[MDEV-26092] Remove weak ciphers (WolfSSL) Created: 2021-07-06  Updated: 2021-07-30  Resolved: 2021-07-30

Status: Closed
Project: MariaDB Server
Component/s: SSL
Affects Version/s: 10.4.20, 10.5.11, 10.6.3
Fix Version/s: 10.4.21, 10.5.12, 10.6.4

Type: Bug Priority: Major
Reporter: Georg Richter Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 0
Labels: Security


 Description   

While implementing MDEV-26049 I noticed that WolfSSL supports weak cipher suites which should be disabled.

Using a 10.2 command line client (yassl):

$ ./client/mysql -uroot -h127.0.0.1 -P16000 --ssl-cipher=RC4-MD5 -e"show status like 'ssl_cipher'\G"
 
*************************** 1. row ***************************
 
Variable_name: Ssl_cipher
 
        Value: RC4-MD5
 
$  ./client/mysql -uroot -h127.0.0.1 -P16000 --ssl-cipher=RC4-SHA -e"show status like 'ssl_cipher'\G"
 
*************************** 1. row ***************************
 
Variable_name: Ssl_cipher
 
        Value: RC4-SHA

RC4 is vulnerable and should be removed. See also https://www.rc4nomore.com/

 Comments   
Comment by Georg Richter [ 2021-07-06 ]

wlad Since you are more familiar with WolfSSL build, I assigned it to you. I think a simple -DNO_RC4 will fix this.

Comment by Vladislav Vaintroub [ 2021-07-15 ]

I do not think we should do anything to disable parts of WolfSSL, which are also parts of OpenSSL.

Comment by Georg Richter [ 2021-07-15 ]

The last version of OpenSSL which supported these weak ciphers was openssl 1.0.2, which eoled in 2019.

$ openssl version
 
OpenSSL 1.1.1f  31 Mar 2020 (Library: OpenSSL 1.1.1j  16 Feb 2021)
 
$ openssl ciphers | grep RC4
 
$ openssl ciphers | grep MD5

Comment by Vladislav Vaintroub [ 2021-07-15 ]

Please file a bug against WolfSSL, if you care about all users of this great library. I see no reason to tweak anything here.

Comment by Sergei Golubchik [ 2021-07-26 ]

I've filed a bug against WolfSSL about RC4. According to this comment RC4 is disabled by default if one uses ./configure or their user setting template.

I think we should take a look at what filters WolfSSL disables by default this way (in configure or a user setting template) and disable them in our user_settings.h too.

Comment by Vladislav Vaintroub [ 2021-07-26 ]

Since they accepted a bug, so it is probably no much to do from our side.

Comment by Sergei Golubchik [ 2021-07-26 ]

They accepted a bug to make NO_RC4 the default in the code. But it's of low importance for them, I assume, as both configure and their user_settings templates already disable RC4. So it'll only affect very few packagers of WolfSSL (like us).

I'm saying that WolfSSL, as a vendor, have already decided to make RC4 disabled by default. As shown by configure script behavior. We should either trust that they know what they're doing, and use their defaults or we need to decide for every cipher whether we want it enabled or not (and argue about every one, and get to understand all related issues, etc).

Frankly, I'd rather use vendor defaults.

Comment by Vladislav Vaintroub [ 2021-07-26 ]

Aparently, their documentation says
https://www.wolfssl.com/docs/wolfssl-manual/ch2/

"
NO_RC4 removes the use of the ARC4 stream cipher from the build. ARC4 is built-in by default because it is still popular and widely used."

Builtin by default. Still popular. Widely used.

Their ./configure disagrees. Their IDE\WIN\user_config.h agrees. The developer , in a comment to a bug report, agrees with ./configure but not with IDE\WIN\user_config.h or official documentation. So, here is what we are at, mixed signals from different sources. I'd like to wait and see how this reported bug is handled.

Comment by Vladislav Vaintroub [ 2021-07-30 ]

I removed the stuff that is removed in their cmake. Some things could not be removed like NO_PWDBASED, because it broke the build elsewhere, and some things we actually use, like DES3

Generated at Thu Feb 08 09:42:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.