Drop unused TLSv1.1 support completely in tlsserver module (#519)

* Drop unused TLSv1.1 support completely in tlsserver module. Adjust unit tests
accordingly. Should make it clear even for code scans that we always enforce
TLSv1.2+ everywhere.

* Switch ssl version to use `SSLContext` with `PROTOCOL_TLS_SERVER` argument in
symmetry with pyOpenSSL version and to avoid any client/server confusion caused
by the use of `create_default_context`.

* Rework legacy_tls handling to be consistent across our services. All of them
now default to TLSv1.2+ and only adjust ciphers offered if the service-specific
`enable_SVC_legacy_tls` conf option is set.

* Drop the outdated client comments and disable ftps tls_legacy now that modern
pyOpenSSL is available on every supported platform.

* Add `enable_openid_legacy_tls` conf option and implement the same cipher
handling in the built-in OpenID service.

* Drop unused copy of `ssl_ciphers` in `daemon_conf` as hinted in review feedback.

* Switch kwargs in tlsserver unit tests to use explicit naming format as
suggested in review feedback.

Author: jonasbardino

mig/install/MiGserver-template.conf

@@ -586,24 +586,15 @@ enable_sftp_subsys = __ENABLE_SFTP_SUBSYS__
 # Pure Python WsgiDAV-based webdav(s) daemon
 enable_davs = __ENABLE_DAVS__
 # Allow sub-optimal but still relatively strong legacy TLS support in WebDAVS
-# NOTE: Python-2.7.x ssl supports TLSv1.2+ with strong ciphers and all popular
+# NOTE: Python-2.7+ ssl supports TLSv1.2+ with strong ciphers and all popular
 #       clients (including Windows 10+ native WebDAVS) also work with those.
-# NOTE: Apparently Win 7 (+8.1?) native WebDAVS only works with semi-strong
-#       legacy ciphers and TLSv1.0+v1.1 unless updated and enabled 
-# NOTE: Win 7 went EoL in January 2020 and should no longer be needed
 #enable_davs_legacy_tls = False
 # Pure Python pyftpdlib-based ftp(s) daemon
 enable_ftps = __ENABLE_FTPS__
 # Allow sub-optimal but still relatively strong legacy TLS supports in FTPS
-# NOTE: Recent PyOpenSSL supports TLSv1.2+ with strong ciphers and all popular
+# NOTE: Modern PyOpenSSL supports TLSv1.2+ with strong ciphers and all popular
 #       clients also work with those.
-# NOTE: CentOS 7 native pyOpenSSL 0.13 does NOT support elliptic curve ciphers
-#       and FileZilla fails on listdir with remaining strong DHE ciphers.
-#       Installing a recent pyopenssl e.g. from the centos-openstack-X repo
-#       allows disabling legacy tls support without breaking FileZilla support.
-# TODO: disable as soon as a recent pyopenssl version is available - the one
-#       from pip breaks paramiko so do NOT go there.
-enable_ftps_legacy_tls = True
+#enable_ftps_legacy_tls = False
 # Enable WSGI served web pages (faster than CGI) - requires apache wsgi module
 enable_wsgi = __ENABLE_WSGI__
 # Enable system notify helper used e.g. to warn about failed user logins
@@ -638,6 +629,10 @@ peers_explicit_fields = __PEERS_EXPLICIT_FIELDS__
 peers_contact_hint = __PEERS_CONTACT_HINT__
 # Enable OpenID daemon for web access with user/pw from local user DB
 enable_openid = __ENABLE_OPENID__
+# Allow sub-optimal but still relatively strong legacy TLS support in OpenID 2.0
+# NOTE: Python-2.7+ ssl supports TLSv1.2+ with strong ciphers and all popular
+#       clients also work with those.
+#enable_openid_legacy_tls = False
 # Enable share links for easy external exchange of data with anyone
 enable_sharelinks = __ENABLE_SHARELINKS__
 # Enable storage quota

