When configuring our Apache server to support only TLSv1.2 (multiply checked by external connections to confirm that only that suite is supported) - we succeeded connecting the server with lesser TLSv1 from local host. Our client is based on Python 2.7.6 (no support for TLSv1.2) and will not connect from a remote IP, but DOES succeed from localhost. Seems like a security hole to us because it allows any third party app to connect via port 443 with the server without it required to authenticate. Configuration files: /etc/apache2/httpd.conf ======================= WSGIPythonOptimize 0 WSGIScriptAlias / /opt/asdf/cpmserver/wsgi.py WSGIPythonPath /opt/asdf/cpmserver/ Options -Indexes Alias /static/ /opt/asdf/cpmserver/static/ <Directory /opt/asdf/cpmserver/> <Files wsgi.py> Order deny,allow Allow from all </Files> </Directory> <VirtualHost _default_:443> ServerName https://example SSLProtocol -all +TLSv1.2 SSLEngine on SSLCertificateFile /opt/asdf/cert/cpm_server.crt SSLCertificateKeyFile /opt/asdf/cert/cpm_server.key WSGIPassAuthorization On WSGIDaemonProcess debug threads=1 WSGIProcessGroup debug </VirtualHost> /etc/apache2/mods-available/ssl.conf ==================================== <IfModule mod_ssl.c> # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). # (The mechanism dbm has known memory leaks and should not be used). #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. # (Disabled by default, the global Mutex directive consolidates by default # this) #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. See the # ciphers(1) man page from the openssl package for list of all available # options. # Enable only secure ciphers: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported SSLProtocol -all +TLSv1.2 # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off #SSLInsecureRenegotiation on # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off #SSLStrictSNIVHostCheck On </IfModule>
When you run > openssl s_client -tls1_1 -connect localhost:443 what is the result? Is there a difference if you change the protocol config to SSLProtocol +TLSv1.2 ? Thanks!
with: SSLProtocol -all +TLSv1.2 running: openssl s_client -tls1_1 -connect localhost:443 outputs: CONNECTED(00000003) 140635205007008:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1262:SSL alert number 70 140635205007008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1502959441 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
When setting: SSLProtocol +TLSv1.2 I get the same results: > openssl s_client -tls1_1 -connect localhost:443 CONNECTED(00000003) 139898031838880:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1262:SSL alert number 70 139898031838880:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1502959693 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
Thanks, SSLProtocol is supposed to be the same, just wanted to make sure. Thanks for the output, it shows that the handshake failed, as it should. I assume that if you use -tls1_2 it will succeed and leave the connection open until you ^C. Seems to me that the simplest explanation is that your python is linked against a modern openssl and speaks TLSv1.2 when needed.
Okay, Please allow us to check this before closing the bug report. Thanks.