-
Notifications
You must be signed in to change notification settings - Fork 667
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OS X] SSL Handshake with secured TLSv1.2 only servers with restricted ciphers #2315
Comments
In short: Not right away. We could ship our private OpenSSL, but the Qt framework is currently making this difficult. Qt version 5.4, scheduled for next month, will provide a remedy, and as it becomes available. we will tackle this (and other related) issues. |
seems to, also Android Client have problems with it (on an Android 4.3). That's reasonable as long androids internal SSL doesn't seem to support newer TLS versions (from ssllabs), but there too: |
No. The potential security gain would be marginal - if any - and the risk of breaking things too big. - Though, please file Android bugs at owncloud/android. |
Same issue here with Mac OS 10.9.5 This works:
This fails:
The Windows and iOS clients didn't have any problems with the more restrictive configuration. Just Mac OS. |
Yes, known issue. The package on Mac OS ships with a Qt version which cannot easily be linked against another OpenSSL than the system one, which is still at 0.9.8. Qt 5.4 will fix that, but is still a month away. We are working with the Qt team to ensure that using a later OpenSSL will be possible. |
Anybody who have tested Yosemite? Which SSL Version is shipped with 10.10? Does this "fix" it? |
@childnode: Nope, OpenSSL is deprecated on OS X. We need to ship our own. |
I think this is a very serious issue. Clients need to be built with the latest OpenSSL available. I'm afraid that if you don't provide your own OpenSSL but instead rely on Qt's outdated OpenSSL, there will come a day when you have a major security incident. |
|
We're actively monitoring the most important security mailing lists and also perform pro-active security checks of our software. Security is one of our most important requirements. While "0.9.8" might seem outdated, it absolutely is not. The version is still supported by the OpenSSL project and used by a lot of software. - Also some security bugs such as Heartbleed did not even affect that branch, effectively the users were even more protected than if we did use a newer version. To sum up:
|
Does OpenSSL 0.9.8 support TLS v1.2 and TLS v1.1? Browsing through the release notes at https://www.openssl.org/news/openssl-notes.html I get the impression you need OpenSSL 1.0.1 to have TLS v1.1 or 1.2 support. Please correct me if I'm wrong. To me, that alone is enough justification to start using 1.0.1. Then I'm not even talking of new features like TLS_FALLBACK_SCSV. IMHO, the fact that 0.9.8 did not suffer from Heartbleed was pure coincidence and should not be used as an argument to stick to older software for security. |
How would that in any way make your system more secure? - There are no practical attacks and things such as You are all here overestimating what a new OpenSSL version would offer you for advantages. Actually, the impact is very very very very low. As I said: We will update soon, but we won't do it before Qt 5.4 is out and there is no way to change that. |
OpenSSL 1.0.1c+ supports Forward Secrecy, for example. |
Sure, but overall this has a low impact when considering other possible attack vectors. I recommend to take a look at https://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_wont_help.pdf Anyways, this will be fixed in the future . |
When will be that? |
As it has already been mentioned three times within this issue:
|
Aka "as soon as we switch to Qt 5.4" which is "as soon as it is released plus the time needed for the change" |
@onnozweers forward secrecy is supported by 0.9.8 too it just requires more CPU intensive ciphers than the elliptic curve ciphers supported by 1.0.0. |
@onnozweers and @richmore that's why I trapped into it and started the discussion: old OpenSSL Implementations only support TLS 1.0, I intended to shutdown any "old" protocol. And yes, thanks to this discussion I got more information and need to read more details about this topic. to sum up: ForwardSecrecy (FS) is supported, even "Perfect FS" (PFS) is not a matter, because you would only need the ECDHE and DHE ciphers to be supported "exclusively"?! (you might refer to Wikipedia http://q.childno.de/smsyw).
=> secure ciphers equals (mostly) secure TLS, never mind TLS 1, 1.1, 1.2. Nevertheless I'm wondering about that a 10 year old "security protocol" that has two descendants is still the most width used one?! We really must stop complaining about "we can't use XY" because "YZ" depends on ...that's why security is so crappy and unhandy still these days and protection level is raised very slowly because there is no "political pressure"...And that's why I can't follow any arguments like TLS_FALLBACK_SCSV is not officially standardized, while the most modern and well used browsers supports it?! @ALL further commenters: We really don't need any more flame war on "hey guys, hurry up", and "yes do this". Argues are clear why it hasn't been done yet. |
Which version of OpenSSL will be used with Qt 5.4? |
@childnode "TLS_FALLBACK_SCSV is not officially standardized, while the most modern and well used browsers supports it?!" Actually they don't support it yet. And the only reason it exists and is going to be added to them is that they perform fallbacks to the older SSL/TLS versions to workaround buggy servers. Qt does not perform these fallbacks so it is not relevant to us. |
cc @owncloud/support-triagers |
Hey everyone, please have a look at #2510 (comment) and re-test. |
@childnode Can you verify if it is working in the latest build http://download.owncloud.com/desktop/daily/ ? |
@lmaestro yes, I can confirm that it works with ownCloud-1.7.0.1574-nightly20141204.pkg. |
I checked that in version 1.7.1 beta1 works fine. |
after securing my server instance (yes, I did it the non-user friendly way: who don't have a new browser or OS is locked out)
before:
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:!MEDIUM:!ADH:!MD5
after:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
Apache 2.2.22
all fine, for everyone: https://www.ssllabs.com/ssltest/analyze.html?d=owncloud.childno.de
but not for owncloud 1.6.3
so, can you PLEASE update the SSL library or whatever caused this ... thx, this is really upsetting that this "keep your data safe service" doesn't support newest / en vogue encryption!
The text was updated successfully, but these errors were encountered: