Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support of SHA256 for SSL fingerprint (SHA1 is deprecated) #281

Closed
Mikaela opened this Issue Dec 18, 2014 · 8 comments

Comments

Projects
None yet
4 participants
@Mikaela
Copy link
Contributor

commented Dec 18, 2014

I mean the option irc.server.<network>.ssl_fingerprint. ZNC 1.5 wants in SHA256 fingerprints .

@flashcode

This comment has been minimized.

Copy link
Member

commented Dec 18, 2014

How do you get SHA256 fingerprint of certificates?
For example on freenode I'm not even sure SHA256 is available.
So maybe support could be extended to SHA256, with still SHA1 possible, like now?

@Mikaela

This comment has been minimized.

Copy link
Contributor Author

commented Dec 19, 2014

How do you get SHA256 fingerprint of certificates?

You probably mean in code which I have no idea, but here is openssl command and result for freenode:

% openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null|openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
SHA256 Fingerprint=14:11:92:98:3C:A7:A1:7D:47:74:24:83:C8:0E:A0:2F:98:CC:27:AA:AF:AC:07:8C:12:03:45:23:E0:88:A8:76

For example on freenode I'm not even sure SHA256 is available.

Why it wouldn't?

So maybe support could be extended to SHA256, with still SHA1 possible, like now?

I don't understand why.

@Mikaela

This comment has been minimized.

Copy link
Contributor Author

commented Dec 19, 2014

I think I see what you mean. If I have understood correctly, fingerprint is just hash of certificate and you can use other hashes than the certificate is, so there is no reason to support SHA1. Freenode's certificates appear to be

% openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null \
    | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption
@aapa

This comment has been minimized.

Copy link

commented Dec 21, 2014

Yeah, the hashing method is explicitly defined in irc_server_check_certificate_fingerprint in irc-server.c:

    /* calculate the SHA1 fingerprint for the certificate */
    if (gnutls_x509_crt_get_fingerprint (certificate, GNUTLS_DIG_SHA1,
                                         fingerprint_server,
                                         &fingerprint_size) != GNUTLS_E_SUCCESS)

So what happens is:

  1. Client calculates fingerprint a.k.a. hash digest (in this case, SHA1) for the certificate provided
  2. Client compares the fingerprint to those saved to user settings (irc.server.network.ssl_fingerprint)
  3. If it matches -> success, the certificate is fine

There is no reason why the hashing method couldn't be changed from SHA1 to SHA256. In the transition phase the client could support both SHA1 and SHA256, detecting the hash type from its length.

Also in the case of Freenode you should trust the CA as mentioned in the documentation, setting the fingerprint is unnecessary and dangerous (from the docs):

  • irc.server_default.ssl_fingerprint
    • description: SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")

@Mikaela Mikaela changed the title WeeChat wants SHA1 of SSL fingerprint and SHA1 is depreceated WeeChat wants SHA1 of SSL fingerprint and SHA1 is deprecated Dec 21, 2014

@flashcode

This comment has been minimized.

Copy link
Member

commented Dec 21, 2014

Yes, I'll add support of SHA256 in addition to SHA1.

@flashcode flashcode added this to the 1.2 milestone Dec 21, 2014

@flashcode flashcode self-assigned this Dec 21, 2014

@flashcode flashcode changed the title WeeChat wants SHA1 of SSL fingerprint and SHA1 is deprecated Add support of SHA256 for SSL fingerprint (SHA1 is deprecated) Jan 17, 2015

@maxteufel

This comment has been minimized.

Copy link
Contributor

commented Mar 30, 2015

May I ask why specifically SHA-2-256? I'd actually propose SHA-2-512 as GnuTLS already supports that (or everything from SHA-2-224 to SHA-2-512 if it will be possible to use different hash algorithms).

@Mikaela

This comment has been minimized.

Copy link
Contributor Author

commented Mar 30, 2015

Probably because everyone else is also moving to SHA256, but some stronger would probably be better.

@maxteufel

This comment has been minimized.

Copy link
Contributor

commented Mar 30, 2015

Everyone doing that doesn't mean it's a good idea.

@flashcode flashcode closed this in fe9a9fb Apr 18, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.