[MDEV-9553] TLS/SSL tasks Created: 2016-02-12  Updated: 2017-05-29

Status: Stalled
Project: MariaDB Server
Component/s: SSL
Fix Version/s: None

Type: Task Priority: Major
Reporter: Georg Richter Assignee: Georg Richter
Resolution: Unresolved Votes: 3
Labels: None

Issue Links:
PartOf
includes MDEV-9906 Update KB to replace "SSL" with "TLS"... Closed
includes MDEV-9907 Update build machines to new version ... Closed
Relates
relates to CONC-158 SSL tasks Open
relates to MDEV-9910 Add --tls options and deprecate --ssl... Closed
Sprint: 10.2.0-8, 10.2.1-1, 10.2.1-2

 Description   

Thread safety (OpenSSL)

For both client and server use a global SSL context and provide locks for crypto API.
Affects: MDEV-9552

Global definitions

Current implementation uses HAVE_OPENSSL which indicates that the server supports SSL, additionally HAVE_YASSL indicates that Yassl is used instead of OpenSSL.

Suggestion:

HAVE_SSL: indicates that server/client supports SSL
HAVE_OPENSSL: OpenSSL library is used
HAVE_YASSL: Builtin yassl library is used.
HAVE_ANOTHER: Another SSL library is used.

TLS versions

  • Stop supporting deprecated SSLv3 and provide support for TLSv1.2. (already done)
  • Since Yassl doesn't support TLSV1.2 the library isn't able to negotiate TLS1+ during handshake, server should indicate SSL capabilities in extended flags.

SSL Ciphers:

Check for invalid cipher names

This should return an error:

MariaDB [(none)]> grant all on *.* to foo@localhost require cipher 'youcanspecifywhateveryouwanthere :-(';
 
Query OK, 0 rows affected (0.00 sec)

Disallow bad ciphers/groups

OpenSSL:

static const char blacklisted_ciphers[]= "!DES:!DHE-DSS-DES-CBC3-SHA:!DHE-RSA-DES-CBC3-SHA:"
 
                                         "!ECDH-ECDSA-DES-CBC3-SHA:!ECDH-RSA-DES-CBC3-SHA:"
 
                                         "!ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:";
 
static const char blacklisted_groups[]=  "!EXPORT:!LOW:!MD5:!PSK:!RC2:!RC4:!aNULL:!eNULL:";

Yassl

/* several (but not all ciphers are already blacklisted in yassl_type.h, disabling groups only
 
   might be enough */
 
static const char *blacklisted_ciphers = "";
 
static const char blacklisted_groups[] = "!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!DES:!RC2:!RC4:!PSK:";

Valid/allowed ciphers

OpenSSL

static const char valid_ciphers[] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
 
                                    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
 
                                    "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:"
 
                                    "ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:"
 
                                    "ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:"
 
                                    "DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:"
 
                                    "ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:"
 
                                    "ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:"
 
                                    "DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:"
 
                                    "AES256-GCM-SHA384:AES128-SHA256:"
 
                                    "AES256-SHA256:AES128-SHA:AES256-SHA:";

Yassl

static const char valid_ciphers[]= "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:"
 
                                   "AES128-RMD:DES-CBC3-RMD:DHE-RSA-AES256-RMD:"
 
                                   "DHE-RSA-AES128-RMD:DHE-RSA-DES-CBC3-RMD:"
 
                                   "AES256-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:"
 
                                   "DES-CBC-SHA:EDH-RSA-DES-CBC3-SHA:"
 
                                   "EDH-RSA-DES-CBC-SHA:AES128-SHA:AES256-RMD";

Transport Layers:

On Windows systems, OpenSSL doesn't provide support for SSL via named pipe or shared memory. Instead we need to provide support for using SChannel (Windows security support provider).

DH (Diffie Hellmann) parameters

OpenSSL documentation recommends not to use static dh parameters: "The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the openssl dhparam application. This application guarantees that "strong" primes are used."

  • increase size of internal dh parameter from 2048 to 4096 (recommended)
  • Since creating dh param on the fly is too slow, provide an adiitional option to load a dh.pem file

Passphrase protected private keys

If server uses a passphrase protected keyfile, it will not start unless correct passphrase for key was entered.

  • Provide a server option --ssl-passphrase for decrypting private key without manual interaction

. OpenSSL version

set minimum required version of OpenSSL to 1.0.1 and update build machines

Server certificate verification

Current implementation only checks validity of server certificate if option MYSQL_OPT_SSL_VERIFY_SERVER_CERT was specified.
According to the documentation this option enables or disables verification of the server's Common Name value in its certificate against the host name used when connecting to the server

 Comments   
Comment by Daniel Black [ 2016-02-28 ]

TLS Session Tickets

Perhaps hook the aspects of TLS session tickets (which is probably only OpenSSL/SChannel). Might only need a client side implementation.

http://databaseblog.myname.nl/2016/01/the-performance-of-tls-with-mysql.html

Comment by Daniël van Eeden [ 2017-02-15 ]

danblack: This bugreport has a proof-of-concept patch which does that: https://bugs.mysql.com/bug.php?id=76921

Generated at Thu Feb 08 07:35:32 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.