INN commit: trunk (9 files)

INN Commit rra at isc.org
Tue Nov 11 13:36:31 UTC 2014


    Date: Tuesday, November 11, 2014 @ 05:36:31
  Author: iulius
Revision: 9744

Improve tuning of the SSL/TLS configuration

nnrpd's TLS support is basically using OpenSSL's defaults WRT issues
such as protocol support and cipher suites.  In these days of POODLEs
and other vulnerabilities, it should be useful to be able to have better
control over what's offered.  So this patch adds a few options to inn.conf:

- tlsprotocols:  allows to select the SSL/TLS versions that are
  supported

- tlsciphers:  allows to give an OpenSSL cipher string to tailor the
  cipher suites that are offered to clients

- tlspreferserverciphers:  switches on the server-side selection of
  the cipher suite (TLS default is "client chooses")

- tlscompression:  allows to turn off TLS compression (because
  of the CRIME attack) if the OpenSSL version supports this.

Many thanks to Christian Mock for his patch.

Modified:
  trunk/CONTRIBUTORS
  trunk/doc/pod/inn.conf.pod
  trunk/doc/pod/news.pod
  trunk/doc/pod/nnrpd.pod
  trunk/include/inn/innconf.h
  trunk/lib/innconf.c
  trunk/nnrpd/tls.c
  trunk/nnrpd/tls.h
  trunk/samples/inn.conf.in

-----------------------+
 CONTRIBUTORS          |    2 -
 doc/pod/inn.conf.pod  |   39 ++++++++++++++++++++--
 doc/pod/news.pod      |   23 ++++++++++--
 doc/pod/nnrpd.pod     |    5 ++
 include/inn/innconf.h |    8 ++++
 lib/innconf.c         |    4 ++
 nnrpd/tls.c           |   85 ++++++++++++++++++++++++++++++++++++++++++++----
 nnrpd/tls.h           |   13 ++++++-
 samples/inn.conf.in   |    4 ++
 9 files changed, 168 insertions(+), 15 deletions(-)

Modified: CONTRIBUTORS
===================================================================
--- CONTRIBUTORS	2014-11-11 13:28:16 UTC (rev 9743)
+++ CONTRIBUTORS	2014-11-11 13:36:31 UTC (rev 9744)
@@ -276,4 +276,4 @@
 Edmund H. Ramm, Raphael Barrois, Bo Lindbergh, Matthias Meyser,
 Dennis Preiser, Paolo Amoroso, Dennis Davis, River Tarnell, Jochen Schmitt,
 Tim Fardell, Remco Rijnders, David Binderman, Tony Evans, Christian Garbs,
-Jesse Rehmer, Colin Watson, Lauri Tirkkonen
+Jesse Rehmer, Colin Watson, Lauri Tirkkonen, Christian Mock

Modified: doc/pod/inn.conf.pod
===================================================================
--- doc/pod/inn.conf.pod	2014-11-11 13:28:16 UTC (rev 9743)
+++ doc/pod/inn.conf.pod	2014-11-11 13:36:31 UTC (rev 9744)
@@ -1027,9 +1027,12 @@
 
 =back
 
-Finally, here are the parameters used by nnrpd(8) to provide TLS/SSL
-support:
+=head2 TLS/SSL Support for Reading and Posting
 
+Here are the parameters used by nnrpd(8) to provide TLS/SSL support.
+
+The parameters related to certificates are:
+
 =over 4
 
 =item I<tlscafile>
@@ -1069,6 +1072,38 @@
 
 =back
 
+Finally, here are the parameters that can be used to tighten the level
+of security provided by TLS/SSL:
+
+=over 4
+
+=item I<tlsciphers>
+
+The string describing the cipher suites OpenSSL will support.  See
+OpenSSL's ciphers(1) command documentation for details.  The default
+is unset, which uses OpenSSL's default cipher suite list.
+
+=item I<tlscompression>
+
+Whether to enable or disable SSL/TLS compression support.  This is a
+boolean and the default is false.
+
+=item I<tlspreferserverciphers>
+
+Whether to let the client or the server decide the preferred cipher.
+This is a boolean and the default is true, that is to say the server
+decides the preferred cipher.
+
+=item I<tlsprotocols>
+
+The list of SSL/TLS protocol versions to support.  Valid protocols are
+B<SSLv2>, B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>.  The default
+value is to only allow TLS protocols:
+
+    tlsprotocols: [ TLSv1 TLSv1.1 TLSv1.2 ]
+
+=back
+
 =head2 Monitoring
 