mig/server/grid_ftps.py

@@ -96,6 +96,7 @@
 from mig.shared.accountstate import check_account_accessible
 from mig.shared.base import invisible_path, force_utf8, force_native_str
 from mig.shared.conf import get_configuration_object
+from mig.shared.defaults import STRONG_TLS_CIPHERS, STRONG_TLS_LEGACY_CIPHERS
 from mig.shared.fileio import user_chroot_exceptions
 from mig.shared.griddaemons.ftps import default_max_user_hits, \
     default_user_abuse_hits, default_proto_abuse_hits, \
@@ -493,14 +494,21 @@ def start_service(conf):
         handler.tls_data_required = True
         keyfile = certfile = conf.user_ftps_key
         handler.certfile = certfile
+        ciphers = None
         # Harden TLS/SSL if possible, requires recent pyftpdlib
         if hasattr(handler, 'ssl_context'):
-            dhparamsfile = configuration.user_shared_dhparams
+            dhparams_path = configuration.user_shared_dhparams
             legacy_tls = configuration.site_enable_ftps_legacy_tls
+            if ciphers is not None:
+                use_ciphers = ciphers
+            elif legacy_tls:
+                use_ciphers = STRONG_TLS_LEGACY_CIPHERS
+            else:
+                use_ciphers = STRONG_TLS_CIPHERS
             ssl_ctx = hardened_openssl_context(conf, OpenSSL, keyfile,
                                                certfile,
-                                               dhparamsfile=dhparamsfile,
-                                               allow_pre_tlsv12=legacy_tls)
+                                               dhparamsfile=dhparams_path,
+                                               ciphers=use_ciphers)
             handler.ssl_context = ssl_ctx
         else:
             logger.warning("Unable to enforce explicit strong TLS connections")

mig/server/grid_openid.py

@@ -102,6 +102,8 @@
     from mig.shared.base import client_id_dir, cert_field_map, force_utf8, \
         force_native_str
     from mig.shared.conf import get_configuration_object
+    from mig.shared.defaults import STRONG_TLS_CIPHERS, \
+        STRONG_TLS_LEGACY_CIPHERS
     from mig.shared.griddaemons.openid import default_max_user_hits, \
         default_user_abuse_hits, default_proto_abuse_hits, \
         default_username_validator, refresh_user_creds, update_login_map, \
@@ -1654,6 +1656,7 @@ def start_service(configuration):
     data_path = configuration.openid_store
     daemon_conf = configuration.daemon_conf
     nossl = daemon_conf['nossl']
+    ciphers = None
     addr = (host, port)
     # TODO: is this threaded version robust enough (thread safety)?
     # OpenIDServer = OpenIDHTTPServer
@@ -1675,12 +1678,20 @@ def start_service(configuration):
         # Use best possible SSL/TLS args for this python version
         key_path = cert_path = configuration.user_openid_key
         dhparams_path = configuration.user_shared_dhparams
+        legacy_tls = configuration.site_enable_openid_legacy_tls
+        if ciphers is not None:
+            use_ciphers = ciphers
+        elif legacy_tls:
+            use_ciphers = STRONG_TLS_LEGACY_CIPHERS
+        else:
+            use_ciphers = STRONG_TLS_CIPHERS
         if not os.path.isfile(cert_path):
             logger.error('No such server key: %s' % cert_path)
             sys.exit(1)
         logger.info('Wrapping connections in SSL')
         ssl_ctx = hardened_ssl_context(configuration, key_path, cert_path,
-                                       dhparams_path)
+                                       dhparamsfile=dhparams_path,
+                                       ciphers=use_ciphers)
         httpserver.socket = ssl_ctx.wrap_socket(httpserver.socket,
                                                 server_side=True)
         # Override default SSLSocket accept function to inject timeout support

mig/server/grid_webdavs.py

@@ -335,8 +335,7 @@ def __init__(self, certificate, private_key, certificate_chain=None,
         context to use in all future connections in the wrap method.
 
