Skip to content

Modernise TLS configuration#2816

Closed
lmamane wants to merge 3 commits intopocoproject:developfrom
lmamane:develop
Closed

Modernise TLS configuration#2816
lmamane wants to merge 3 commits intopocoproject:developfrom
lmamane:develop

Conversation

@lmamane
Copy link
Copy Markdown

@lmamane lmamane commented Oct 18, 2019

Pushed by a poco-using client that would my web server would not let me connect to, I modernised a bit the default TLS configuration.

Lionel Elie Mamane added 2 commits October 18, 2019 18:34
Modernise TLS configuration: use 2048 bit DH group by default.
d81b6ba 
1024 bits is deprecated / becoming insecure, and some configurations
start to reject it, e.g. Debian 10 machines by default.
Modernise TLS configuration: on OpenSSL 1.1 and later, allow to set
6a13818 
list of supported groups rather than a single curve only.
@obiltschnig obiltschnig added this to the Release 1.10.0 milestone Oct 18, 2019
@obiltschnig obiltschnig self-assigned this Oct 18, 2019
fix 1.x versions of OpenSSL before 1.1.1
dc40aaf 
they did not support SSL_CTX_set1_group_lists under that name.
Also carefully set defaults based on what is supported
(as opposed to documented) according to OpenSSL version.
@obiltschnig obiltschnig mentioned this pull request Jan 24, 2020
Closed
obiltschnig added a commit that referenced this pull request Feb 4, 2020
@obiltschnig
#2816: Modernise TLS configuration
d33a39a
@obiltschnig
Copy link
Copy Markdown
Member

obiltschnig commented Feb 4, 2020

merged into poco-1.10.1 (made 2048 curves optional, subject to config param).

@lmamane
Copy link
Copy Markdown
Author

lmamane commented Feb 4, 2020

@obiltschnig, you made using 2048 bit DH off by default. I wish to stress that:

  1. From a general security perspective, 1024 bits is considered insufficient nowadays.
  2. Implementations are starting to reject connections with only 1024 bits DH. E.g. Debian version 10 ("Buster"), released in July 2019, configures its OpenSSL to reject DH connections with less than 2048 bits by default, by setting OpenSSL's SECLEVEL setting to 2.

For maximum compatibility with latest versions of connection peers, I recommend defaulting to 2048 bit DH.

@obiltschnig
Copy link
Copy Markdown
Member

obiltschnig commented Feb 4, 2020

I understand, but I don't want to potentially break existing code relying on the current behavior in a minor update.

@lmamane
Copy link
Copy Markdown
Author

lmamane commented Feb 4, 2020

Yes, that's a good point.

@obiltschnig
Copy link
Copy Markdown
Member

obiltschnig commented Feb 4, 2020

I also had to remove some ECDH groups, as not all OpenSSL builds seem to support them. The set I ended up with for OpenSSL 1.1.1 is "X448:X25519:P-521:P-384:P-256".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@obiltschnig obiltschnig

Labels

enhancement fixed

Projects

None yet

Milestone

Release 1.10.1

Development

Successfully merging this pull request may close these issues.

2 participants

@lmamane @obiltschnig