Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: remove SSLv3 support #32716

Open
FiloSottile opened this issue Jun 20, 2019 · 5 comments

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Jun 20, 2019

SSLv3 has been irreparably broken since the POODLE attack 5 years ago.

RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use in no uncertain terms, and proceeds to list everything that's broken with it.

SSLv3 MUST NOT be used.

Negotiation of SSLv3 from any version of TLS MUST NOT be permitted.

Major CDNs dropped support immediately upon the disclosure of POODLE. Google frontends followed in 2015. Mozilla called the end of SSL 3.0 in 2014.

In crypto/tls, SSLv3 is only supported on the server side, and is disabled by default. It's time we remove it entirely, as it's not just obsolete, but insecure.

I would like to mark it as deprecated in Go 1.13 and announce it in the release notes, also to get feedback on the impact, and then remove it in Go 1.14.

/cc @rsc @agl

@gopherbot gopherbot added this to the Proposal milestone Jun 20, 2019
@gopherbot gopherbot added the Proposal label Jun 20, 2019
@FiloSottile

This comment has been minimized.

Copy link
Member Author

@FiloSottile FiloSottile commented Jun 21, 2019

Out of curiosity, this is the diffstat of a very straightforward removal of SSLv3, without touching tests or refactoring.

 src/crypto/tls/auth_test.go             |  7 -------
 src/crypto/tls/cipher_suites.go         | 48 ------------------------------------------------
 src/crypto/tls/common.go                |  9 ++-------
 src/crypto/tls/conn.go                  | 22 +---------------------
 src/crypto/tls/handshake_server_test.go |  1 -
 src/crypto/tls/key_agreement.go         | 11 ++++-------
 src/crypto/tls/prf.go                   | 98 ++++----------------------------------------------------------------------------------------------
 src/crypto/tls/prf_test.go              | 16 ----------------
 src/crypto/tls/tls_test.go              |  1 -
 9 files changed, 11 insertions(+), 202 deletions(-)
@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented Jun 26, 2019

I'm certainly in favor of doing this but it would be nice to know more about the impact.

It seems clear from the links in the top message above that SSLv3 has not been a concern for HTTPS since 2014-2015. What's less clear is whether there are other SSL servers (especially on company-internal networks) that have not yet migrated to TLS. That seems very unlikely, but we simply don't know.

Marking it deprecated in Go 1.13 sounds like a reasonable tentative plan. I suggest we:

  • consider this issue tentatively accepted
  • add text to the Go 1.13 release notes about the removal and pointing back here for feedback
  • remove support at the start of the Go 1.14 dev cycle
  • leave this issue open to collect that feedback until the end of the Go 1.14 dev cycle
  • accept the issue at the end of the Go 1.14 dev cycle assuming no showstopper feedback arrives
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Jun 27, 2019

Change https://golang.org/cl/184102 mentions this issue: crypto/tls: deprecate SSLv3 support

@FiloSottile FiloSottile modified the milestones: Proposal, Go1.14 Jul 15, 2019
@FiloSottile FiloSottile self-assigned this Jul 15, 2019
gopherbot pushed a commit that referenced this issue Jul 15, 2019
Updates #32716

Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/184102
Reviewed-by: Andrew Bonventre <andybons@golang.org>
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Aug 27, 2019

Change https://golang.org/cl/191976 mentions this issue: crypto/tls: remove SSLv3 support

@FiloSottile

This comment has been minimized.

Copy link
Member Author

@FiloSottile FiloSottile commented Aug 27, 2019

This has now landed. We'll keep this open to collect feedback until the freeze, at which point we'll make a final decision.

gopherbot pushed a commit that referenced this issue Aug 27, 2019
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.

As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.

Updates #32716

Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
tomocy added a commit to tomocy/go that referenced this issue Sep 1, 2019
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.

As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.

Updates golang#32716

Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
t4n6a1ka added a commit to t4n6a1ka/go that referenced this issue Sep 5, 2019
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.

As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.

Updates golang#32716

Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.14 Oct 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.