Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: remove SSLv3 support #32716

Open
FiloSottile opened this issue Jun 20, 2019 · 3 comments

Comments

Projects
None yet
3 participants
@FiloSottile
Copy link
Member

commented Jun 20, 2019

SSLv3 has been irreparably broken since the POODLE attack 5 years ago.

RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use in no uncertain terms, and proceeds to list everything that's broken with it.

SSLv3 MUST NOT be used.

Negotiation of SSLv3 from any version of TLS MUST NOT be permitted.

Major CDNs dropped support immediately upon the disclosure of POODLE. Google frontends followed in 2015. Mozilla called the end of SSL 3.0 in 2014.

In crypto/tls, SSLv3 is only supported on the server side, and is disabled by default. It's time we remove it entirely, as it's not just obsolete, but insecure.

I would like to mark it as deprecated in Go 1.13 and announce it in the release notes, also to get feedback on the impact, and then remove it in Go 1.14.

/cc @rsc @agl

@gopherbot gopherbot added this to the Proposal milestone Jun 20, 2019

@gopherbot gopherbot added the Proposal label Jun 20, 2019

@FiloSottile

This comment has been minimized.

Copy link
Member Author

commented Jun 21, 2019

Out of curiosity, this is the diffstat of a very straightforward removal of SSLv3, without touching tests or refactoring.

 src/crypto/tls/auth_test.go             |  7 -------
 src/crypto/tls/cipher_suites.go         | 48 ------------------------------------------------
 src/crypto/tls/common.go                |  9 ++-------
 src/crypto/tls/conn.go                  | 22 +---------------------
 src/crypto/tls/handshake_server_test.go |  1 -
 src/crypto/tls/key_agreement.go         | 11 ++++-------
 src/crypto/tls/prf.go                   | 98 ++++----------------------------------------------------------------------------------------------
 src/crypto/tls/prf_test.go              | 16 ----------------
 src/crypto/tls/tls_test.go              |  1 -
 9 files changed, 11 insertions(+), 202 deletions(-)
@rsc

This comment has been minimized.

Copy link
Contributor

commented Jun 26, 2019

I'm certainly in favor of doing this but it would be nice to know more about the impact.

It seems clear from the links in the top message above that SSLv3 has not been a concern for HTTPS since 2014-2015. What's less clear is whether there are other SSL servers (especially on company-internal networks) that have not yet migrated to TLS. That seems very unlikely, but we simply don't know.

Marking it deprecated in Go 1.13 sounds like a reasonable tentative plan. I suggest we:

  • consider this issue tentatively accepted
  • add text to the Go 1.13 release notes about the removal and pointing back here for feedback
  • remove support at the start of the Go 1.14 dev cycle
  • leave this issue open to collect that feedback until the end of the Go 1.14 dev cycle
  • accept the issue at the end of the Go 1.14 dev cycle assuming no showstopper feedback arrives
@gopherbot

This comment has been minimized.

Copy link

commented Jun 27, 2019

Change https://golang.org/cl/184102 mentions this issue: crypto/tls: deprecate SSLv3 support

@FiloSottile FiloSottile modified the milestones: Proposal, Go1.14 Jul 15, 2019

@FiloSottile FiloSottile self-assigned this Jul 15, 2019

gopherbot pushed a commit that referenced this issue Jul 15, 2019

crypto/tls: deprecate SSLv3 support
Updates #32716

Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/184102
Reviewed-by: Andrew Bonventre <andybons@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.