Node.js OpenSSL Strategy

[rvagg]

Here's my proposal for Node.js' OpenSSL Strategy. This document includes the following:

• Background, including how things work for Node versions 4 to 9
• How Node.js binaries ship and are used in practice in relation to OpenSSL
• OpenSSL release lines and their LTS policy (or lack thereof)
• OpenSSL 1.1.0
• OpenSSL 1.1.1
• OpenSSL FIPS Module and Node.js' use of it
• OpenSSL strategy for Node.js 10
• OpenSSL forks: LibreSSL and BoringSSL

---

Previous OP:

This is very WIP but I thought I'd better start getting this up rather than let it potentially go stale on my computer if I can't get back to it soon. Missing key pieces, particularly the Node 10 section which I'm going to use to make a recommendation. There's some good context in here thought which might behelpful.

I'll ping the TSC and crypto team when it's ready to be read and considered in full.

Also, I'm not sure whether this is the best place for this. The other two options I considered were nodejs/Release and nodejs/node/deps/openssl/doc. Happy to hear thoughts on this.

[bnoordhuis]

s/Python-based/Perl-based/

[sam-github]

resolved (only repo admins get a resolve button)

[danbev]

Nit: perhaps remote with in `command, by default, will compile with using the default 'configure'

[sam-github]

resolved

[mhdawson]

Its a good start to providing info/context.

[rvagg]

@nodejs/tsc @nodejs/security-wg @nodejs/crypto here's my OpenSSL Policy proposal. I'd like to get this in discussion ASAP as it has a big impact on Node 10 thanks to the expiry of 1.0.2 support 1/2 way through the Node 10 lifecycle. It's not as straightforward as just upgrading, as you'll read. My proposal for 10 is toward the bottom but the context is all above it, so don't skip too much.

Relevant to this discussion is that OpenSSL 1.1.1-pre1 has already been released and there is some work underway to test and make Node compatible. TLS 1.3 hasn't been finalized yet and we don't have much of an idea for a release date for 1.1.1. Very unlikely to be prior to Node 10 launch although we may have a clearer idea as we get closer. I'll push on the OpenSSL team as we get closer and just maybe we could shuffle our release timing to get straight to 1.1.1 and skip this 1.1.0 awkwardness. But for now we just have to assume it's not going to be a possibility and plan accordingly.

[shigeki]

Here is the current timeline of forthcoming 1.1.1.

https://www.openssl.org/policies/releasestrat.html

13th February 2018, alpha release 1 (pre1)
27th February 2018, alpha release 2 (pre2)
13th March 2018, beta release 1 (pre3)
OpenSSL_1_1_1-stable created (feature freeze)
master becomes basis for 1.1.2 or 1.2.0 (TBD)
27th March 2018, beta release 2 (pre4)
10th April 2018, beta release 3 (pre5)
24th April 2018, beta release 4 (pre6)
1st May 2018, release readiness check (new release cycles added if required, first possible final release date: 8th May 2018)

And EOSL of 1.1.0 was changed as

Version 1.1.0 will be supported until one year after the release of 1.1.1

TLS 1.3 is one of the main features to be expected to use 1.1.1 and is enabled by default.
It is now in IETF last call until 2018-03-02 and IESG discussion is to be held in 2018-03-08. https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/
I think we can see if TLS1.3 can be finalized before 1.1.1 in March.

The date of FIPS support in 1.1.x is not yet to be known.
https://www.openssl.org/blog/blog/2017/08/17/fips/

[bnoordhuis]

I think you sum it up nicely. No FIPS for now and we'll try our best not to break backwards compatibility mid-cycle.

What I'm not sure I agree on is supporting 1.0.2 beyond upstream's EOL date.

[bnoordhuis]

Typo: s/applicaiton/application/

[sam-github]

resolved

[bnoordhuis]

Seems like the end is missing.

