Bug 1775167
| Summary: | The list of cyphers differs for IO::Socket::SSL from the OpenSSL default and it ignores crypto-policy | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Patrik Kis <pkis> |
| Component: | perl-IO-Socket-SSL | Assignee: | perl-maint-list |
| Status: | CLOSED ERRATA | QA Contact: | RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.2 | CC: | jheger, jorton, ppisar |
| Target Milestone: | rc | Keywords: | Patch, Triaged |
| Target Release: | 8.2 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | perl-IO-Socket-SSL-2.066-4.el8 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 15:56:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I confirm this issue.
A chain of libraries used is: Net::LDAPS → IO::Socket::SSL → Net::SSLeay → libssl.so. I observe the same behavior on IO::Socket::SSL level:
#!/usr/bin/perl
use IO::Socket::SSL;
my $conn = IO::Socket::SSL->new(
'PeerHost' => 'localhost',
'PeerPort' => 2000,
SSL_verify_mode => SSL_VERIFY_NONE,
) or die "error=$!, ssl_error=$SSL_ERROR\n";
$conn->close();
(I also noticed that Net::LDAPS does not verify the server certificate by default and the default behavior is not documented. I raised a question to the upstream <https://rt.cpan.org/Ticket/Display.html?id=131045>).
And this is a Net:SSLay client:
#!/usr/bin/perl
use IO::Socket::IP;
use Net::SSLeay 1.82;
my $tcp = IO::Socket::IP->new(
PeerHost=>'localhost',
PeerPort=>2000,
Type => SOCK_STREAM,
) or die "creating socket failed: $@";
$tcp->connect or die "TCP connect() failed: $!";
Net::SSLeay::initialize();
my $method = Net::SSLeay::TLS_client_method() or
die "TLS_client_method() failed";
my $ctx = Net::SSLeay::CTX_new_with_method($method) or
die "CTX_tlsv1_new() failed";
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL) or
die "CTX_set_options() failed";
my $ssl = Net::SSLeay::new($ctx) or
die "new() failed";
Net::SSLeay::set_verify($ssl, Net::SSLeay::VERIFY_NONE, undef);
Net::SSLeay::set_fd($ssl, fileno($tcp)) or
die "set_fd() failed";
if (1 != Net::SSLeay::connect($ssl)) {
Net::SSLeay::die_now "connect() failed, errno=$!";
}
print "Used cipher: ", Net::SSLeay::get_cipher($ssl), "\n";
if (0 == Net::SSLeay::shutdown($ssl)) {
Net::SSLeay::read($ssl)
}
Net::SSLeay::free($ssl);
Net::SSLeay::CTX_free($ctx);
$tcp->close;
that does not suffer from the issue. Thus the culprit is IO::Socket::SSL.
IO::Socket::SSL passes "DEFAULT" string to Net::SSLeay::CTX_set_cipher_list() that
is passed to OpenSSL SSL_CTX_set_cipher_list(). OpenSSL manual reads:
SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2
and below) for ctx using the control string str. The format of the
string is described in ciphers(1). The list of ciphers is inherited by
all ssl objects created from ctx. This function does not impact TLSv1.3
ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.
SSL_CTX_set_ciphersuites() is documented as:
SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3
ciphersuites for ctx. This is a simple colon (":") separated list of
TLSv1.3 ciphersuite names in order of preference.
IO::Socket::SSL does not call Net::SSLeay::CTX_set_ciphersuites() at all.
Only Net::SSLeay::CTX_set_cipher_list(). I tried connecting
with "openssl s_client -connect localhost:2000 -cipher DEFAULT" and it exhibits
exactly the same change in advertised ciphersuites as IO::Socket::SSL.
So I can see to problems:
(1) "DEFAULT" is not the same as a default cryptopolicy.
(2) Setting TLsv1.2 ciphers affects TLSv1.3 contrary to to documentation.
(In reply to Petr Pisar from comment #4) > (1) "DEFAULT" is not the same as a default cryptopolicy. Correct identifier for the system-wide cipher list for OpenSSL is "PROFILE=SYSTEM". See <https://fedoraproject.org/wiki/Packaging:CryptoPolicies#C.2FC.2B.2B_applications>. > (2) Setting TLsv1.2 ciphers affects TLSv1.3 contrary to to documentation. This is OpenSSL issue. Proposed fix is correcting aIO-Socket-SSL-2.066-use-system-default-cipher-list.patch patch: --- a/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch +++ b/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch @@ -12,7 +12,7 @@ + # Use system-wide default cipher list to support use of system-wide + # crypto policy (#1076390, #1127577, CPAN RT#97816) + # https://fedoraproject.org/wiki/Changes/CryptoPolicy -+ SSL_cipher_list => 'DEFAULT', ++ SSL_cipher_list => 'PROFILE=SYSTEM', ); my %DEFAULT_SSL_CLIENT_ARGS = ( Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1673 |
Description of problem: When running a simple perl ldap client with perl-LDAP against openssl s_server the list of shared cyphers differs from the openssl default. Moreover, the perl client ignores the cryto-policy default, but I'm not sure if that is a bug. Version-Release number of selected component (if applicable): perl-LDAP-0.66-7.el8 crypto-policies-20191022-1.gite17cc3a.el8 openssl-1.1.1c-3.el8 How reproducible: always Steps to Reproduce: 1. Run a perl client: #!/usr/bin/perl sub ldap_query { use Net::LDAPS; my $conn = Net::LDAPS->new('localhost', version => 3, port => 2000, raw => qr/^$/ ) || die "$@\n"; $conn->disconnect(); return 0; } my $test = ldap_query(); 2. against s_server # openssl s_server -accept 2000 -cert ca.crt -key ca.key -cipher ALL 3. and run s_client against the same server # echo test | openssl s_client -connect localhost:2000 4. Compare the list of cyphers from perl_client and s_client Actual results: # diff perl_client_shared_ciphers s_client_shared_ciphers 0a1 > AES128-CCM 3a5 > AES256-CCM 6a9 > DHE-RSA-AES128-CCM 9a13 > DHE-RSA-AES256-CCM 13a18 > ECDHE-ECDSA-AES128-CCM 16a22 > ECDHE-ECDSA-AES256-CCM 19d24 < ECDHE-ECDSA-AES256-SHA384 26d30 < ECDHE-RSA-AES256-SHA384 Expected results: no difference Additional info: The test above was performed with the default crypto-policy. When the crypto policy was changed to LEGACY, the cypher list for s_client test changes, but did not changed for perl_client. So I assume th perl_client ignores the crypto policy setting. Perhaps this is the reason of the whole issue. Just an idea; I might be wrong.