From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] openvpn: Warning for broken algorithms . Date: Mon, 21 Nov 2022 14:41:09 +0000 Message-ID: <5E7734CC-FB49-4949-8A6C-D700E628CA43@ipfire.org> In-Reply-To: <8e202db1c4a70af46b408aa4d10a6ded4358eabd.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7222972886095702279==" List-Id: --===============7222972886095702279== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hey, > On 21 Nov 2022, at 14:09, ummeegge wrote: >=20 > Hi Michael, >=20 > Am Montag, dem 21.11.2022 um 11:27 +0000 schrieb Michael Tremer: >> Hello Erik, >>=20 >> Nice to see you on this list again :) > Good to see some answers again from you :-) >=20 >>=20 >>> On 21 Nov 2022, at 10:22, Erik Kapfer >>> wrote: >>>=20 >>> Since OpenSSL-3.x will remove all 64 bit block-cipher but also >>> OpenVPNs changelog >>> for version 2.5.8 gives hints to get rid of BF-CBC for default >>> configuations, >>> a warning will be displayed in the WUI if the user is running >>> BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-CBC|DES-EDE3-CBC but also SHA1 to >>> change >>> as soon as possible to another more secure algorithm. >>=20 >> Well, this does not sound like good news. It is yet another change >> that would break *lots* of existing OpenVPN setups. > It would need work from user side to change the cipher/HMAC in the WUI > and on client.ovpn if not already AES, Camelia or Seed has been chosen. Exactly. That would require every single client to be changed, too. >>=20 >> Although the patch looks fine, I am not sure if this is the best way >> to go, because if we tell people that their setup won=E2=80=99t be support= ed >> much longer, what alternatives are there? > I think with the Sweet32 birthday attacks a lot of things has been > changed where even OpenSSL started with fundamental changes and i think > /hope it will go further in the crypto world which is also not that far > away with things like PQC so things are changing here more or less > rapidly. I am not in favour of not moving forward. People should absolutely *not* be u= sing Blowfish. However, fact is, that plenty of people are using this out there. How many? W= e don=E2=80=99t know. But we need a migration path no matter what. >>=20 >> Resetting to the default options, throwing away their CA and start >> from scratch is not an option. Even 20 connections are too many to >> manually update. > This patch does not focus the CA, changes needs to be done with the > cipher/HMAC selection on server.conf and client.ovpn . >=20 >>=20 >> If they would actually do this, we will be back to square one really >> soon, because we still don=E2=80=99t have cipher negotiation. > Am pretty alone on testing side and resonance in general with this but > the negotiation works here for me --> > https://github.com/ummeegge/ovpn_dev but do need OpenVPN clients with > version >=3D 2.5.0 . Hmm, it is not surprising if development happens off list. Coordination, looking for help and so on should happen here, because this is = where the people are :) >>=20 >> We are also just accumulating warning messages at the top of the page >> which cannot be fixed. For years, we are showing some certificate >> warning and I am not sure why that actually is and what people can do >> about it?! > Generating a new PKI was the intention with this which should be made > in my opinion otherwise all that might be a kind of security by > obscurity. > We throwed already away the DH warning messages with Peter=C2=B4s DH Patch, > the MD5 message should be showed as you mentioned it, long enough and > should be ready to be deleted maybe ? Changes might be hard in that > topic but as in life, sometimes important ;-) ? Showing a warning does not change a lot for us: We will still have to support the old ciphers/etc. because they are in use. And we will have to do that because there is no way for users to migrate. >> So, I fear that we will have to keep supporting those really outdated >> (and yes, potentially dangerously insecure) setups for the lifetime >> of IPFire 2. If it isn=E2=80=99t an option to move forward to the latest >> version of OpenVPN we would be in *very* big trouble. > It is mainly OpenSSL not that much OpenVPN as one can see already with > the PKCS#12 decryption problem... with the legacy mode it might also be > a possibility to ride a dead horse. I would *really* like for OpenVPN to be a dead horse, because it is a pain. I= t is one of the largest CGI files we have; we have plenty of glue-code that i= s using very interesting hacks for implementing things like 2FA. But the alternatives like Wireguard do not seem to be taking off either. So, = OpenVPN is and remains the de-facto standard solution to connect mobile devic= es to IPFire. And that will probably remain the case for a very long time to = come. So, we will need to find a way how we can support OpenVPN well. Right now it = really feels like a pile of work whenever there is a new release out there. W= e still rely on many deprecated features and we will need to make sure to get= rid of them if we want to have a chance to maintain this with reasonable eff= ort. Best, -Michael >>=20 >> Best, >> -Michael >=20 > All the best, >=20 > Erik >=20 >>=20 >>>=20 >>> The call of the pkiconfigcheck function is now located in the >>> status page section. >>>=20 >>> Signed-off-by: Erik Kapfer >>> --- >>> html/cgi-bin/ovpnmain.cgi | 38 >>> ++++++++++++++++++++++++++++++++++++-- >>> langs/de/cgi-bin/de.pl | 3 +++ >>> langs/en/cgi-bin/en.pl | 3 +++ >>> 3 files changed, 42 insertions(+), 2 deletions(-) >>>=20 >>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi >>> index dc429d90c..5c34a5f4d 100644 >>> --- a/html/cgi-bin/ovpnmain.cgi >>> +++ b/html/cgi-bin/ovpnmain.cgi >>> @@ -101,8 +101,6 @@ $cgiparams{'DCIPHER'} =3D ''; >>> $cgiparams{'DAUTH'} =3D ''; >>> $cgiparams{'TLSAUTH'} =3D ''; >>> $routes_push_file =3D "${General::swroot}/ovpn/routes_push"; >>> -# Perform crypto and configration test >>> -&pkiconfigcheck; >>>=20 >>> # Add CCD files if not already presant >>> unless (-e $routes_push_file) { >>> @@ -240,6 +238,39 @@ sub pkiconfigcheck >>> } >>> } >>>=20 >>> + # Warning for Roadwarrior if deprecated 64-bit-block ciphers or >>> weak HMAC is in usage >>> + if (-f "${General::swroot}/ovpn/server.conf") { >>> + my $oldciphers =3D "${General::swroot}/ovpn/server.conf"; >>> + open(FH, $oldciphers); >>> + while(my $cipherstring =3D ) { >>> + if ($cipherstring =3D~ /BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-CBC|DES- >>> EDE3-CBC|SHA1/) { >>> + my @tempcipherstring =3D split(" ", $cipherstring); >>> + $cryptowarning =3D "
$Lang::tr{'ovpn warning algorithm'}: >> color=3D'red'>$tempcipherstring[1]
