TLS state-of-the-art in pump.io. We need to progress! #1061

Closed
luisgf opened this Issue Dec 10, 2014 · 8 comments

Comments

Projects
None yet
7 participants
@luisgf

luisgf commented Dec 10, 2014

Hi Evan:

I open this issue with the aims to make evolu the state-of-the-art in pump.io security.

By default pump.io in its standalone mode has a wrong and terrible TLS configuration that don't follow the latests good practices. The security and privacy of the users is primordial for me, and for that I wrote this patch that aims to help with that.

The patch implement the following:

  • SSLv3 protocol deactivation to prevent POODLE attack
  • Improve cipher strength disabling weak ciphers and prefer DHE,EDHE ciphers when nodejs 0.12.x arrive.
  • Enable SSL session resumption. This boost the TLS session resume and performance overall.
  • Disable TLS client renegotiation

And here, a small list the would be nice to be in the TODO list.

Desirable:

  • DANE support
  • Forbid connections to pump servers with weak RSA keys (<=1024 bits)
  • Support for Nodejs v0.12.x. This is necessary in order to support Forward Secrecy.
  • Disallow access via HTTP Plain!!! Only support the creation of HTTPS servers. Its mandatory for any protocol by IETF since a few years ago

Please evan, be aware of the patch and help us to protect our users.

PS.- Edited for fix typos.

@luisgf

This comment has been minimized.

Show comment
Hide comment
@luisgf

luisgf Dec 10, 2014

Here the link for the patch of pump.io 0.3.x version. https://www.luisgf.es/patchs/pump-patch2.diff

luisgf commented Dec 10, 2014

Here the link for the patch of pump.io 0.3.x version. https://www.luisgf.es/patchs/pump-patch2.diff

@jankusanagi

This comment has been minimized.

Show comment
Hide comment
@jankusanagi

jankusanagi Dec 10, 2014

Contributor

@luisgf, did you apply this patch on mipump.es? If so, any issues?

If it was applied and there have been no issues, it's a good start ;)

Contributor

jankusanagi commented Dec 10, 2014

@luisgf, did you apply this patch on mipump.es? If so, any issues?

If it was applied and there have been no issues, it's a good start ;)

@luisgf

This comment has been minimized.

Show comment
Hide comment
@luisgf

luisgf Dec 10, 2014

Hi Jan:

Yes, the patch has been enabled since yesterday in mipump.es

Here a few samples:

SSL3 desactivation:
luisgf@NCC1701B:~$ openssl s_client -connect mipump.es:443 -ssl3 -CAfile /etc/ssl/certs/ca-certificate.pem

no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 0 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1418221233
Timeout : 7200 (sec)
Verify return code: 0 (ok)

luisgf@NCC1701B:~$ openssl s_client -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt

No client certificate CA names sent
SSL handshake has read 5789 bytes and written 795 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 51BE5D17EBA21D5B5E8DAF1785926B53A75ACC6A40A8E1E3F19A6A4D51235134
Session-ID-ctx:
Master-Key: 8489128BDE709A4FBF883946DCDC5E80B8BCBAA7114DB403F641EE0019064D421EE47B015D293055D22CF239CAE55B79
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 37 cf 24 1a 5f 3a 4f a3-68 0b 91 03 e1 ed 1c bb 7.$.:O.h.......
0010 - 9c f0 2d 68 45 7f 64 d9-cc 9a 89 c3 54 ee b3 38 ..-hE.d.....T..8
0020 - 89 52 89 04 f8 c6 85 f3-16 8e 92 64 ad 22 80 c2 .R.........d."..
0030 - 0e c9 b6 4c e1 aa a7 cf-af fe 58 15 8b b7 a2 c7 ...L......X.....
0040 - 8c 95 a6 11 19 d5 48 91-80 d3 95 70 d0 e3 9d 65 ......H....p...e
0050 - f4 86 73 1a c6 c1 00 96-05 83 03 4a 24 9f 24 50 ..s........J$.$P
0060 - 88 72 be 34 c3 f4 f0 50-65 55 d9 c6 3a 4d 5f 08 .r.4...PeU..:M
.
0070 - be 6a 69 49 c3 2b c7 eb-53 35 0d fa a9 88 e4 e4 .jiI.+..S5......
0080 - 26 21 db c2 eb 9d 69 ff-90 93 69 35 85 27 3b 1d &!....i...i5.';.
0090 - 38 2e f5 a4 4f a2 64 58-c0 64 e3 7f bf 43 ad 60 8...O.dX.d...C.`

Start Time: 1418221283
Timeout   : 7200 (sec)
Verify return code: 0 (ok)

SSL session resume example:

luisgf@NCC1701B:~$ openssl s_client -reconnect -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt | egrep "^(New|Reused)"
New, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA

luisgf@NCC1701B:~$ openssl s_client -reconnect -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt -no_ticket | egrep "^(New|Reused)"

New, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA

luisgf commented Dec 10, 2014

Hi Jan:

Yes, the patch has been enabled since yesterday in mipump.es

Here a few samples:

SSL3 desactivation:
luisgf@NCC1701B:~$ openssl s_client -connect mipump.es:443 -ssl3 -CAfile /etc/ssl/certs/ca-certificate.pem

no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 0 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1418221233
Timeout : 7200 (sec)
Verify return code: 0 (ok)

luisgf@NCC1701B:~$ openssl s_client -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt

No client certificate CA names sent
SSL handshake has read 5789 bytes and written 795 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 51BE5D17EBA21D5B5E8DAF1785926B53A75ACC6A40A8E1E3F19A6A4D51235134
Session-ID-ctx:
Master-Key: 8489128BDE709A4FBF883946DCDC5E80B8BCBAA7114DB403F641EE0019064D421EE47B015D293055D22CF239CAE55B79
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 37 cf 24 1a 5f 3a 4f a3-68 0b 91 03 e1 ed 1c bb 7.$.:O.h.......
0010 - 9c f0 2d 68 45 7f 64 d9-cc 9a 89 c3 54 ee b3 38 ..-hE.d.....T..8
0020 - 89 52 89 04 f8 c6 85 f3-16 8e 92 64 ad 22 80 c2 .R.........d."..
0030 - 0e c9 b6 4c e1 aa a7 cf-af fe 58 15 8b b7 a2 c7 ...L......X.....
0040 - 8c 95 a6 11 19 d5 48 91-80 d3 95 70 d0 e3 9d 65 ......H....p...e
0050 - f4 86 73 1a c6 c1 00 96-05 83 03 4a 24 9f 24 50 ..s........J$.$P
0060 - 88 72 be 34 c3 f4 f0 50-65 55 d9 c6 3a 4d 5f 08 .r.4...PeU..:M
.
0070 - be 6a 69 49 c3 2b c7 eb-53 35 0d fa a9 88 e4 e4 .jiI.+..S5......
0080 - 26 21 db c2 eb 9d 69 ff-90 93 69 35 85 27 3b 1d &!....i...i5.';.
0090 - 38 2e f5 a4 4f a2 64 58-c0 64 e3 7f bf 43 ad 60 8...O.dX.d...C.`

Start Time: 1418221283
Timeout   : 7200 (sec)
Verify return code: 0 (ok)

SSL session resume example:

luisgf@NCC1701B:~$ openssl s_client -reconnect -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt | egrep "^(New|Reused)"
New, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA

luisgf@NCC1701B:~$ openssl s_client -reconnect -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt -no_ticket | egrep "^(New|Reused)"

New, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA
Reused, TLSv1/SSLv3, Cipher is AES256-SHA

@larjona

This comment has been minimized.

Show comment
Hide comment
@larjona

larjona Dec 31, 2014

Collaborator

related: #532

Collaborator

larjona commented Dec 31, 2014

related: #532

@stevenroose

This comment has been minimized.

Show comment
Hide comment
@stevenroose

stevenroose Mar 2, 2015

Is @evanp still working on pump.io?

Is @evanp still working on pump.io?

@dper

This comment has been minimized.

Show comment
Hide comment
@dper

dper Mar 2, 2015

If Pump itself doesn't get these types of improvements, this creates incentive for more users to put it behind Nginx, which is something the documentation recommends against.

dper commented Mar 2, 2015

If Pump itself doesn't get these types of improvements, this creates incentive for more users to put it behind Nginx, which is something the documentation recommends against.

@shtrom

This comment has been minimized.

Show comment
Hide comment
@shtrom

shtrom Oct 11, 2015

A side problem is also trust of certificates #786

shtrom commented Oct 11, 2015

A side problem is also trust of certificates #786

@larjona larjona added the security label Mar 17, 2016

strugee added a commit that referenced this issue Sep 9, 2016

Improve TLS configuration
* Use Mozilla's "intermediate" TLS cipher suite
* Force server cipher suite preferences

See #1061

strugee added a commit that referenced this issue Sep 9, 2016

Improve TLS configuration
* Use Mozilla's "intermediate" TLS cipher suite
* Force server cipher suite preferences

See #1061

@strugee strugee referenced this issue Sep 12, 2016

Closed

SSL problem #532

strugee added a commit that referenced this issue Sep 12, 2016

Improve TLS configuration
* Use Mozilla's "intermediate" TLS cipher suite
* Force server cipher suite preferences

See #1061

@strugee strugee closed this in bde7b76 Sep 12, 2016

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee Sep 12, 2016

Member

Closing as this is a super broad issue.

Better cipher suites just got merged into master. You'll need at least Node 0.12 to get decent ones, however.

I'll file followups for the remaining issues.

Member

strugee commented Sep 12, 2016

Closing as this is a super broad issue.

Better cipher suites just got merged into master. You'll need at least Node 0.12 to get decent ones, however.

I'll file followups for the remaining issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment