Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: curl with openssl not honoring MaxProtocol in openssl conf
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Andreas Hasenack via curl-users <curl-users_at_lists.haxx.se>
Date: Tue, 3 Jan 2023 13:53:13 -0300
Hi,
On Tue, Jan 3, 2023 at 1:14 PM Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> On Tue, 3 Jan 2023, Andreas Hasenack via curl-users wrote:
>
> > Tl;DR: it looks like curl isn't respecting openssl's MaxProtocol[1].
>
> This was not done on purpose, but I am also not entirely sure we can or should
> do much about it now.
(...)
> The code that selects what TLS versions to use exists in libcurl and it uses
> the dedicated OpenSSL API for this purpose. The documentation for this API
> says nothing aobut the openssl config file or how it interacts with that
> config file etc. It is not clear to me how we can set our desired TLS version
> preferences while at the same time respect the wishes of the config file.
OpenSSL is certainly complex, and the closest I found to such
documentation is this bit from
https://www.openssl.org/docs/man3.0/man5/config.html#SSL-Configuration:
The configuration name system_default has a special meaning. If it
exists, it is applied whenever an SSL_CTX object is created.
It sounds like these are just initial defaults that are applied when
nothing else says otherwise. For example, if I used something like
--tlsv1.3 or --tls-max in curl, I would expect those command-line
options to override the openssl library defaults, but in their
absence, whatever is the default in openssl would take place (or,
whatever is the default in curl, that could also override openssl
defaults).
In the case of curl, it seems to work fine for other parameters (well,
one I tested). For example, I can use "MinProtocol = TLSv1.3", and
when I try to use curl to connect to a TLSv1.2-only server, it
correctly fails:
Client:
openssl config:
[system_default_sect]
CipherString = DEFAULT:_at_SECLEVEL=2
MinProtocol = TLSv1.3
$ curl -o /dev/null https:/j-server.lxd:4433
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) error:0A00042E:SSL routines::tlsv1 alert protocol version
Server:
$ openssl s_server -cert j-server.pem -key j-server.key -tls1_2
Using default temp DH parameters
ACCEPT
ERROR
4037AA6B3E7F0000:error:0A000102:SSL
routines:tls_early_post_process_client_hello:unsupported
protocol:../ssl/statem/statem_srvr.c:1657:
shutting down SSL
CONNECTION CLOSED
So for this combo Max/MinProtocol, it's just the MaxProtocol one that
isn't being followed. Granted it's the less useful one, as usually we
want to restrict old suites.
> No documentation for curl or libcurl indicate that the OpenSSL config file can
> be used to set TLS version limits.
It would be useful if it did, because then one could control the
crypto algorithms that are available to all openssl-linked apps in the
system from one place. At least the initial defaults, as I don't think
this could be an enforcing feature. The apps can still override those
settings.
Given that is looks like it's just the MaxProtocol one that is not
being followed[1], I was hoping this was just an oversight or a bug
that crept it over the years due to some behavior change elsewhere.
1. Granted, there are tons of config options, and this is just one I checked.
Date: Tue, 3 Jan 2023 13:53:13 -0300
Hi,
On Tue, Jan 3, 2023 at 1:14 PM Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> On Tue, 3 Jan 2023, Andreas Hasenack via curl-users wrote:
>
> > Tl;DR: it looks like curl isn't respecting openssl's MaxProtocol[1].
>
> This was not done on purpose, but I am also not entirely sure we can or should
> do much about it now.
(...)
> The code that selects what TLS versions to use exists in libcurl and it uses
> the dedicated OpenSSL API for this purpose. The documentation for this API
> says nothing aobut the openssl config file or how it interacts with that
> config file etc. It is not clear to me how we can set our desired TLS version
> preferences while at the same time respect the wishes of the config file.
OpenSSL is certainly complex, and the closest I found to such
documentation is this bit from
https://www.openssl.org/docs/man3.0/man5/config.html#SSL-Configuration:
The configuration name system_default has a special meaning. If it
exists, it is applied whenever an SSL_CTX object is created.
It sounds like these are just initial defaults that are applied when
nothing else says otherwise. For example, if I used something like
--tlsv1.3 or --tls-max in curl, I would expect those command-line
options to override the openssl library defaults, but in their
absence, whatever is the default in openssl would take place (or,
whatever is the default in curl, that could also override openssl
defaults).
In the case of curl, it seems to work fine for other parameters (well,
one I tested). For example, I can use "MinProtocol = TLSv1.3", and
when I try to use curl to connect to a TLSv1.2-only server, it
correctly fails:
Client:
openssl config:
[system_default_sect]
CipherString = DEFAULT:_at_SECLEVEL=2
MinProtocol = TLSv1.3
$ curl -o /dev/null https:/j-server.lxd:4433
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) error:0A00042E:SSL routines::tlsv1 alert protocol version
Server:
$ openssl s_server -cert j-server.pem -key j-server.key -tls1_2
Using default temp DH parameters
ACCEPT
ERROR
4037AA6B3E7F0000:error:0A000102:SSL
routines:tls_early_post_process_client_hello:unsupported
protocol:../ssl/statem/statem_srvr.c:1657:
shutting down SSL
CONNECTION CLOSED
So for this combo Max/MinProtocol, it's just the MaxProtocol one that
isn't being followed. Granted it's the less useful one, as usually we
want to restrict old suites.
> No documentation for curl or libcurl indicate that the OpenSSL config file can
> be used to set TLS version limits.
It would be useful if it did, because then one could control the
crypto algorithms that are available to all openssl-linked apps in the
system from one place. At least the initial defaults, as I don't think
this could be an enforcing feature. The apps can still override those
settings.
Given that is looks like it's just the MaxProtocol one that is not
being followed[1], I was hoping this was just an oversight or a bug
that crept it over the years due to some behavior change elsewhere.
1. Granted, there are tons of config options, and this is just one I checked.
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-01-03