Re: [PATCH] openvpn: Warning for broken algorithms .

[ummeegge <ummeegge@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 12162 bytes --]

Ooops,
my mail client goes wild and fires some more mails of the same content
:-| .

Am Montag, dem 21.11.2022 um 14:41 +0000 schrieb Michael Tremer:
> Hey,
> 
> > On 21 Nov 2022, at 14:09, ummeegge <ummeegge(a)ipfire.org> wrote:
> > 
> > Hi Michael,
> > 
> > Am Montag, dem 21.11.2022 um 11:27 +0000 schrieb Michael Tremer:
> > > Hello Erik,
> > > 
> > > Nice to see you on this list again :)
> > Good to see some answers again from you :-)
> > 
> > > 
> > > > On 21 Nov 2022, at 10:22, Erik Kapfer <erik.kapfer(a)ipfire.org>
> > > > wrote:
> > > > 
> > > > Since OpenSSL-3.x will remove all 64 bit block-cipher but also
> > > > OpenVPNs changelog
> > > > for version 2.5.8 gives hints to get rid of BF-CBC for default
> > > > configuations,
> > > > a warning will be displayed in the WUI if the user is running
> > > > BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-CBC|DES-EDE3-CBC but also
> > > > SHA1 to
> > > > change
> > > > as soon as possible to another more secure algorithm.
> > > 
> > > Well, this does not sound like good news. It is yet another
> > > change
> > > that would break *lots* of existing OpenVPN setups.
> > It would need work from user side to change the cipher/HMAC in the
> > WUI
> > and on client.ovpn if not already AES, Camelia or Seed has been
> > chosen.
> 
> Exactly. That would require every single client to be changed, too.
No other way to deliver the (un)trust which projects like OpenSSL have
in their own development.

> 
> > > 
> > > Although the patch looks fine, I am not sure if this is the best
> > > way
> > > to go, because if we tell people that their setup won’t be
> > > supported
> > > much longer, what alternatives are there?
> > I think with the Sweet32 birthday attacks a lot of things has been
> > changed where even OpenSSL started with fundamental changes and i
> > think
> > /hope it will go further in the crypto world which is also not that
> > far
> > away with things like PQC so things are changing here more or less
> > rapidly.
> 
> I am not in favour of not moving forward. People should absolutely
> *not* be using Blowfish.
Yes, even a cipher renegotiation for 64 bit block-ciphers will be
forced with a reneg-bytes 64000000 per default from OpenVPN!

> 
> However, fact is, that plenty of people are using this out there. How
> many? We don’t know.
> 
> But we need a migration path no matter what.
Have you an idea what should be done or how to proceed further ?

> 
> > > 
> > > Resetting to the default options, throwing away their CA and
> > > start
> > > from scratch is not an option. Even 20 connections are too many
> > > to
> > > manually update.
> > This patch does not focus the CA, changes needs to be done with the
> > cipher/HMAC selection on server.conf and client.ovpn .
> > 
> > > 
> > > If they would actually do this, we will be back to square one
> > > really
> > > soon, because we still don’t have cipher negotiation.
> > Am pretty alone on testing side and resonance in general with this
> > but
> > the negotiation works here for me -->
> > https://github.com/ummeegge/ovpn_dev but do need OpenVPN clients
> > with
> > version >= 2.5.0 .
> 
> Hmm, it is not surprising if development happens off list.
> 
> Coordination, looking for help and so on should happen here, because
> this is where the people are :)
Lot´s of stuff here as before but may in much smaller portions ?

> 
> > > 
> > > We are also just accumulating warning messages at the top of the
> > > page
> > > which cannot be fixed. For years, we are showing some certificate
> > > warning and I am not sure why that actually is and what people
> > > can do
> > > about it?!
> > Generating a new PKI was the intention with this which should be
> > made
> > in my opinion otherwise all that might be a kind of security by
> > obscurity.
> > We throwed already away the DH warning messages with Peter´s DH
> > Patch,
> > the MD5 message should be showed as you mentioned it, long enough
> > and
> > should be ready to be deleted maybe ? Changes might be hard in that
> > topic but as in life, sometimes important ;-) ?
> 
> Showing a warning does not change a lot for us:
> 
> We will still have to support the old ciphers/etc. because they are
> in use.
> 
> And we will have to do that because there is no way for users to
> migrate.
Are there plans how to operate with OpenSSL-3.x ? If the wheel is
turning in this way there will be a long rat-tail as time goes by...

> 
> > > So, I fear that we will have to keep supporting those really
> > > outdated
> > > (and yes, potentially dangerously insecure) setups for the
> > > lifetime
> > > of IPFire 2. If it isn’t an option to move forward to the latest
> > > version of OpenVPN we would be in *very* big trouble.
> > It is mainly OpenSSL not that much OpenVPN as one can see already
> > with
> > the PKCS#12 decryption problem... with the legacy mode it might
> > also be
> > a possibility to ride a dead horse.
> 
> I would *really* like for OpenVPN to be a dead horse, because it is a
> pain. It is one of the largest CGI files we have; we have plenty of
> glue-code that is using very interesting hacks for implementing
> things like 2FA.
> 
> But the alternatives like Wireguard do not seem to be taking off
> either. So, OpenVPN is and remains the de-facto standard solution to
> connect mobile devices to IPFire. And that will probably remain the
> case for a very long time to come.
> 
> So, we will need to find a way how we can support OpenVPN well. Right
> now it really feels like a pile of work whenever there is a new
> release out there. We still rely on many deprecated features and we
> will need to make sure to get rid of them if we want to have a chance
> to maintain this with reasonable effort.
I feel you as you can imagine :-) but here again, first steps ? There
are really lot´s of ideas and of already done work but it makes no
sense to went here on as a lone warrior even the work has been far
beyond a reasonable effort spoken for myself!

