Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: remove SSLv3 support #32716

Closed
FiloSottile opened this issue Jun 20, 2019 · 10 comments
Closed

crypto/tls: remove SSLv3 support #32716

FiloSottile opened this issue Jun 20, 2019 · 10 comments
Labels
early-in-cycle A change that should be done early in the 3 month dev cycle. FrozenDueToAge Proposal Proposal-Accepted Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone

Comments

@FiloSottile
Copy link
Contributor

FiloSottile commented Jun 20, 2019

SSLv3 has been irreparably broken since the POODLE attack 5 years ago.

RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use in no uncertain terms, and proceeds to list everything that's broken with it.

SSLv3 MUST NOT be used.

Negotiation of SSLv3 from any version of TLS MUST NOT be permitted.

Major CDNs dropped support immediately upon the disclosure of POODLE. Google frontends followed in 2015. Mozilla called the end of SSL 3.0 in 2014.

In crypto/tls, SSLv3 is only supported on the server side, and is disabled by default. It's time we remove it entirely, as it's not just obsolete, but insecure.

I would like to mark it as deprecated in Go 1.13 and announce it in the release notes, also to get feedback on the impact, and then remove it in Go 1.14.

/cc @rsc @agl

@FiloSottile FiloSottile added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jun 20, 2019
@gopherbot gopherbot added this to the Proposal milestone Jun 20, 2019
@FiloSottile
Copy link
Contributor Author

Out of curiosity, this is the diffstat of a very straightforward removal of SSLv3, without touching tests or refactoring.

 src/crypto/tls/auth_test.go             |  7 -------
 src/crypto/tls/cipher_suites.go         | 48 ------------------------------------------------
 src/crypto/tls/common.go                |  9 ++-------
 src/crypto/tls/conn.go                  | 22 +---------------------
 src/crypto/tls/handshake_server_test.go |  1 -
 src/crypto/tls/key_agreement.go         | 11 ++++-------
 src/crypto/tls/prf.go                   | 98 ++++----------------------------------------------------------------------------------------------
 src/crypto/tls/prf_test.go              | 16 ----------------
 src/crypto/tls/tls_test.go              |  1 -
 9 files changed, 11 insertions(+), 202 deletions(-)

@rsc
Copy link
Contributor

rsc commented Jun 26, 2019

I'm certainly in favor of doing this but it would be nice to know more about the impact.

It seems clear from the links in the top message above that SSLv3 has not been a concern for HTTPS since 2014-2015. What's less clear is whether there are other SSL servers (especially on company-internal networks) that have not yet migrated to TLS. That seems very unlikely, but we simply don't know.

Marking it deprecated in Go 1.13 sounds like a reasonable tentative plan. I suggest we:

  • consider this issue tentatively accepted
  • add text to the Go 1.13 release notes about the removal and pointing back here for feedback
  • remove support at the start of the Go 1.14 dev cycle
  • leave this issue open to collect that feedback until the end of the Go 1.14 dev cycle
  • accept the issue at the end of the Go 1.14 dev cycle assuming no showstopper feedback arrives

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/184102 mentions this issue: crypto/tls: deprecate SSLv3 support

@FiloSottile FiloSottile added the early-in-cycle A change that should be done early in the 3 month dev cycle. label Jul 15, 2019
@FiloSottile FiloSottile modified the milestones: Proposal, Go1.14 Jul 15, 2019
@FiloSottile FiloSottile self-assigned this Jul 15, 2019
gopherbot pushed a commit that referenced this issue Jul 15, 2019
Updates #32716

Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/184102
Reviewed-by: Andrew Bonventre <andybons@golang.org>
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/191976 mentions this issue: crypto/tls: remove SSLv3 support

@FiloSottile
Copy link
Contributor Author

This has now landed. We'll keep this open to collect feedback until the freeze, at which point we'll make a final decision.

gopherbot pushed a commit that referenced this issue Aug 27, 2019
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.

As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.

Updates #32716

Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
tomocy pushed a commit to tomocy/go that referenced this issue Sep 1, 2019
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.

As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.

Updates golang#32716

Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
t4n6a1ka pushed a commit to t4n6a1ka/go that referenced this issue Sep 5, 2019
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.

As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.

Updates golang#32716

Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.14 Oct 23, 2019
@ianlancetaylor
Copy link
Member

@FiloSottile Time for a final decision.

@FiloSottile
Copy link
Contributor Author

We didn't see any breakage and hear any complaints. I think we should accept this.

Let's give it a round on the proposal review minutes as a likely accept?

@rsc
Copy link
Contributor

rsc commented Dec 11, 2019

This was tentatively accepted in June - see #32716 (comment).
This issue was left open to collect feedback about problems after the change landed.
There have been no reported problems, so this is now a likely accept.

Leaving open for a week for final comments.

@rsc
Copy link
Contributor

rsc commented Jan 8, 2020

No final comments, so accepting.

@FiloSottile
Copy link
Contributor Author

This was implemented by CL 191976. Closing.

@rsc rsc changed the title proposal: crypto/tls: remove SSLv3 support crypto/tls: remove SSLv3 support Jan 8, 2020
cention-sany added a commit to cention/go-deps that referenced this issue Dec 17, 2020
Golang library (golang/go#32716) don't
support unsecure protocol which fallback to openssl which Cention
snapshot at openssl old version 0.9.8(l or zg?). Make use of this
openssl to use SSLv3 talk to insecure server.
@golang golang locked and limited conversation to collaborators Jan 7, 2021
@rsc rsc moved this to Accepted in Proposals Aug 10, 2022
@rsc rsc added this to Proposals Aug 10, 2022
@rsc rsc removed this from Proposals Oct 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
early-in-cycle A change that should be done early in the 3 month dev cycle. FrozenDueToAge Proposal Proposal-Accepted Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
None yet
Development

No branches or pull requests

4 participants