 These parameters control the behavior of innwatch(8), the program that

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2014-11-11 13:28:16 UTC (rev 9743)
+++ doc/pod/news.pod	2014-11-11 13:36:31 UTC (rev 9744)
@@ -18,6 +18,16 @@
 
 =item *
 
+If you have been using SSL/TLS with B<nnrpd> before, be aware that the
+default value of a few F<inn.conf> parameters have changed:  SSL/TLS
+compression is now disabled by default, the server decides the preferred
+cipher, and only TLS protocols are allowed (using the flawed SSLv2
+and SSLv3 protocols is now disabled).  If you want to change these
+settings, the respective I<tlscompression>, I<tlspreferserverciphers>,
+and I<tlsprotocols> parameters can be tuned to your needs.
+
+=item *
+
 The B<--with-kerberos> configure flag used to add S<Kerberos v5>
 support has been renamed to B<--with-krb5>.
 
@@ -178,11 +188,6 @@
 
 =item *
 
-For security reasons, use of the flawed SSLv2 protocol is now disabled
-for TLS sessions with B<nnrpd>.
-
-=item *
-
 The INN test suite driver is now fully synchronized with the upstream
 version of the C TAP Harness package maintained by Russ Allbery.
 Keeping the INN test suite driver up-to-date will be possible thanks
@@ -197,6 +202,14 @@
 
 =item *
 
+New F<inn.conf> parameters used by B<nnrpd> to fine-tune the SSL/TLS
+configuration have been added:  I<tlsciphers>, I<tlscompression>,
+I<tlspreferserverciphers>, and I<tlsprotocols>.  Many thanks to Christian
+Mock for his contribution that permits to tighten the level of security
+provided by TLS/SSL.
+
+=item *
+
 B<innwatch> no longer creates a child process only for sleeping and then
 waits on that process.  The forked-off process only died after it had
 done sleeping, which caused the INN service to drop into maintenance

Modified: doc/pod/nnrpd.pod
===================================================================
--- doc/pod/nnrpd.pod	2014-11-11 13:28:16 UTC (rev 9743)
+++ doc/pod/nnrpd.pod	2014-11-11 13:36:31 UTC (rev 9744)
@@ -226,6 +226,11 @@
 You may need to replace C<nntps> with C<563> if C<nntps> isn't
 defined in F</etc/services> on your system.
 
+Optionally, you may set the I<tlsciphers>, I<tlscompression>,
+I<tlspreferserverciphers>, and I<tlsprotocols> parameters in F<inn.conf>
+to fine-tune the behaviour of the SSL/TLS negotiation whenever a new
+attack on the TLS protocol or some supported cipher suite is discovered.
+
 =head1 PROTOCOL DIFFERENCES
 
 B<nnrpd> implements the NNTP commands defined in S<RFC 3977> (NNTP),

Modified: include/inn/innconf.h
===================================================================
--- include/inn/innconf.h	2014-11-11 13:28:16 UTC (rev 9743)
+++ include/inn/innconf.h	2014-11-11 13:36:31 UTC (rev 9744)
@@ -123,10 +123,18 @@
     unsigned long backofftrigger;  /* Number of postings before triggered */
 
     /* Reading and posting -- SSL and TLS support */
+    /* Do not test HAVE_OPENSSL.  This relieves customers of /usr/include/inn
+     * from the need to guess whether INN was built with SSL/TLS support in
+     * order to get a header that matches the installed libraries.
+     */
     char *tlscafile;            /* Path to a certificate authority file */
     char *tlscapath;            /* Path to a directory of CA certificates */
     char *tlscertfile;          /* Path to the SSL certificate to use */
     char *tlskeyfile;           /* Path to the key for the certificate */
+    char *tlsciphers;           /* OpenSSL-style cipher string */
+    bool tlscompression;        /* Turn TLS compression on/off */
+    bool tlspreferserverciphers; /* Make server select the cipher */
+    struct vector *tlsprotocols; /* List of supported TLS versions */
 
     /* Monitoring */
     bool doinnwatch;            /* Start innwatch from rc.news? */