[sam-github]

resolved

[rvagg]

nit fixed

@shigeki thanks for the additional info, I hadn't seen that they outlined a 1.1.1 release timeframe and the TLS 1.3 timeframe clarity is helpful. I updated the doc:

OpenSSL 1.1.1 pre-releases are already available as of the time of writing. According to the OpenSSL release strategy, the 1st of May is the target for "release readiness", with the first possible release date being the 8th of May if the codebase is considered ready for release.

In addition, the TLS 1.3 specification is in "Last Call" state, due to end on the 2nd of March. This means that it is likely that we will receive a finalized TLS 1.3 specification during March, which would make a May OpenSSL 1.1.1 release feasable.

TLS 1.3 specification finalization and code readiness are the two reasons that OpenSSL 1.1.1 release in early May is not a certainty. However, current signs point to that probability.

@bnoordhuis my concern is with distros that will continue to support 1.0.2 like RedHat beyond its EOL and may still want to bundle Node with 1.0.2, hence the note about continuing support. However, I've changed it now to say:

• Remain backward-compatible with OpenSSL 1.0.2 via dynamic linking for the lifetime of Node.js 10. This will cease being an official policy at the OpenSSL 1.0.2 EOL date which will occur 4 months prior to Node 10 entering Maintenance LTS. However, this support will be maintained as long as it does not cause security problems and there are contributors available to maintain such support. The lack of a passing test suite with Node.js 10 compiled against OpenSSL 1.0.2 past the EOL date will not hold up further releases of Node 10.

How does that sound? Ideally we'd continue to support 1.0.2 but we're not going to hold ourselves to that commitment beyond EOL if it's too hard for whatever reason.

[bnoordhuis]

Sounds good!

[mcollina]

👍 on that wording.

[shigeki]

The support of 1.1.0 is extended to one year after 1.1.1 release as in https://www.openssl.org/policies/releasestrat.html. So Aug. 2018 is no longer support dead line.

[mhdawson]

So from that doc it is 8 May 2019 at the latest.

[sam-github]

1.1.0 is EOL after 2019-09-11, resolved

[shigeki]

it is changed as described below.

[sam-github]

resolved

[shigeki]

I think we should add the following a new build requirement especially for Windows.

• A new build requirement of NASM is needed on Windows as in
  https://github.com/openssl/openssl/blob/89314d9a22ad0b0ce87e188c486532926aff01ea/NOTES.WIN#L21-L24 .
  Microsoft assembler, masm, is no longer supported in building Node.js with OpenSSL-1.1.x.

[shigeki]

A newer gas or llvm version would be required for use of AVX512 features but it has slightly different version requirements between 1.1.0 and 1.1.1.
I think it is one the issues to be resolved before include OpenSSL-1.1.x build binding with Node

[sam-github]

resolved by updating BUILDING.md, see

• nodejs/node@3f13148
• nodejs/node@f584f35
• nodejs/node@5703c7f

[shigeki]

We have a build requirements of assembler version as described in https://github.com/nodejs/node/blob/3a191229418dcc0e21956847993b1702c88a923b/deps/openssl/openssl.gypi#L1038-L1039 and we are using masm (Microsoft assembler) is used building Node.js despite of OpenSSL recommendation in historical reason, which is need to be deprecated in building OpenSSL-1.1.x.
Theses are can be written as below.

The following assembler versions are needed to support in AVX and AVX2 features of OpenSSL-1.0.2 in building  Node.js.  'llvm_version>="3.3" or xcode_version>="5.0" or gas_version>="2.23"
In windows, Microsoft assembler, `masm` can be supported in building Node.js with OpenSSL-1.0.2 in despite of OpenSSL recommendation.

[yhwang]

Nit: In Windows, we use vcbuild.bat and the configure_flags parameter is used to pass the options that you mentioned above for configure tool. Not sure should we also cover the usage in Windows or not.

[sam-github]

resolved like #479 (comment) I think, @shigeki, please comment if I misunderstand.

[Trott]

Micro-nit: Typo: feasable -> feasible

[sam-github]

resolved

[mcollina]

LGTM

[gibfahn]

Mostly looks good.

I also wonder if it should be in the nodejs/node repo somewhere, but having it here seems fine too.

[gibfahn]

Nits/suggestions:

-By default, Node.js compiles its own copy of OpenSSL and statically links this library into its binary.
+By default, the Node.js build process compiles its own copy of OpenSSL and statically links this library into the built `node` binary.

-link to dynamic library version of OpenSSL
+link to a dynamic library version of OpenSSL

-at build and link time.
+at build and linking time.

Also it would be good to format to 80 columns, not least so leaving PR comments is easier.

[sam-github]

resolved

[gibfahn]

Nit: maybe 4.x to 9.x for clarity

[sam-github]

resolved

[gibfahn]

Would be good to add a link, maybe to https://github.com/nodesource/distributions ?

[sam-github]

resolved

[gibfahn]

It would be really useful to have a maintaining-openssl.md (similar to the existing maintaining-v8.md'](https://github.com/nodejs/node/blob/master/doc/guides/maintaining-V8.md) and [maintaining-npm.md` guides, that includes a link to this list so we don't forget to update it.

Not really a job for this PR, maybe a request for @shigeki.

[richardlau]

There's https://github.com/nodejs/node/wiki/OpenSSL-upgrade-process, although it hasn't been updated since 2016.

[sam-github]

Resolved: see https://github.com/nodejs/node/blob/master/deps/openssl/README.md which links to https://github.com/nodejs/node/blob/master/deps/openssl/config/README.md. I have sucessfully followed the documented process multiple times.

[gibfahn]

NODE_MODULE_VERISION -> NODE_MODULE_VERSION

[sam-github]

resolved

[mhdawson]

LGTM once the 1.1.0 EOL is updated and other comments are addressed. I agree its not optimal to have to do an openssl update, but give the schedules/plans from openssl it seems to be the only reasonable way forward. Ideally we can make the change earlier in the 10.x lifecycle and before it goes LTS.

We could consider waiting for 1.1.1, but the target date does not seem concrete enough to make that a good alternative in my mind.

[mhdawson]

Thinking about it a bit more, @rvagg what would your take be on waiting 1 month on Node 10.x (target end of May instead of April). It might be worth it to avoid the potential of having to update the NODE_MODULE_VERSION

[gibfahn]

Specifically, I'm +1 on the plan on shipping 10.0.0 with 1.1.0 on the regular schedule (current release target date April 24th) and moving up to 1.1.1 as it becomes available.

Seems indicated to me given the assurance from the OpenSSL team that 1.1.1 will be API and ABI compatible.

@rvagg am I right in thinking that if 1.1.1 is not the next LTS release, they might do a 1.1.2 release that is not compatible and declare that LTS?

[shigeki]

Seems indicated to me given the assurance from the OpenSSL team that 1.1.1 will be API and ABI compatible.

We have it in openssl/openssl#5120 (comment).

I have the following two concerns about the plan of Node-v10 to start OpenSSL-1.1.0 then move to 1.1.1.

1. Assembler version requirements

They are different between 1.1.0 and 1.1.1 as below.

OpenSSL-1.1.0 minimum assembler version requirements
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/doc/crypto/OPENSSL_ia32cap.pod

Extension	GNU as	nasm	llvm
AVX	2.19	2.09	3.0
AVX2	2.22	2.10	3.1
AVX512	2.25	2.11.8	3.6

OpenSSL-1.1.1 minimum assembler version requirements
https://github.com/openssl/openssl/blob/master/doc/man3/OPENSSL_ia32cap.pod

Extension	GNU as	nasm	llvm
AVX	2.19	2.09	3.0
AVX2	2.22	2.10	3.1
ADCX/ADOX	2.23	2.10	3.3
AVX512	2.25	2.11.8	see NOTES
AVX512IFMA	2.26	2.11.8	see NOTES
VAES	n/a	n/a

We are pre-generating assembler files while I am doing with upgrading OpenSSL. If we cannot change build requirements after Node-10 release, it cannot use of AVX512IFMA feature. Otherwise, we needs to pre-generate several kind of assembler files depending on assembler versions. But it leads to be more complex in the future upgrading procedures of OpenSSL.

2. New features after moving to OpenSSL-1.1.1

Shared library users of Node-v10 will continue to use OpenSSL-1.1.0 after we upgrade to 1.1.1 so that we have to maintain two versions of OpenSSL until EOLS of 1.1.0, one year after 1.1.1.
If we add a new feature specific to 1.1.1, the API should check openssl version and be noted in the API doc.

For the API simplicity, I think it is better to support one release version of OpenSSL during LTS.

[shigeki]

My PR to upgrade OpenSSL-1.1.0 is coming in the next week after the forth-coming security release of OpenSSL-1.1.0h.

Here is my WIP branch at https://github.com/shigeki/node/tree/upgrade_openssl110h_pre
and CI results are fine except Jenkins errors in https://ci.nodejs.org/job/node-test-commit/17127/.

[rvagg]

TLS 1.3 got finalised this week, so 1.1.1 has another box ticked https://www.ietf.org/mail-archive/web/ietf-announce/current/msg17592.html

[fhinkel]

Is this ready to land?

[mhdawson]

@shigeki you have a blocking objection, are there still updates needed to the doc?

[rvagg]

Most excellent news @nodejs/tsc: https://www.openssl.org/blog/blog/2018/05/18/new-lts/

Our current LTS release is 1.0.2, and it will be supported until the end of 2019. During that last year it will only receive security fixes. Although we are extended 1.1.0 support, we explicitly decided not to do it again, for either release.

Our next LTS release will be 1.1.1 which is currently in beta. As long as the release is out before the end of 2018, there is more than a year to migrate. (We’re confident it will be out before then, of course.) We encourage everyone to start porting to the OpenSSL master branch.

There's some notes about FIPS too:

we’re committed to a new FIPS module, it will be based on the current codebase, and we think we can get it done fairly quickly.

As I said in the last TSC meeting, 1.1.1 is pushing further than originally hoped but we're already up to beta 7 as of yesterday and I think things are getting ironed out and ready for release. Beta 8 is due on the 19th of June and they so far haven't planned anything beyond that. There's a release criteria for 1.1.1 at the bottom of https://www.openssl.org/policies/releasestrat.html which basically amounts to not having outstanding major issues tagged for the branch. So cross fingers and we may see a 1.1.1 within the next month.

Of course there is a risk of this dragging on closer to October when we hit LTS. After this point an upgrade is going to be really annoying. I think the current indications are that we'll make it long before that but we need to be prepared to think through the implications of that upgrade while in LTS.

[mhdawson]

@shigeki still looking to get a first cut of this landed. Are you ok with landing or is there something that needs to be updated first.

[mhdawson]

@shigeki ping ?

[mhdawson]

@shigeki , @rvagg it would be good to get at least an initial version of this doc landed. What needs to happen for that to be possible?

[sam-github]

I think @codebytere says Electron is using BoringSSL when they embed node. Why shouldn't our stance on any OpenSSL API-alike project be the same as for LibreSSL? No promises on support, but we'll accept PRs that don't burden Node.js in the maintenance of our own use cases.

[tniessen]

I actually talked to @codebytere at JSI and suggesred to bring a necessary change into Node.js core, so I am not generally opposed, but if we rephrase this, we should make it very clear that BoringSSL should not be depended upon unless absolutely necessary (which is the case for electron).

[sam-github]

Re-reading, I think we are all saying the same thing, unless its a trivial unobtrusive change, we don't want to support BoringSSL. I'm OK with the original wording.

[sam-github]

resolved

[mhdawson]

@rvagg this has been opened for almost a year now. Any chance we can get an update and get this landed?

[sam-github]

@rvagg do you want to get this landed? I'm happy to land it myself if you don't object (after taking another pass through to make sure the comments were addressed).

[sam-github]

This is labelled tsc-review, did @nodejs/tsc review it?

[rvagg]

@sam-github would you mind taking this over? It's had plenty of TSC review so far but needs some love to bring it up to date with current status (mostly your work).

I'd also be interested in handing over ownership of OpenSSL Evolution in the Strategic Initiatives https://github.com/nodejs/TSC/blob/master/Strategic-Initiatives.md#current-initiatives although I'm not sure it makes sense to put a non-TSC member in charge of it. Alternatively perhaps with this being landed it can be removed as a Strategic initiative.

[mhdawson]

I don't think all of our champions need to be a TSC member, although maybe somebody who is the sponsor in the case where a non TSC member is doing most of the work. The sponsor would be somebody that the champion can get help from if needed.

In terms of whether it needs to continue as a strategic initiative, once support for TLS 1.3 and OpenSSL 1.1.1 lands in all the target Releases it may be done?

[rvagg]

mm, the TLS 1.3 strategy isn't entirely clear wrt Node 11 and 10 so some finality on that would be good before taking this off the regular-reporting rotation. FIPS, {Boring,Libre}SSL, OpenSSL 2 all prevent this from going away entirely and it'd be good to have documentation and perhaps a person to query. I don't think I'm that person any more though.

[sam-github]

@rvagg I'll update this a bit and push for landing it.

It may also be a good time/place to talk about whether to allow building against external OpenSSL that is NOT the same version as the on we use, I mentioned some issues coming up about that feature here: nodejs/node#26319 (comment)

[rvagg]

@sam-github yeah that keeps on coming up and it's a legitimate concern, especially for Linux distribution packagers. IIRC I framed this doc to allow for it but only insofar as the core team are only going to concern themselves with the compatibility of the version bundled but will accept patches from outside to make things work. This is how it's always worked but there's been a blurry line when it involves a lot of changes (like that LibreSSL issue I jumped in to recently and probably shouldn't have!). So, as an example, if @kapouer / Debian wanted to build 12 against OpenSSL 1.1.0 for some reason and we didn't support it, they'd have to submit fixes to get it working again and the core team won't take responsibility for the compatibility issues that ensue (e.g. reports to nodejs/node about TLS 1.3 not working)—although in reality that'd be a case-by-case basis depending on who cared to respond to such a report.

If that's not clear in this doc already I think it should be made clear.

1. Core team cares mainly about directly bundled versions and will treat breakage & bugs with the same urgency as with any other core module
2. Node supports building against any other crypto library that's roughly compatible but creating that initial support and maintaining it will:
   a. be the responsibility of contributors (most likely not on the core team)
   b. not invoke the same kind of critical response to breakage
   c. be overridden or rejected where the change set might be deemed to be large or complex enough to get in the way of providing Node's core functionality and supporting it's primary dependency on OpenSSL

Or something like that. It would even allow for compiling master against 1.0.2 if someone cared enough to do that work and keep it updated and the code didn't step all over our toes.

[sam-github]

@rvagg I've got time to integrate comments and update text, stuff like that, so I'm happy to help.

But... I thought I could push fixups to your branch, but I can't. Possibly your permissions, but more likely because I don't have push/merge perms on the TSC repo (I guess thats not surprising).

So, I'm not sure how I can help. I could just fork TSC, pull your branch from your repo, and PR it again, but I'm not sure duplicating the PR and forking the conversation will be helpful.

Any ideas?

[rvagg]

I think this discussion has become stale in its current form so take my commits, edit and make this doc your own and open a new PR to start a fresh discussion. I think that'll be the best way.

[sam-github]

I'll do that over the next day or so, thanks.

[sam-github]

Replaced by #677