         If the optional legacy_tls arg is set the STRONG_TLS_LEGACY_CIPHERS
-        are used instead of the STRONG_TLS_CIPHERS, and the limitation to
-        TLSv1.2+ is left out to allow legacy TLSv1.0 and TLSv1.1 connections.
+        are used instead of the STRONG_TLS_CIPHERS.
         This is required to support e.g. native Windows 7 WebDAVS access with
         the weak ECDHE-RSA-AES128-SHA cipher.
         """
@@ -345,17 +344,17 @@ def __init__(self, certificate, private_key, certificate_chain=None,
                                                  certificate_chain, ciphers)
         # logger.debug("proceed with hardening of ssl contetx")
         # Set up hardened SSL context once and for all
-        dhparams = configuration.user_shared_dhparams
+        dhparams_path = configuration.user_shared_dhparams
         if ciphers is not None:
             use_ciphers = ciphers
         elif legacy_tls:
             use_ciphers = STRONG_TLS_LEGACY_CIPHERS
         else:
             use_ciphers = STRONG_TLS_CIPHERS
         self.context = hardened_ssl_context(configuration, self.private_key,
-                                            self.certificate, dhparams,
-                                            ciphers=use_ciphers,
-                                            allow_pre_tlsv12=legacy_tls)
+                                            self.certificate,
+                                            dhparamsfile=dhparams_path,
+                                            ciphers=use_ciphers)
         # logger.debug("established hardened ssl contetx")
 
     def __force_close(self, socket_list):
@@ -1951,7 +1950,7 @@ def run(configuration):
         cert = config['ssl_certificate'] = configuration.user_davs_key
         key = config['ssl_private_key'] = configuration.user_davs_key
         chain = config['ssl_certificate_chain'] = ''
-        ciphers = config['ssl_ciphers'] = None
+        ciphers = None
 
     # NOTE: Briefly insert dummy user to avoid bogus warning about anon access
     #       We dynamically add users as they connect so it isn't empty.

mig/shared/configuration.py

@@ -1603,6 +1603,11 @@ def reload_config(self, verbose, skip_log=False, disable_auth_log=False,
                 'SITE', 'enable_openid')
         else:
             self.site_enable_openid = False
+        if config.has_option('SITE', 'enable_openid_legacy_tls'):
+            self.site_enable_openid_legacy_tls = config.getboolean(
+                'SITE', 'enable_openid_legacy_tls')
+        else:
+            self.site_enable_openid_legacy_tls = False
         if config.has_option('GLOBAL', 'user_openid_address'):
             self.user_openid_address = config.get('GLOBAL',
                                                   'user_openid_address')

mig/shared/tlsserver.py

@@ -20,7 +20,8 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+# USA.
 #
 # -- END_HEADER ---
 #
@@ -40,16 +41,15 @@
 def hardened_ssl_context(configuration, keyfile, certfile, dhparamsfile=None,
                          ciphers=STRONG_TLS_CIPHERS,
                          curve_priority=STRONG_TLS_CURVES,
-                         allow_pre_tlsv12=False,
                          allow_pre_tlsv13=True,
                          allow_renegotiation=False,
                          ):
     """Build and return a hardened native SSL context to apply to a socket"""
     _logger = configuration.logger
     _logger.info("enforcing strong SSL/TLS connections")
     _logger.debug("using SSL/TLS ciphers: %s" % ciphers)
-    ssl_protocol = ssl.PROTOCOL_SSLv23
-    ssl_ctx = ssl.SSLContext(ssl_protocol)
+    ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    ssl_ctx.minimum_version = ssl.TLSVersion.TLSv1_2
     ssl_ctx.load_cert_chain(certfile, keyfile)
     ssl_options = 0
     # NOTE: Override a number of weak and insecure legacy configurations
@@ -58,11 +58,7 @@ def hardened_ssl_context(configuration, keyfile, certfile, dhparamsfile=None,
     ssl_options |= getattr(ssl, 'OP_NO_SSLv2', 0x1000000)
     ssl_options |= getattr(ssl, 'OP_NO_SSLv3', 0x2000000)
     ssl_options |= getattr(ssl, 'OP_NO_TLSv1', 0x4000000)
-    ssl_ctx.minimum_version = ssl.TLSVersion.TLSv1_1
-    # NOTE: refuse weak TLS protocols unless allow_pre_tlsv12
-    if not allow_pre_tlsv12:
-        ssl_options |= getattr(ssl, 'OP_NO_TLSv1_1', 0x10000000)
-        ssl_ctx.minimum_version = ssl.TLSVersion.TLSv1_2
+    ssl_options |= getattr(ssl, 'OP_NO_TLSv1_1', 0x10000000)
     # NOTE: refuse slightly dated TLS 1.2 protocol unless allow_pre_tlsv13
     if not allow_pre_tlsv13:
         if getattr(ssl, 'HAS_TLSv1_3', False):
@@ -78,17 +74,13 @@ def hardened_ssl_context(configuration, keyfile, certfile, dhparamsfile=None,
     ssl_options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0x400000)
     ssl_options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0x80000)
     ssl_options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0x100000)
-    # Useful for debugging
-    # ssl_options |= getattr(ssl, 'OP_NO_TICKET',  0x0004000)
-    # ssl_options |= getattr(ssl, 'OP_NO_TLSv1_1', 0x10000000)
-    # ssl_options |= getattr(ssl, 'OP_NO_TLSv1_2', 0x8000000)
-    if sys.version_info[:2] >= (2, 7) and ssl_ctx:
+    if sys.version_info[:2] >= (3, 7) and ssl_ctx:
         _logger.info("enforcing strong SSL/TLS options")
         _logger.debug("SSL/TLS options: %s" % ssl_options)
         ssl_ctx.options |= ssl_options
     else:
         _logger.info("can't enforce strong SSL/TLS options")
-        _logger.warning("Upgrade to python 2.7.9+ for maximum security")
+        _logger.warning("Upgrade to python 3.7+ for maximum security")
 
