Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CHIA-2102 - Set minimum to TLSv1.3 #19079

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

CHIA-2102 - Set minimum to TLSv1.3 #19079

wants to merge 3 commits into from

Conversation

emlowe
Copy link
Contributor

@emlowe emlowe commented Dec 20, 2024

Set the minimum for all TLS communications to TLS v1.3. This includes the node peer protocol and service RPC calls.
Note, TLS v1.3 only has secure and safe ciphersuites, so we don't need to specifically set the ciphersuites list.

The change to allow TLS v1.2 was done here (#9195). At that time there was some concern over older python versions and older systems with openssl without 1.3 support.

Since that time we have dropped support for python 3.7 and 3.8 and it seems unlikely there are any system out there without TLS v1.3 support.

I'll note that apparently .NET still does not have TLS v1.3 support on macOS (dotnet/runtime#1979) until .NET 10 something in 2025 - so the daemon workaround introduced here (#16747) remains available to downgrade daemon connections to TLS v1.2

Converted to draft, because I believe this likely breaks again https://github.com/dkackman/chia-dotnet - that talks to the daemon and all the RPC endpoints.

Previously, the default was TLS 1.2 for everything except for the daemon which used 1.3. This broke chia-dotnet for the daemon connections only, but not for the RPC ports.

Changing the default everywhere to 1.3 likely breaks chia-dotnet again for the RPC services and so those also need a downgrade. Unfortunately doing a downgrade for the RPC services and 1.3 on the peer protocol is suitably annoying.

Discussed this with @dkackman and once dotnet 10 adds in support for TLS 1.3 (which is planned for early 2025) we can move forward with this.

@emlowe emlowe requested a review from a team as a code owner December 20, 2024 18:20
@emlowe emlowe added the Changed Required label for PR that categorizes merge commit message as "Changed" for changelog label Dec 20, 2024
@emlowe emlowe changed the title Set minimum to TLSv1.3 [CHIA-2102]- Set minimum to TLSv1.3 Dec 20, 2024
@emlowe emlowe changed the title [CHIA-2102]- Set minimum to TLSv1.3 CHIA-2102 - Set minimum to TLSv1.3 Dec 20, 2024
hoffmang9
hoffmang9 previously approved these changes Dec 20, 2024
Copy link
Member

@hoffmang9 hoffmang9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks GREAT to me!

@emlowe
Copy link
Contributor Author

emlowe commented Dec 20, 2024

testssl.sh report:

###########################################################
    testssl.sh       3.2rc3 from https://testssl.sh/dev/

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)" [~94 ciphers]
 on GreenPower-3:/opt/homebrew/bin/openssl
 (built: "Oct 22 12:26:59 2024", platform: "darwin64-arm64-cc")


 Start 2024-12-20 10:51:05                -->> 127.0.0.1:58444 (localhost) <<--

 A record via:           /etc/hosts 
 rDNS (127.0.0.1):       localhost.
 Service detected:       Couldn't determine what's running on port 58444, assuming no HTTP service => skipping all HTTP checks


 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing cipher categories 

 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         not offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            not offered
 Strong encryption (AEAD ciphers) with no FS       not offered
 Forward Secrecy strong encryption (AEAD ciphers)  offered (OK)


 Testing server's cipher preferences 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
 - 
SSLv3
 - 
TLSv1
 - 
TLSv1.1
 - 
TLSv1.2
 - 
TLSv1.3 (server order)
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             

 Has server cipher order?     yes (TLS 1.3 only)


 Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4 

 FS is offered (OK)           TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 
 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448 
 Finite field group:          ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192
 TLS 1.3 sig_algs offered:    RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 

 Testing server defaults (Server Hello) 

 TLS extensions (standard)    "supported versions/#43" "key share/#51" "signature algorithms/#13"
 Session Ticket RFC 5077 hint no -- no lifetime advertised
 SSL Session ID support       no
 Session Resumption           Tickets no, ID: no
 TLS clock skew               Random values, no fingerprinting possible 
 Certificate Compression      none
 Client Authentication        optional
 CA List for Client Auth      empty
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits (exponent is 65537)
 Server key usage             --
 Server extended key usage    --
 Serial                       27301F7308DB4E05408488FF8C580A781877F75F (OK: length 20)
 Fingerprints                 SHA1 C2285FA4E70FA2988AA4A2A55824075DBAD15DE9
                              SHA256 1F2A696767203D097E6A242BCD3568CAD6F10C8ADC0ECA9DD87AFF6B6439AED8
 Common Name (CN)             Chia 
 subjectAltName (SAN)         chia.net 
 Trust (hostname)             certificate does not match supplied URI (same w/o SNI)
 Chain of trust               NOT ok (self signed CA in chain)
 EV cert (experimental)       no 
 Certificate Validity (UTC)   27617 >= 60 days (2022-05-26 16:11 --> 2100-08-02 00:00)
                              >= 10 years is way too long
 ETS/"eTLS", visibility info  not present
 Certificate Revocation List  --
 OCSP URI                     --
                              NOT ok -- neither CRL nor OCSP URI provided
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     N/A
 Certificates provided        2
 Issuer                       Chia CA (Chia)
 Intermediate cert validity   #1: ok > 40 days (2031-01-21 08:51). Organic Farming Division <-- Organic Farming Division
 Intermediate Bad OCSP (exp.) Ok


 Testing vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  (applicable only for HTTPS)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (RFC 5746)           not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK), no SSLv3 support
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), TLS 1.3 is the only protocol
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=1F2A696767203D097E6A242BCD3568CAD6F10C8ADC0ECA9DD87AFF6B6439AED8
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        not vulnerable (OK)

Could not determine the protocol, only simulating generic clients.

 Running client simulations via sockets 

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Android 8.1 (native)         No connection
 Android 9.0 (native)         TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Android 10.0 (native)        TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Android 11 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Android 12 (native)          TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Java 7u25                    No connection
 Java 8u161                   No connection
 Java 11.0.2 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            256 bit ECDH (P-256)
 Java 17.0.3 (OpenJDK)        TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 go 1.17.8                    TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 LibreSSL 2.8.3 (Apple)       No connection
 OpenSSL 1.0.2e               No connection
 OpenSSL 1.1.0l (Debian)      No connection
 OpenSSL 1.1.1d (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 OpenSSL 3.0.3 (git)          TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)


 Rating (experimental) 

 Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
 Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted)  0 (0)
 Key Exchange     (weighted)  0 (0)
 Cipher Strength  (weighted)  0 (0)
 Final Score                  0
 Overall Grade                T
 Grade cap reasons            Grade capped to T. Issues with the chain of trust (self signed CA in chain)
                              Grade capped to M. Domain name mismatch

 Done 2024-12-20 10:52:13 [0071s] -->> 127.0.0.1:58444 (localhost) <<--

@emlowe emlowe marked this pull request as draft December 20, 2024 21:55
Copy link
Contributor

File Coverage Missing Lines
chia/daemon/server.py 33.3% lines 200-201
Total Missing Coverage
4 lines 2 lines 50%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Changed Required label for PR that categorizes merge commit message as "Changed" for changelog coverage-diff
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants