Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31856

use ephemeral ssl certificates

Details

    Description

      Enable SSL in the server by default.

      Implement ephemeral ssl certificates — if SSL is enabled but no certificates are provided by the user, let the server generate certificates in memory and use them.

      FLUSH SSL should either regenerate them or simply fail or do nothing.

      Attachments

        Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. MDEV-31857 enable --ssl-verify-server-cert by default

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32210 Ephemeral certificate missing DN

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32229 Memory leaks while using ephemeral certificates

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-33430 Command line client error ERROR 2026 (HY000): TLS/SSL error: Server certificate validation failed. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Error 0x800B0109(CERT_E_UNTRUSTEDROOT)

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-33592 Self-signed certificates are x509 Version 1, which are rejected by some TLS libraries

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          is blocked by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-31855 validate ssl certificates using client password

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-33482 WolfSSL's math is unnecessarily slow

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34372 Starting MariaDB failed with illegal instruction in WolfSSL

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            dlenski Daniel Lenski (Inactive) added a comment -

            Implement ephemeral ssl certificates — if SSL is enabled but no certificates are provided by the user, let the server generate certificates in memory and use them.

            It should not be necessary to make any application-level changes to handle the case where certificates are not provided by the user: TLS already supports this.

            The TLS standard offers ciphersuites called DH_anon, which basically means "do a DIffie-Hellman KX to agree on a long-term symmetric key, but without verifying any server certificate. https://www.rfc-editor.org/rfc/rfc5246#appendix-C

            This ciphersuite will protect against passive MITM, but not against active MITM as explained here, so it should be considered very weak against the typical threat model for Internet traffic in 2023, which includes pervasive active MITMs.

            dlenski Daniel Lenski (Inactive) added a comment - Implement ephemeral ssl certificates — if SSL is enabled but no certificates are provided by the user, let the server generate certificates in memory and use them. It should not be necessary to make any application -level changes to handle the case where certificates are not provided by the user: TLS already supports this. The TLS standard offers ciphersuites called DH_anon , which basically means "do a DIffie-Hellman KX to agree on a long-term symmetric key, but without verifying any server certificate. https://www.rfc-editor.org/rfc/rfc5246#appendix-C This ciphersuite will protect against passive MITM, but not against active MITM as explained here , so it should be considered very weak against the typical threat model for Internet traffic in 2023, which includes pervasive active MITMs.
            dlenski Daniel Lenski (Inactive) added a comment -

            Additional reasons why this kind of thing should be done in the TLS layer (left to the TLS experts who write and test TLS libraries ) and not implemented at the application layer.

            • Ephemeral certs could play havoc with any clients/library that use a trust-on-first-use approach to server cert validation
            • Generating ephemeral certs will condition end users to expect frequent changes and mismatches in the server certificates, and to bypass them. (This is a common criticism of how SSH is typically deployed: users override and ignore cert mismatches constantly.)
            dlenski Daniel Lenski (Inactive) added a comment - Additional reasons why this kind of thing should be done in the TLS layer (left to the TLS experts who write and test TLS libraries ) and not implemented at the application layer. Ephemeral certs could play havoc with any clients/library that use a trust-on-first-use approach to server cert validation Generating ephemeral certs will condition end users to expect frequent changes and mismatches in the server certificates, and to bypass them. (This is a common criticism of how SSH is typically deployed : users override and ignore cert mismatches constantly .)
            serg Sergei Golubchik added a comment - - edited

            Note that MDEV-31855 is a precondition for ephemeral certs. We won't implement ephemeral certs unless they can be protected against active MitM

            Also:

            • MariaDB connectors don't do trust on first use, they validate certificates on every use.
            • End users won't expect frequent changes and mismatches in the server certificates and bypass them, because they won't know about the changes. The client will completely automatically and transparently validate certificates without involving the user.
            serg Sergei Golubchik added a comment - - edited Note that MDEV-31855 is a precondition for ephemeral certs. We won't implement ephemeral certs unless they can be protected against active MitM Also: MariaDB connectors don't do trust on first use, they validate certificates on every use. End users won't expect frequent changes and mismatches in the server certificates and bypass them, because they won't know about the changes. The client will completely automatically and transparently validate certificates without involving the user .
            dlenski Daniel Lenski (Inactive) added a comment -

            Note that MDEV-31855 is a precondition for ephemeral certs.

            This sentence makes me even more confused about MDEV-31855 than I was before.

            We won't implement ephemeral certs unless they can be protected against active MitM

            How is that possible?

            An ephemeral certificate generated by the server on each connection is — by its very nature — one where the client cannot have any foreknowledge of that certificate’s contents or provenance.

            So how can the client possibly distinguish the ephemeral certificate generated by the real/intended server from one generated by a MITM intermediary?

            It seems like you should perhaps be writing up a design document that explains the overall approach here.

            dlenski Daniel Lenski (Inactive) added a comment - Note that MDEV-31855 is a precondition for ephemeral certs. This sentence makes me even more confused about MDEV-31855 than I was before. We won't implement ephemeral certs unless they can be protected against active MitM How is that possible ? An ephemeral certificate generated by the server on each connection is — by its very nature — one where the client cannot have any foreknowledge of that certificate’s contents or provenance. So how can the client possibly distinguish the ephemeral certificate generated by the real/intended server from one generated by a MITM intermediary? It seems like you should perhaps be writing up a design document that explains the overall approach here.
            serg Sergei Golubchik added a comment -

            yes, sure. the design document is in MDEV-31855. There's a full high-level description of the new protocol extension.
            I'd appreciate if you'd try to come up with attacks against it.

            Also you can check the bb-11.3-serg branch with the implementation of MDEV-31855 and MDEV-31856.

            serg Sergei Golubchik added a comment - yes, sure. the design document is in MDEV-31855 . There's a full high-level description of the new protocol extension. I'd appreciate if you'd try to come up with attacks against it. Also you can check the bb-11.3-serg branch with the implementation of MDEV-31855 and MDEV-31856 .
            serg Sergei Golubchik added a comment -

            see MDEV-31855 for the list of commits

            serg Sergei Golubchik added a comment - see MDEV-31855 for the list of commits
            sanja Oleksandr Byelkin added a comment -

            OK to push

            sanja Oleksandr Byelkin added a comment - OK to push
            lstartseva Lena Startseva added a comment -

            Testing done. Ok to push

            lstartseva Lena Startseva added a comment - Testing done. Ok to push

            People

              serg Sergei Golubchik
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.