     pfs_available = False
     if dhparamsfile:
@@ -134,7 +126,6 @@ def hardened_openssl_context(configuration, OpenSSL, keyfile, certfile,
                              cacertfile=None, dhparamsfile=None,
                              ciphers=STRONG_TLS_CIPHERS,
                              curve_priority=STRONG_TLS_CURVES,
-                             allow_pre_tlsv12=False,
                              allow_pre_tlsv13=True,
                              allow_renegotiation=False,
                              ):
@@ -143,8 +134,10 @@ def hardened_openssl_context(configuration, OpenSSL, keyfile, certfile,
     SSL, crypto = OpenSSL.SSL, OpenSSL.crypto
     _logger.info("enforcing strong SSL/TLS connections")
     _logger.debug("using SSL/TLS ciphers: %s" % ciphers)
-    ssl_protocol = SSL.SSLv23_METHOD
-    ssl_ctx = SSL.Context(ssl_protocol)
+    ssl_ctx = SSL.Context(SSL.TLS_SERVER_METHOD)
+    ssl_ctx.set_min_proto_version(SSL.TLS1_2_VERSION)
+    # Mimic native ssl exposure of options
+    ssl_ctx._minimum_version = SSL.TLS1_2_VERSION
     ssl_ctx.use_certificate_chain_file(certfile)
     ssl_ctx.use_privatekey_file(keyfile)
     if cacertfile:
@@ -157,15 +150,7 @@ def hardened_openssl_context(configuration, OpenSSL, keyfile, certfile,
     ssl_options |= getattr(SSL, 'OP_NO_SSLv2', 0x1000000)
     ssl_options |= getattr(SSL, 'OP_NO_SSLv3', 0x2000000)
     ssl_options |= getattr(SSL, 'OP_NO_TLSv1', 0x4000000)
-    ssl_ctx.set_min_proto_version(SSL.TLS1_1_VERSION)
-    # Mimic native ssl exposure of options
-    ssl_ctx._minimum_version = SSL.TLS1_1_VERSION
-    # NOTE: refuse weak TLS protocols unless allow_pre_tlsv12
-    if not allow_pre_tlsv12:
-        ssl_options |= getattr(SSL, 'OP_NO_TLSv1_1', 0x10000000)
-        ssl_ctx.set_min_proto_version(SSL.TLS1_2_VERSION)
-        # Mimic native ssl exposure of options
-        ssl_ctx._minimum_version = SSL.TLS1_2_VERSION
+    ssl_options |= getattr(SSL, 'OP_NO_TLSv1_1', 0x10000000)
     # NOTE: refuse slightly dated TLS 1.2 protocol unless allow_pre_tlsv13
     if not allow_pre_tlsv13:
         # IMPORTANT: OpenSSL doesn't have TLSv1.3 support marker at the moment,
@@ -186,15 +171,15 @@ def hardened_openssl_context(configuration, OpenSSL, keyfile, certfile,
     ssl_options |= getattr(SSL, 'OP_CIPHER_SERVER_PREFERENCE', 0x400000)
     ssl_options |= getattr(SSL, 'OP_SINGLE_ECDH_USE', 0x80000)
     ssl_options |= getattr(SSL, 'OP_SINGLE_DH_USE', 0x100000)
-    if sys.version_info[:2] >= (2, 7) and ssl_ctx:
+    if sys.version_info[:2] >= (3, 7) and ssl_ctx:
         _logger.info("enforcing strong SSL/TLS options")
         _logger.debug("SSL/TLS options: %s" % ssl_options)
         ssl_ctx.set_options(ssl_options)
         # Mimic native ssl exposure of options
         ssl_ctx._options = ssl_options
     else:
         _logger.info("can't enforce strong SSL/TLS options")
-        _logger.warning("Upgrade to python 2.7.9+ for maximum security")
+        _logger.warning("Upgrade to python 3.7+ for maximum security")
         # Mimic native ssl exposure of options
         ssl_ctx._options = None
 

tests/fixture/confs-stdlocal/MiGserver.conf

@@ -586,24 +586,15 @@ enable_sftp_subsys = False
 # Pure Python WsgiDAV-based webdav(s) daemon
 enable_davs = False
 # Allow sub-optimal but still relatively strong legacy TLS support in WebDAVS
-# NOTE: Python-2.7.x ssl supports TLSv1.2+ with strong ciphers and all popular
+# NOTE: Python-2.7+ ssl supports TLSv1.2+ with strong ciphers and all popular
 #       clients (including Windows 10+ native WebDAVS) also work with those.
-# NOTE: Apparently Win 7 (+8.1?) native WebDAVS only works with semi-strong
-#       legacy ciphers and TLSv1.0+v1.1 unless updated and enabled 
-# NOTE: Win 7 went EoL in January 2020 and should no longer be needed
 #enable_davs_legacy_tls = False
 # Pure Python pyftpdlib-based ftp(s) daemon
 enable_ftps = False
 # Allow sub-optimal but still relatively strong legacy TLS supports in FTPS
-# NOTE: Recent PyOpenSSL supports TLSv1.2+ with strong ciphers and all popular
+# NOTE: Modern PyOpenSSL supports TLSv1.2+ with strong ciphers and all popular
 #       clients also work with those.
-# NOTE: CentOS 7 native pyOpenSSL 0.13 does NOT support elliptic curve ciphers
-#       and FileZilla fails on listdir with remaining strong DHE ciphers.
-#       Installing a recent pyopenssl e.g. from the centos-openstack-X repo
-#       allows disabling legacy tls support without breaking FileZilla support.
-# TODO: disable as soon as a recent pyopenssl version is available - the one
-#       from pip breaks paramiko so do NOT go there.
-enable_ftps_legacy_tls = True
+#enable_ftps_legacy_tls = False
 # Enable WSGI served web pages (faster than CGI) - requires apache wsgi module
 enable_wsgi = True
 # Enable system notify helper used e.g. to warn about failed user logins
@@ -638,6 +629,10 @@ peers_explicit_fields =
 peers_contact_hint = employed here and authorized to invite external users
 # Enable OpenID daemon for web access with user/pw from local user DB
 enable_openid = False
+# Allow sub-optimal but still relatively strong legacy TLS support in OpenID 2.0
+# NOTE: Python-2.7+ ssl supports TLSv1.2+ with strong ciphers and all popular
+#       clients also work with those.
+#enable_openid_legacy_tls = False
 # Enable share links for easy external exchange of data with anyone
 enable_sharelinks = True
 # Enable storage quota