Modified: lib/innconf.c
===================================================================
--- lib/innconf.c	2014-11-11 13:28:16 UTC (rev 9743)
+++ lib/innconf.c	2014-11-11 13:36:31 UTC (rev 9744)
@@ -232,6 +232,10 @@
     { K(tlscapath),               STRING  (NULL) },
     { K(tlscertfile),             STRING  (NULL) },
     { K(tlskeyfile),              STRING  (NULL) },
+    { K(tlsciphers),              STRING  (NULL) },
+    { K(tlscompression),          BOOL   (false) },
+    { K(tlspreferserverciphers),  BOOL    (true) },
+    { K(tlsprotocols),            LIST    (NULL) },
 #endif /* HAVE_OPENSSL */
 
     /* The following settings are used by nnrpd and rnews. */

Modified: nnrpd/tls.c
===================================================================
--- nnrpd/tls.c	2014-11-11 13:28:16 UTC (rev 9743)
+++ nnrpd/tls.c	2014-11-11 13:36:31 UTC (rev 9744)
@@ -425,7 +425,9 @@
 int
 tls_init_serverengine(int verifydepth, int askcert, int requirecert,
                       char *tls_CAfile, char *tls_CApath, char *tls_cert_file,
-                      char *tls_key_file)
+                      char *tls_key_file, bool prefer_server_ciphers,
+                      bool tls_compression, struct vector *tls_proto_vect,
+                      char *tls_ciphers)
 {
     int     off = 0;
     int     verify_flags = SSL_VERIFY_NONE;
@@ -434,6 +436,8 @@
     char   *s_cert_file;
     char   *s_key_file;
     struct stat buf;
+    size_t  tls_protos = 0;
+    size_t  i;
 
     if (tls_serverengine)
       return (0);				/* Already running. */
@@ -450,9 +454,6 @@
     };
 
     off |= SSL_OP_ALL;		/* Work around all known bugs. */
-#ifdef SSL_OP_NO_SSLv2
-    off |= SSL_OP_NO_SSLv2;     /* Too many holes in SSLv2. */
-#endif
     SSL_CTX_set_options(CTX, off);
     SSL_CTX_set_info_callback(CTX, apps_ssl_info_callback);
     SSL_CTX_sess_set_cache_size(CTX, 128);
@@ -496,6 +497,73 @@
     SSL_CTX_set_tmp_dh_callback(CTX, tmp_dh_cb);
     SSL_CTX_set_options(CTX, SSL_OP_SINGLE_DH_USE);
 
+    if (prefer_server_ciphers) {
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+        SSL_CTX_set_options(CTX, SSL_OP_CIPHER_SERVER_PREFERENCE);
+#endif
+    }
+
+    if ((tls_proto_vect != NULL) && (tls_proto_vect->count > 0)) {
+        for (i = 0; i < tls_proto_vect->count; i++) {
+            if (tls_proto_vect->strings[i] != NULL) {
+                if (strcmp(tls_proto_vect->strings[i], "SSLv2") == 0) {
+                    tls_protos |= INN_TLS_SSLv2;
+                } else if (strcmp(tls_proto_vect->strings[i], "SSLv3") == 0) {
+                    tls_protos |= INN_TLS_SSLv3;
+                } else if (strcmp(tls_proto_vect->strings[i], "TLSv1") == 0) {
+                    tls_protos |= INN_TLS_TLSv1;
+                } else if (strcmp(tls_proto_vect->strings[i], "TLSv1.1") == 0) {
+                    tls_protos |= INN_TLS_TLSv1_1;
+                } else if (strcmp(tls_proto_vect->strings[i], "TLSv1.2") == 0) {
+                    tls_protos |= INN_TLS_TLSv1_2;
+                } else {
+                    syslog(L_ERROR, "TLS engine: unknown protocol '%s' in tlsprotocols",
+                           tls_proto_vect->strings[i]);
+                }
+            }
+        }
+    } else {
+        /* Default value:  allow only TLS protocols. */
+        tls_protos = (INN_TLS_TLSv1 | INN_TLS_TLSv1_1 | INN_TLS_TLSv1_2);
+    }
+
+    if ((tls_protos & INN_TLS_SSLv2) == 0) {
+        SSL_CTX_set_options(CTX, SSL_OP_NO_SSLv2);
+    }
+
+    if ((tls_protos & INN_TLS_SSLv3) == 0) {
+        SSL_CTX_set_options(CTX, SSL_OP_NO_SSLv3);
+    }
+
+    if ((tls_protos & INN_TLS_TLSv1) == 0) {
+        SSL_CTX_set_options(CTX, SSL_OP_NO_TLSv1);
+    }
+
+    if ((tls_protos & INN_TLS_TLSv1_1) == 0) {
+#ifdef SSL_OP_NO_TLSv1_1
+        SSL_CTX_set_options(CTX, SSL_OP_NO_TLSv1_1);
+#endif
+    }
+
+    if ((tls_protos & INN_TLS_TLSv1_2) == 0) {
+#ifdef SSL_OP_NO_TLSv1_2
+        SSL_CTX_set_options(CTX, SSL_OP_NO_TLSv1_2);
+#endif
+    }
+
+    if (tls_ciphers != NULL) {
+        if (SSL_CTX_set_cipher_list(CTX, tls_ciphers) == 0) {
+            syslog(L_ERROR, "TLS engine: cannot set cipher list");
+            return (-1);
+        }
+    }
+
+    if (!tls_compression) {
+#ifdef SSL_OP_NO_COMPRESSION
+        SSL_CTX_set_options(CTX, SSL_OP_NO_COMPRESSION);
+#endif
+    }
+
     verify_depth = verifydepth;
     if (askcert!=0)
 	verify_flags |= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
@@ -513,7 +581,7 @@
 
 /*
 **  The function called by nnrpd to initialize the TLS support.  Calls
-**  tls_init_server_engine and checks the result.  On any sort of failure,
+**  tls_init_serverengine and checks the result.  On any sort of failure,
 **  nnrpd will exit.
 **
 **  Returns -1 on error.
@@ -532,7 +600,12 @@
 				       innconf->tlscafile,
 				       innconf->tlscapath,
 				       innconf->tlscertfile,
-				       innconf->tlskeyfile);
+				       innconf->tlskeyfile,
+                                       innconf->tlspreferserverciphers,
+                                       innconf->tlscompression,
+                                       innconf->tlsprotocols,
+                                       innconf->tlsciphers);
+
     if (ssl_result == -1) {
         Reply("%d Error initializing TLS\r\n",
               initialSSL ? NNTP_FAIL_TERMINATING : NNTP_ERR_STARTTLS);

Modified: nnrpd/tls.h
===================================================================
--- nnrpd/tls.h	2014-11-11 13:28:16 UTC (rev 9743)
+++ nnrpd/tls.h	2014-11-11 13:36:31 UTC (rev 9744)
@@ -27,6 +27,13 @@
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 
+/* Protocol support. */
+#define INN_TLS_SSLv2 1
+#define INN_TLS_SSLv3 2
+#define INN_TLS_TLSv1 4
+#define INN_TLS_TLSv1_1 8
+#define INN_TLS_TLSv1_2 16
+
 /* Init TLS engine. */
 int tls_init_serverengine(int verifydepth, /* Depth to verify. */
 			  int askcert,     /* 1 = Verify client. */
@@ -34,7 +41,11 @@
 			  char *tls_CAfile,
 			  char *tls_CApath,
 			  char *tls_cert_file,
-			  char *tls_key_file);
+			  char *tls_key_file,
+                          bool prefer_server_ciphers,
+                          bool tls_compression,
+                          struct vector *tls_protocols,
+                          char *tls_ciphers);
 
 /* Init TLS. */
 int tls_init(void);

Modified: samples/inn.conf.in
===================================================================
--- samples/inn.conf.in	2014-11-11 13:28:16 UTC (rev 9743)
+++ samples/inn.conf.in	2014-11-11 13:36:31 UTC (rev 9744)
@@ -139,6 +139,10 @@
 #tlscapath:                  @sysconfdir@
 #tlscertfile:                @sysconfdir@/cert.pem
 #tlskeyfile:                 @sysconfdir@/key.pem
+#tlsciphers:
+#tlscompression:             false
+#tlspreferserverciphers:     true
+#tlsprotocols:               [ TLSv1 TLSv1.1 TLSv1.2 ]
 
 # Monitoring
 



More information about the inn-committers mailing list