Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upAdd ALPN and signature algorithms to OpenSSL config #24976
Merged
Conversation
highfive
commented
Nov 30, 2019
|
Heads up! This PR modifies the following files:
|
|
Historical context: Last cipherlist change was in #22243 (comment). |
|
@avadacatavra do you have opinions about ciphersuites? |
|
This is great work--thank you! |
|
@bors-servo r=avadacatavra |
|
|
bors-servo
added a commit
that referenced
this pull request
Dec 9, 2019
Add ALPN and signature algorithms to OpenSSL config * Updated http crate from 0.1.17 [to 0.1.20](https://github.com/hyperium/http/blob/master/CHANGELOG.md#0120-november-26-2019). * Updated hyper from 0.12.33 [to 0.12.35](hyperium/hyper@v0.12.33...v0.12.35). * Updated hyper-openssl from 0.7.0 [to 0.7.1](https://github.com/sfackler/hyper-openssl/blob/master/CHANGELOG.md#v071---2019-03-01). * Updated openssl crate from 0.10.11 [to 0.10.26](https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md#v01026---2019-11-22). * Set ALPN to h2+http/1.1 for https (Enabled HTTP2) and http/1.1 for websockets. * Restricted signature algorithms to the same list across platforms: EdDSA at first, then ECDSA certificates, then TLS 1.3's RSA(-PSS), then classic RSA (PKCS 1.5). Thereby we disabled the [following](https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.1.1c&key=165) non-web-standard signature algorithms: SHA512/ECDSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA. [SHA1/RSA](https://tools.ietf.org/html/draft-ietf-tls-md5-sha1-deprecate-00) is almost dead and now only used by a few old and broken F5 load balancers: Like TLS 1.0 deprecation, we can again deprecate this some months earlier than other browsers. * Added Chacha20 to TLS 1.2 ciphersuite list and preferred it like Firefox and [Rustls](https://github.com/ctz/rustls/blob/4b13a322c05c9310173513782c5d12c5afedfaf5/rustls/src/suites.rs#L377). Removed legacy and privacy-hostile plain RSA (AES256-SHA, AES128-SHA). Compared to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) we keep ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA for now, but won't reintroduce deprecated DHE. * Switched server-side to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) in components/net/tests/main.rs. (The new `modern` would have been TLSv1.3-only, therefore only worked with OpenSSL 1.1.1 which is unfortunately not yet used on every target.) * Renamed `ssl_connector_builder(certs)` to the more neutral and long-term better fitting `create_tls_config(certs, alpn)` as it was done in #24764. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors
|
|
|
@bors-servo retry |
bors-servo
added a commit
that referenced
this pull request
Dec 9, 2019
Add ALPN and signature algorithms to OpenSSL config * Updated http crate from 0.1.17 [to 0.1.20](https://github.com/hyperium/http/blob/master/CHANGELOG.md#0120-november-26-2019). * Updated hyper from 0.12.33 [to 0.12.35](hyperium/hyper@v0.12.33...v0.12.35). * Updated hyper-openssl from 0.7.0 [to 0.7.1](https://github.com/sfackler/hyper-openssl/blob/master/CHANGELOG.md#v071---2019-03-01). * Updated openssl crate from 0.10.11 [to 0.10.26](https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md#v01026---2019-11-22). * Set ALPN to h2+http/1.1 for https (Enabled HTTP2) and http/1.1 for websockets. * Restricted signature algorithms to the same list across platforms: EdDSA at first, then ECDSA certificates, then TLS 1.3's RSA(-PSS), then classic RSA (PKCS 1.5). Thereby we disabled the [following](https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.1.1c&key=165) non-web-standard signature algorithms: SHA512/ECDSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA. [SHA1/RSA](https://tools.ietf.org/html/draft-ietf-tls-md5-sha1-deprecate-00) is almost dead and now only used by a few old and broken F5 load balancers: Like TLS 1.0 deprecation, we can again deprecate this some months earlier than other browsers. * Added Chacha20 to TLS 1.2 ciphersuite list and preferred it like Firefox and [Rustls](https://github.com/ctz/rustls/blob/4b13a322c05c9310173513782c5d12c5afedfaf5/rustls/src/suites.rs#L377). Removed legacy and privacy-hostile plain RSA (AES256-SHA, AES128-SHA). Compared to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) we keep ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA for now, but won't reintroduce deprecated DHE. * Switched server-side to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) in components/net/tests/main.rs. (The new `modern` would have been TLSv1.3-only, therefore only worked with OpenSSL 1.1.1 which is unfortunately not yet used on every target.) * Renamed `ssl_connector_builder(certs)` to the more neutral and long-term better fitting `create_tls_config(certs, alpn)` as it was done in #24764. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors
|
|
|
@bors-servo retry |
bors-servo
added a commit
that referenced
this pull request
Dec 9, 2019
Add ALPN and signature algorithms to OpenSSL config * Updated http crate from 0.1.17 [to 0.1.20](https://github.com/hyperium/http/blob/master/CHANGELOG.md#0120-november-26-2019). * Updated hyper from 0.12.33 [to 0.12.35](hyperium/hyper@v0.12.33...v0.12.35). * Updated hyper-openssl from 0.7.0 [to 0.7.1](https://github.com/sfackler/hyper-openssl/blob/master/CHANGELOG.md#v071---2019-03-01). * Updated openssl crate from 0.10.11 [to 0.10.26](https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md#v01026---2019-11-22). * Set ALPN to h2+http/1.1 for https (Enabled HTTP2) and http/1.1 for websockets. * Restricted signature algorithms to the same list across platforms: EdDSA at first, then ECDSA certificates, then TLS 1.3's RSA(-PSS), then classic RSA (PKCS 1.5). Thereby we disabled the [following](https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.1.1c&key=165) non-web-standard signature algorithms: SHA512/ECDSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA. [SHA1/RSA](https://tools.ietf.org/html/draft-ietf-tls-md5-sha1-deprecate-00) is almost dead and now only used by a few old and broken F5 load balancers: Like TLS 1.0 deprecation, we can again deprecate this some months earlier than other browsers. * Added Chacha20 to TLS 1.2 ciphersuite list and preferred it like Firefox and [Rustls](https://github.com/ctz/rustls/blob/4b13a322c05c9310173513782c5d12c5afedfaf5/rustls/src/suites.rs#L377). Removed legacy and privacy-hostile plain RSA (AES256-SHA, AES128-SHA). Compared to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) we keep ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA for now, but won't reintroduce deprecated DHE. * Switched server-side to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) in components/net/tests/main.rs. (The new `modern` would have been TLSv1.3-only, therefore only worked with OpenSSL 1.1.1 which is unfortunately not yet used on every target.) * Renamed `ssl_connector_builder(certs)` to the more neutral and long-term better fitting `create_tls_config(certs, alpn)` as it was done in #24764. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors
|
|
|
@bors-servo retry |
bors-servo
added a commit
that referenced
this pull request
Dec 10, 2019
Add ALPN and signature algorithms to OpenSSL config * Updated http crate from 0.1.17 [to 0.1.20](https://github.com/hyperium/http/blob/master/CHANGELOG.md#0120-november-26-2019). * Updated hyper from 0.12.33 [to 0.12.35](hyperium/hyper@v0.12.33...v0.12.35). * Updated hyper-openssl from 0.7.0 [to 0.7.1](https://github.com/sfackler/hyper-openssl/blob/master/CHANGELOG.md#v071---2019-03-01). * Updated openssl crate from 0.10.11 [to 0.10.26](https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md#v01026---2019-11-22). * Set ALPN to h2+http/1.1 for https (Enabled HTTP2) and http/1.1 for websockets. * Restricted signature algorithms to the same list across platforms: EdDSA at first, then ECDSA certificates, then TLS 1.3's RSA(-PSS), then classic RSA (PKCS 1.5). Thereby we disabled the [following](https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.1.1c&key=165) non-web-standard signature algorithms: SHA512/ECDSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA. [SHA1/RSA](https://tools.ietf.org/html/draft-ietf-tls-md5-sha1-deprecate-00) is almost dead and now only used by a few old and broken F5 load balancers: Like TLS 1.0 deprecation, we can again deprecate this some months earlier than other browsers. * Added Chacha20 to TLS 1.2 ciphersuite list and preferred it like Firefox and [Rustls](https://github.com/ctz/rustls/blob/4b13a322c05c9310173513782c5d12c5afedfaf5/rustls/src/suites.rs#L377). Removed legacy and privacy-hostile plain RSA (AES256-SHA, AES128-SHA). Compared to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) we keep ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA for now, but won't reintroduce deprecated DHE. * Switched server-side to [Mozilla intermediate v5](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29) in components/net/tests/main.rs. (The new `modern` would have been TLSv1.3-only, therefore only worked with OpenSSL 1.1.1 which is unfortunately not yet used on every target.) * Renamed `ssl_connector_builder(certs)` to the more neutral and long-term better fitting `create_tls_config(certs, alpn)` as it was done in #24764. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: --> - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors
|
|
bors-servo
added a commit
that referenced
this pull request
Dec 13, 2019
Disable H2 ALPN. This was introduced by #24976, and it breaks loading https://google.com. Without any network specialists currently contributing to Servo regularly, I would rather revert the particular change that broke it rather than attempt to continue investigating. --- - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #25286 - [x] These changes do not require tests because no H2 testing, no HTTPS configuration testing. <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
bors-servo
added a commit
that referenced
this pull request
Dec 13, 2019
Disable H2 ALPN. This was introduced by #24976, and it breaks loading https://google.com. Without any network specialists currently contributing to Servo regularly, I would rather revert the particular change that broke it rather than attempt to continue investigating. --- - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #25286 - [x] These changes do not require tests because no H2 testing, no HTTPS configuration testing. <!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.--> <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Darkspirit commentedNov 30, 2019
•
edited
Thereby we disabled the following non-web-standard signature algorithms: SHA512/ECDSA, SHA224/ECDSA, SHA1/ECDSA, SHA224/RSA, SHA224/DSA, SHA1/DSA, SHA256/DSA, SHA384/DSA, SHA512/DSA. SHA1/RSA is almost dead and now only used by a few old and broken F5 load balancers: Like TLS 1.0 deprecation, we can again deprecate this some months earlier than other browsers.
Compared to Mozilla intermediate v5 we keep ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA for now, but won't reintroduce deprecated DHE.
modernwould have been TLSv1.3-only, therefore only worked with OpenSSL 1.1.1 which is unfortunately not yet used on every target.)ssl_connector_builder(certs)to the more neutral and long-term better fittingcreate_tls_config(certs, alpn)as it was done in #24764../mach build -ddoes not report any errors./mach test-tidydoes not report any errors