Re: OpenSSL disables TLS 1.0 and 1.1

[Ondřej Surý <ondrej@sury.org>]

> Which is definitely worse than HTTPS with even SSLv3.

Here I disagree, with HTTP you know you are using inherently insecure 
transport layer and you can take other precautions.

With SSLv3, you might be fooled by feeling of security...

Apart from that, I think we need a system-wide default policy with 
sufficiently difficult way how to re-enable older but still secure (for 
some level of security) TLS protocols. And this needs to apply for all 
crypto libraries.

O.


On 11 August 2017 16:15:43 Christian Seiler <christian@iwakd.de> wrote:

> Hi,
>
> Am 2017-08-11 15:09, schrieb Sven Hartge:
> > Unless it has been proven that TLS1.0 and TLS1.1 are as broken as SSL3,
> > please keep the support for them enabled in OpenSSL, and just change
> > the
> > defaults in the application to only use TLS1.2 (unless changed by the
> > administrator).
>
> I remember a talk at Debconf15 about Fedora's system-wide policy for
> Crypto stuff:
>
> https://summit.debconf.org/debconf15/meeting/252/enforcement-of-a-system-wide-crypto-policies/
>
> I haven't rewatched the talk, but if I remember correctly, the
> whole thing was designed in a way that the administrator could
> change both the system-wide policy and also override it per
> application.
>
> If we follow through on this, we could then disable anything but
> TLS 1.2 in the default system-wide policy - the default settings
> would then be more secure while users could then still change the
> policy for compatibility reasons if so required. It would also
> provide a central nob for the future for users who don't have to
> worry about compatibility and perhaps want to disable TLS 1.2 in
> favor of 1.3 (which will be part of OpenSSL 1.1.1).
>
>
> Btw. speaking of this issue: a friend of mine who's an administrator
> at a university has had the problem that he can't use the HTTPS
> interface of some NAS devices (and I'm talking 19" rack-mounted
> storage with internal and external SAS interface) anymore since the
> interface only supports either older SSL versions or older ciphers
> that modern browsers simply don't accept anymore. (Not even with
> about:config options.) And there are no firmware updates for these
> devices anymore, so he's now administering these devices via
> unencrypted HTTP. Which is definitely worse than HTTPS with even
> SSLv3. In his case it's not too bad, because they are in a separate
> network that isn't routed to the public (using ssh -D to a gateaway
> to access them), but this shows what problems can arise from this.
>
> Don't get me wrong: I do believe it's a huge problem that vendors
> of said appliances don't provide updates for these kind of things,
> and I wish that we could indeed drop everything except TLS 1.2, but
> the real world is unfortunately more complicated, and I think
> Debian would do a huge disservice to users if it removed TLS 1.0
> and 1.1 from OpenSSL in Buster without a well-documented
> possibility for the admin to reenable it.
>
> Regards,
> Christian