Selected protocols in SslContextFactory#dump() and actual SSLContext inconsistent

[joschi]

Jetty version

9.4.33.v20201020

Java version

openjdk version "1.8.0_272"
OpenJDK Runtime Environment (Zulu 8.50.0.21-CA-macosx) (build 1.8.0_272-b17)
OpenJDK 64-Bit Server VM (Zulu 8.50.0.21-CA-macosx) (build 25.272-b17, mixed mode)

OS type/version

macOS 10.15.7

Description

When a list of protocols used with or SslContextFactory#excludeProtocols() contains a regular expression, the respective protocols will be shown as excluded in the output of SslContextFactory#dump(), but they won't necessarily be excluded in the actual SSLEngine instance created by SslContextFactory#newSSLEngine().

The same is true for the inverse case when using SslContextFactory#includeProtocols().

While the list of included/excluded ciphers is actually being processed to allow regular expressions (https://github.com/eclipse/jetty.project/blob/jetty-9.4.33.v20201020/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L1420-L1453), the list of included/excluded protocols is not processed in the same way.

SslContextFactory#dump() is passing the list of excluded protocols to SslSelectionDump:
https://github.com/eclipse/jetty.project/blob/jetty-9.4.33.v20201020/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L420-L424

There, any regular expressions the respective list will be compiled and matched against the list of supported protocols and removed accordingly, so that they appear to excluded:
https://github.com/eclipse/jetty.project/blob/jetty-9.4.33.v20201020/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java#L86-L102

Unfortunately, when the actual SSLContext is being configured, the list of excluded protocols is passed from SslContextFactory as-is to remove the protocols from the list of selected protocols of the SSLContext:
https://github.com/eclipse/jetty.project/blob/jetty-9.4.33.v20201020/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L1377-L1378

This leads to a discrepancy between which enabled and disabled protocols are listed in the output of SslContextFactory#dump() and which protocols the SSLContext and SSLEngine actually support.

Example unit test and output

@Test
public void testDefaultExcludedProtocols() throws Exception {
    SslContextFactory sslContextFactory = new SslContextFactory.Server();
    sslContextFactory.setExcludeProtocols("SSL.*", "TLSv1", "TLSv1\\.[01]");
    sslContextFactory.dump(System.out, "");

    sslContextFactory.start();
    try {
        assertThat(sslContextFactory.newSSLEngine().getEnabledProtocols()).doesNotContain("TLSv1.1");
    } finally {
        sslContextFactory.stop();
    }
}

2020-10-28 21:55:52.984:INFO::main: Logging initialized @878ms to org.eclipse.jetty.util.log.StdErrLog
Server@12591ac8[provider=null,keyStore=null,trustStore=null] - STOPPED
+> trustAll=false
+> Protocol Selections
|  +> Enabled size=2
|  |  +> TLSv1.2
|  |  +> TLSv1.3
|  +> Disabled size=4
|     +> SSLv2Hello - ConfigExcluded:'SSL.*'
|     +> SSLv3 - ConfigExcluded:'SSL.*' JVM:disabled
|     +> TLSv1 - ConfigExcluded:'TLSv1'
|     +> TLSv1.1 - ConfigExcluded:'TLSv1\.[01]'
+> Cipher Suite Selections
   +> Enabled size=27
   |  +> TLS_AES_128_GCM_SHA256
   |  +> TLS_AES_256_GCM_SHA384
   |  +> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   |  +> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
   |  +> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
   |  +> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
   |  +> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   |  +> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
   |  +> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
   |  +> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
   |  +> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
   |  +> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   |  +> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
   |  +> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
   |  +> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
   |  +> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   |  +> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
   |  +> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
   |  +> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
   |  +> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
   |  +> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
   |  +> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
   |  +> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
   |  +> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
   |  +> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
   |  +> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
   |  +> TLS_EMPTY_RENEGOTIATION_INFO_SCSV
   +> Disabled size=18
      +> TLS_DHE_DSS_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_DHE_DSS_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_DHE_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_DHE_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
      +> TLS_RSA_WITH_AES_128_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$', ConfigExcluded:'^TLS_RSA_.*$'
      +> TLS_RSA_WITH_AES_128_CBC_SHA256 - ConfigExcluded:'^TLS_RSA_.*$'
      +> TLS_RSA_WITH_AES_128_GCM_SHA256 - ConfigExcluded:'^TLS_RSA_.*$'
      +> TLS_RSA_WITH_AES_256_CBC_SHA - ConfigExcluded:'^.*_(MD5|SHA|SHA1)$', ConfigExcluded:'^TLS_RSA_.*$'
      +> TLS_RSA_WITH_AES_256_CBC_SHA256 - ConfigExcluded:'^TLS_RSA_.*$'
      +> TLS_RSA_WITH_AES_256_GCM_SHA384 - ConfigExcluded:'^TLS_RSA_.*$'


java.lang.AssertionError: 
Expecting
 <["TLSv1.2", "TLSv1.1"]>
not to contain
 <["TLSv1.1"]>
but found
 <["TLSv1.1"]>