$Lang::tr{'ovpn warning >>> 64 bit block cipher'}"; >>> + goto CRYPTO_WARNING; >>> + } >>> + } >>> + close(FH); >>> + } >>> + >>> + # Warning for Net-to-Net connections if deprecated 64-bit-block >>> ciphers or HMAC is in usage >>> + if (-f "${General::swroot}/ovpn/ovpnconfig") { >>> + my $oldciphers =3D "${General::swroot}/ovpn/ovpnconfig"; >>> + open(FH, $oldciphers); >>> + while(my $cipherstring =3D ) { >>> + if ($cipherstring =3D~ /BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-CBC|DES- >>> EDE3-CBC/) { >>> + my @tempcipherstring =3D split(",", $cipherstring); >>> + $cryptowarning =3D "
$Lang::tr{'ovpn warning algorithm'}: >> color=3D'red'>$tempcipherstring[41]
$Lang::tr{'ovpn >>> warning algorithm n2n'} >>> $tempcipherstring[2]
$Lang::tr{'ovpn warning 64 bit block >>> cipher'}
"; >>> + goto CRYPTO_WARNING; >>> + } >>> + if ($cipherstring =3D~ /SHA1/) { >>> + my @tempcipherstring =3D split(",", $cipherstring); >>> + $cryptowarning =3D "
$Lang::tr{'ovpn warning algorithm'}: >> color=3D'red'>$tempcipherstring[40]
$Lang::tr{'ovpn >>> warning algorithm n2n'} >>> $tempcipherstring[2]
$Lang::tr{'ovpn warning 64 bit block >>> cipher'}
"; >>> + goto CRYPTO_WARNING; >>> + } >>> + } >>> + } >>> + >>> + >>> CRYPTO_WARNING: >>> } >>>=20 >>> @@ -5056,6 +5087,9 @@ END >>> my @status =3D ; >>> close(FILE); >>>=20 >>> + # Perform crypto and configration test >>> + &pkiconfigcheck; >>> + >>> if ($cgiparams{'VPN_IP'} eq '' && -e >>> "${General::swroot}/red/active") { >>> if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { >>> my $ipaddr =3D ; >>> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl >>> index abfba5d5e..bb675ec34 100644 >>> --- a/langs/de/cgi-bin/de.pl >>> +++ b/langs/de/cgi-bin/de.pl >>> @@ -1982,6 +1982,9 @@ >>> 'ovpn subnet is invalid' =3D> 'Das OpenVPN-Subnetz ist ung=C3=BCltig.', >>> 'ovpn subnet overlap' =3D> 'OpenVPNSubnetz =C3=BCberschneidet sich mit ', >>> 'ovpn tls auth' =3D> 'TLS-Kanalabsicherung:', >>> +'ovpn warning 64 bit block cipher' =3D> 'Dieser Algorithmus ist >>> unsicher und wird bald entfernt.
Bitte =C3=84ndern Sie dies auf >>> beiden Seiten (Server und Client) so schnell wie m=C3=B6glich!
', >>> +'ovpn warning algorithm' =3D> 'Folgender Algorithmus wurde >>> konfiguriert', >>> +'ovpn warning algorithm n2n' =3D> 'F=C3=BCr die Netz-zu-Netz Verbindung', >>> 'ovpn warning rfc3280' =3D> 'Das Host Zertifikat ist nicht RFC3280 >>> Regelkonform.
Bitte IPFire auf die letzte Version updaten und >>> generieren sie ein neues Root und Host Zertifikat so bald wie >>> m=C3=B6glich.

Es m=C3=BCssen dann alle OpenVPN clients erneuert >>> werden!
', >>> 'ovpn_fastio' =3D> 'Fast-IO', >>> 'ovpn_fragment' =3D> 'Fragmentgr=C3=B6sse', >>> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl >>> index bf18b22a2..9aaf3e765 100644 >>> --- a/langs/en/cgi-bin/en.pl >>> +++ b/langs/en/cgi-bin/en.pl >>> @@ -2035,6 +2035,9 @@ >>> 'ovpn subnet is invalid' =3D> 'OpenVPN subnet is invalid.', >>> 'ovpn subnet overlap' =3D> 'OpenVPN Subnet overlaps with : ', >>> 'ovpn tls auth' =3D> 'TLS Channel Protection:', >>> +'ovpn warning 64 bit block cipher' =3D> 'This encryption algorithm >>> is broken and will soon be removed.
Please change this on both >>> sides (server and client) as soon as possible!
', >>> +'ovpn warning algorithm' =3D> 'The following algorithm was >>> configured', >>> +'ovpn warning algorithm n2n' =3D> 'For the Net-to-Net connection', >>> 'ovpn warning rfc3280' =3D> 'Your host certificate is not RFC3280 >>> compliant.
Please update to the latest IPFire version and >>> generate as soon as possible a new root and host >>> certificate.

All OpenVPN clients needs then to be >>> renewed!
', >>> 'ovpn_fastio' =3D> 'Fast-IO', >>> 'ovpn_mssfix' =3D> 'MSSFIX Size', >>> --=20 >>> 2.35.1 --===============7222972886095702279==--