Search squid archive

Re: LEGACY_SERVER_CONNECT, ALLOW_UNSAFE_LEGACY_RENEGOTIATION does not work - SSL bump, OpenSSL 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Alex,

Thank you for putting so much efforts in reply.

Unfortunately, something is still wrong somewhere, as below.

On 26/12/22 21:31, Alex Rousskov wrote:
On 12/26/22 00:46, Amish wrote:

I am using squid v5.7 with OpenSSL 3.0.7. (Arch Linux)

squid.conf:

# workaround for legacy / unpatched servers
tls_outgoing_options options=LEGACY_SERVER_CONNECT,ALLOW_UNSAFE_LEGACY_RENEGOTIATION

There are two problems here:

1. Squid v5.7 hides important configuration errors. That problem was fixed in master/v6 commit 61be1d8, but that fix has not been backported to v5. If it were, you would have seen errors like this:

    ERROR: Unknown TLS option LEGACY_SERVER_CONNECT
    ERROR: Unknown TLS option ALLOW_UNSAFE_LEGACY_RENEGOTIATION

You can still see those level-1 errors on stderr if you start Squid v5.7 with "-X", but they will be drowned in a sea of debugging records. Save stderr output into a file and search it for ERROR.

I recommend lobbying for making the above configuration errors fatal in Squid v6. I would be happy to post the corresponding code changes if others agree that they should be fatal.


Yes indeed, the ERROR does appear on stderr with -X.

It should definitely be fatal as otherwise someone may lose proper security, with wrong OR incomplete OR unimplemented settings thinking that, squid did not give error so its working fine.

2. As the above errors imply, you are using options that Squid does not understand. Squid cannot pass named options that it does not understand to OpenSSL because Squid does not know their numerical values (OpenSSL API requires a numeric value to enable an option). However, you can use a dangerous workaround: You can specify their raw numeric values (in hex). You may use the table at [1] to get those values[2]:

    tls_outgoing_options options=0x4,0x40000

Disclaimer: I have not tested whether the above configuration matches your intent. I only know that Squid v5 does not generate an ERROR for it.


With numeric hex values, I do not see the ERROR on stderr.

But it still does not seem to be working as expected. Squid still does not open the page and gives same legacy negotiation error.

How do I know that SSL_CTX_set_options() is working with above options?

There appears to be nothing in cache.log.

$ grep debug_options squid.conf
debug_options 83,6

$ tail -f /var/log/squid/cache.log |grep -i 'ssl\|tls'
2022/12/27 20:39:04.939 kid1| 83,3| client_side_request.cc(1557) sslBumpNeed: sslBump required: peek 2022/12/27 20:39:05.920 kid1| 83,5| ../../src/security/PeerOptions.h(111) convertContextFromRawPtr: SSL_CTX construct, this=0x557039611e60 2022/12/27 20:39:05.920 kid1| 83,5| Session.cc(103) NewSessionObject: SSL_new session=0x55703adcfd70 2022/12/27 20:39:05.920 kid1| 83,5| Session.cc(161) CreateSession: link FD 12 to TLS session=0x55703adcfd70 2022/12/27 20:39:05.920 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 remote=127.0.0.1:48458 FD 12 flags=1 2022/12/27 20:39:05.927 kid1| 83,5| Session.cc(103) NewSessionObject: SSL_new session=0x557039a59050 2022/12/27 20:39:05.927 kid1| 83,5| Session.cc(161) CreateSession: link FD 16 to TLS session=0x557039a59050 2022/12/27 20:39:05.928 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.062 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.062 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.063 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.063 kid1| 83,2| PeerConnector.cc(256) handleNegotiationResult: ERROR: failure while establishing TLS connection on FD: 160x55703a2d9e40*1 2022/12/27 20:39:06.063 kid1| 83,5| NegotiationHistory.cc(85) retrieveNegotiatedInfo: SSL connection info on FD 16 SSL version NONE/0.0 negotiated cipher 2022/12/27 20:39:06.063 kid1| 83,5| PeerConnector.cc(540) callBack: TLS setup ended for 2022/12/27 20:39:06.069 kid1| 83,5| Session.cc(103) NewSessionObject: SSL_new session=0x557039779b10 2022/12/27 20:39:06.069 kid1| 83,5| Session.cc(161) CreateSession: link FD 16 to TLS session=0x557039779b10 2022/12/27 20:39:06.070 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.191 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.192 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.193 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1 2022/12/27 20:39:06.193 kid1| 83,2| PeerConnector.cc(256) handleNegotiationResult: ERROR: failure while establishing TLS connection on FD: 160x55703a2d9e40*1 2022/12/27 20:39:06.193 kid1| 83,5| NegotiationHistory.cc(85) retrieveNegotiatedInfo: SSL connection info on FD 16 SSL version NONE/0.0 negotiated cipher 2022/12/27 20:39:06.193 kid1| 83,5| PeerConnector.cc(540) callBack: TLS setup ended for 2022/12/27 20:39:06.193 kid1| 83,5| Session.cc(100) operator(): SSL_free session=0x557039779b10 2022/12/27 20:39:06.236 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 remote=127.0.0.1:48458 FD 12 flags=1 2022/12/27 20:39:06.247 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 remote=127.0.0.1:48458 FD 12 flags=1 2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(292) store_session_cb: Request to store SSL_SESSION 2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(314) store_session_cb: wrote an SSL_SESSION entry of size 129 at pos 129 2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(292) store_session_cb: Request to store SSL_SESSION 2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(314) store_session_cb: wrote an SSL_SESSION entry of size 128 at pos 80 2022/12/27 20:39:06.255 kid1| 83,5| Io.cc(91) Handshake: 1/0 for TLS connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 remote=127.0.0.1:48458 FD 12 flags=1
-----BEGIN SSL SESSION PARAMETERS-----
-----END SSL SESSION PARAMETERS-----
2022/12/27 20:39:06.255 kid1| 83,2| client_side.cc(2460) clientNegotiateSSL: New session 0x55703abd32f0 on FD 12 (127.0.0.1:48458) 2022/12/27 20:39:06.255 kid1| 83,5| NegotiationHistory.cc(85) retrieveNegotiatedInfo: SSL connection info on FD 12 SSL version TLS/1.3 negotiated cipher TLS_AES_256_GCM_SHA384 2022/12/27 20:39:06.255 kid1| 83,5| client_side.cc(2483) clientNegotiateSSL: FD 12 has no client certificate. 2022/12/27 20:39:06.255 kid1| 83,3| Session.cc(36) tls_read_method: started for session=0x55703adcfd70 2022/12/27 20:39:06.256 kid1| 83,3| Session.cc(73) tls_write_method: started for session=0x55703adcfd70 2022/12/27 20:39:06.256 kid1| 83,3| Session.cc(73) tls_write_method: started for session=0x55703adcfd70 2022/12/27 20:39:06.257 kid1| 83,5| Session.cc(100) operator(): SSL_free session=0x557039a59050 2022/12/27 20:39:06.257 kid1| 83,5| Session.cc(100) operator(): SSL_free session=0x55703adcfd70 2022/12/27 20:39:06.257 kid1| 83,5| ../../src/security/PeerOptions.h(113) operator(): SSL_CTX destruct, this=0x557039611e60


Any idea on how do I know if SSL_CTX_set_options() is working with legacy negotiations enabled?


[1] https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags


Above link should be placed in tls_outgoing_options documentation at http://www.squid-cache.org/Doc/config/tls_outgoing_options/

Additionally a NOTE should be placed stating that it supports HEX values.

Current documentation gives an impression that I can use all the named options supported by OpenSSL. But in reality only selected named options are supported.


[2] The table provides numerical values for OpenSSL v1 options. For OpenSSL v3, the table provides a SSL_OP_BIT(n) formula: 2 to the power of n. For example, SSL_OP_BIT(2) is, in hex notation, 0x4.
    #define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)

HTH,

Alex.

# other related TLS related settings
tls_outgoing_options cafile=/etc/ssl/cert.pem

tls_outgoing_options cipher=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

# systemctl reload squid

But I am still getting the same error when trying to connect to the above site via squid proxy. (Works fine without proxy)

What am I doing wrong?

Tips / help appreciated,

Thank you,

Amish.

Thank you

Amish.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux