity label Oct 9, 2021
@ghost
Copy link

ghost commented Oct 9, 2021

This issue has been automatically marked no recent activity because it has been marked as needs more info but has not had any activity for 14 days. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will remove no recent activity.

Please refer to our contribution guidelines for tips on what information might be required.

@cetindogu
Copy link

Same problem, .net 5 images cant connect to SQL server (debian 11)
Same problem with .net6 images
Alpine, debian 11 and Ubuntu 20.04 not working

Ubuntu 18.04 working
So problem is tls1.2
İ saw eventlogs schannel says tls1.2 connection failed

@ghost ghost removed the no-recent-activity label Oct 25, 2021
@ghost ghost added the no-recent-activity label Nov 8, 2021
@ghost
Copy link

ghost commented Nov 8, 2021

This issue has been automatically marked no recent activity because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will remove no recent activity.

@ghost ghost removed the no-recent-activity label Nov 9, 2021
@rzikm rzikm self-assigned this Feb 24, 2022
@rzikm rzikm removed their assignment Mar 7, 2022
@wfurt wfurt modified the milestones: Future, 8.0.0 Nov 16, 2022
@wfurt
Copy link
Member

wfurt commented Dec 13, 2022

I look at this again and I think @vcsjones is right. The site sometimes chooses Signature Algorithm: rsa_pkcs1_sha1 (0x0201) and sometimes Signature Algorithm: rsa_pkcs1_sha256 (0x0401). (Visible in Server Key Exchange frame).

It does not matter If this is because of the linked bug or something I noticed in #78957 where the site seems to be front-loaded by nginx based on the name. Since the sha1 is banned by OS configuration the handshake fails.

Changing the SecLevel seems correct action - even if highly inconvenient. I don't think we (e.g. NET) are going to change Linux OS default to allow insecure algorithms. The general trend is to follow OS choices. The Exception raised seems unique and relevant so it should be possible to diagnose this quickly.

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)

There is openssl/openssl#17662 discussing this but I don't know if anything is directly relevant to .NET APIs and functions. It would just provide more granular choices to the user.

cc: @bartonjs for any more thoughts.

I don't know if this is same issue as the SQL @cetindogu. Feel free to post more info and possibly simple repro for investigation.

@wfurt wfurt closed this as completed Dec 13, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Jan 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net.Security
Projects
None yet
Milestone
8.0.0
Development

No branches or pull requests
7 participants
@jchannon @vcsjones @karelz @cetindogu @ManickaP @wfurt @rzikm