[joakime]

public void testDefaultExcludedProtocols() throws Exception {
    SslContextFactory sslContextFactory = new SslContextFactory.Server();
    sslContextFactory.setExcludeProtocols("SSL.*", "TLSv1", "TLSv1\\.[01]");
    sslContextFactory.dump(System.out, "");

    sslContextFactory.start();
    try {
        assertThat(sslContextFactory.newSSLEngine().getEnabledProtocols()).doesNotContain("TLSv1.1");
    } finally {
        sslContextFactory.stop();
    }
}

That's an invalid test.

You cannot use the dump THEN start the SslContextFactory and expect sane results.
The dump isn't valid until the SslContextFactory is started.

I added a testcase based on your report, it works as designed, and correctly.
Both the new SSLEngine and the dump report the same values. (where TLSv1.1 is excluded)

https://github.com/eclipse/jetty.project/blob/cff4771375ee5120fdd11a82a3e090cc3ecd6135/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java#L99-L130

[joakime]

Going to test this on a few different OS combinations now.

[joakime]

Results from OSX 10.15.7

Using AdoptOpenJDK 8u272 - PASS
Using AdoptOpenJDK 11.0.9 - PASS

Results from Windows 10

Using AdoptOpenJDK 8u272 - PASS
Using AdoptOpenJDK 11.0.9 - PASS

[joschi]

@joakime Thanks for checking this bug report!

The dump isn't valid until the SslContextFactory is started.

I didn't find anything in the Javadoc about that: SslContextFactory#dump(Appendable, String).

Would it make sense to throw an IllegalStateException or emit an error message instead of an invalid dump in this case?

I added a testcase based on your report, it works as designed, and correctly.

Are you sure the test is working correctly? The assertion for "Confirm behavior in engine" is failing for me.

Here's the minimal project to reproduce the issue:
https://github.com/joschi/jetty-issue-5531-excluded-protocols/

Test case: SslContextFactoryTest

The only relevant difference is that I'm using AssertJ instead of Hamcrest matchers.
Printing the list of enabled protocols at the end of the test with System.out.println() confirmed that the assertion is working (and failing) correctly.

@Test
public void testDumpExcludedProtocols() throws Exception {
    SslContextFactory.Server cf = new SslContextFactory.Server();
    cf.setKeyStorePassword("storepwd");
    cf.setKeyManagerPassword("keypwd");
    cf.setExcludeProtocols("SSL.*", "TLSv1", "TLSv1\\.[01]");
    cf.start();

    // Confirm behavior in engine
    String[] enabledProtocols = cf.newSSLEngine().getEnabledProtocols();
    assertThat(enabledProtocols).doesNotContain("TLSv1.1");
}

Failing output on Linux (Ubuntu 18.04.5), macOS 10.15.7, Windows (Windows Server 2019 10.0.17763) with Java (Azul Zulu) 1.8.0_272, 11.0.9, and 15.0.1:

https://github.com/joschi/jetty-issue-5531-excluded-protocols/actions/runs/336689872

[joakime]

Wait a sec.
There's multiple things not right at this point.

First, and most "duh" moment of my own, is that .setExcludeProtocols() doesn't support regex. (even says so in the javadoc)
I need to fix that, so I opened #5535.
The next is that the assertion I have is wrong.
I have to fix that too.

Commit c969fba addresses both the bad usage of .setExcludeProtocols and the bad assertion.

[joschi]

@joakime Thanks for looking further into this!

First, and most "duh" moment of my own, is that .setExcludeProtocols() doesn't support regex. (even says so in the javadoc)

That's what I tried to convey in my original post of this issue:

While the list of included/excluded ciphers is actually being processed to allow regular expressions (https://github.com/eclipse/jetty.project/blob/jetty-9.4.33.v20201020/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L1420-L1453), the list of included/excluded protocols is not processed in the same way.

But great that this is going to be fixed. 😃

[joakime]

Opened PR #5538

[joakime]

Merged PR #5538 into jetty-9.4.x