> 
> Best,
> -Michael
> 
> > > 
> > > Best,
> > > -Michael
> > 
> > All the best,
> > 
> > Erik
> > 
> > > 
> > > > 
> > > > The call of the pkiconfigcheck function is now located in the
> > > > status page section.
> > > > 
> > > > Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
> > > > ---
> > > > html/cgi-bin/ovpnmain.cgi | 38
> > > > ++++++++++++++++++++++++++++++++++++--
> > > > langs/de/cgi-bin/de.pl    |  3 +++
> > > > langs/en/cgi-bin/en.pl    |  3 +++
> > > > 3 files changed, 42 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-
> > > > bin/ovpnmain.cgi
> > > > index dc429d90c..5c34a5f4d 100644
> > > > --- a/html/cgi-bin/ovpnmain.cgi
> > > > +++ b/html/cgi-bin/ovpnmain.cgi
> > > > @@ -101,8 +101,6 @@ $cgiparams{'DCIPHER'} = '';
> > > > $cgiparams{'DAUTH'} = '';
> > > > $cgiparams{'TLSAUTH'} = '';
> > > > $routes_push_file = "${General::swroot}/ovpn/routes_push";
> > > > -# Perform crypto and configration test
> > > > -&pkiconfigcheck;
> > > > 
> > > > # Add CCD files if not already presant
> > > > unless (-e $routes_push_file) {
> > > > @@ -240,6 +238,39 @@ sub pkiconfigcheck
> > > > }
> > > > }
> > > > 
> > > > + # Warning for Roadwarrior if deprecated 64-bit-block ciphers
> > > > or
> > > > weak HMAC is in usage
> > > > + if (-f "${General::swroot}/ovpn/server.conf") {
> > > > + my $oldciphers = "${General::swroot}/ovpn/server.conf";
> > > > + open(FH, $oldciphers);
> > > > + while(my $cipherstring = <FH>) {
> > > > + if ($cipherstring =~ /BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-
> > > > CBC|DES-
> > > > EDE3-CBC|SHA1/) {
> > > > + my @tempcipherstring = split(" ", $cipherstring);
> > > > + $cryptowarning = "<br>$Lang::tr{'ovpn warning algorithm'}:
> > > > <font
> > > > color='red'>$tempcipherstring[1]</font></br>$Lang::tr{'ovpn
> > > > warning
> > > > 64 bit block cipher'}";
> > > > + goto CRYPTO_WARNING;
> > > > + }
> > > > + }
> > > > + close(FH);
> > > > + }
> > > > +
> > > > + # Warning for Net-to-Net connections if deprecated 64-bit-
> > > > block
> > > > ciphers or HMAC is in usage
> > > > + if (-f "${General::swroot}/ovpn/ovpnconfig") {
> > > > + my $oldciphers = "${General::swroot}/ovpn/ovpnconfig";
> > > > + open(FH, $oldciphers);
> > > > + while(my $cipherstring = <FH>) {
> > > > + if ($cipherstring =~ /BF-CBC|CAST5-CBC|DESX-CBC|DES-EDE-
> > > > CBC|DES-
> > > > EDE3-CBC/) {
> > > > + my @tempcipherstring = split(",", $cipherstring);
> > > > + $cryptowarning = "<br>$Lang::tr{'ovpn warning algorithm'}:
> > > > <font
> > > > color='red'>$tempcipherstring[41]</font></br>$Lang::tr{'ovpn
> > > > warning algorithm n2n'}<font color='red'>
> > > > $tempcipherstring[2]</font><br>$Lang::tr{'ovpn warning 64 bit
> > > > block
> > > > cipher'}</br>";
> > > > + goto CRYPTO_WARNING;
> > > > + }
> > > > + if ($cipherstring =~ /SHA1/) {
> > > > + my @tempcipherstring = split(",", $cipherstring);
> > > > + $cryptowarning = "<br>$Lang::tr{'ovpn warning algorithm'}:
> > > > <font
> > > > color='red'>$tempcipherstring[40]</font></br>$Lang::tr{'ovpn
> > > > warning algorithm n2n'}<font color='red'>
> > > > $tempcipherstring[2]</font><br>$Lang::tr{'ovpn warning 64 bit
> > > > block
> > > > cipher'}</br>";
> > > > + goto CRYPTO_WARNING;
> > > > + }
> > > > + }
> > > > + }
> > > > +
> > > > +
> > > > CRYPTO_WARNING:
> > > > }
> > > > 
> > > > @@ -5056,6 +5087,9 @@ END
> > > >     my @status = <FILE>;
> > > >     close(FILE);
> > > > 
> > > > + # Perform crypto and configration test
> > > > + &pkiconfigcheck;
> > > > +
> > > >     if ($cgiparams{'VPN_IP'} eq '' && -e
> > > > "${General::swroot}/red/active") {
> > > > if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
> > > >    my $ipaddr = <IPADDR>;
> > > > diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
> > > > index abfba5d5e..bb675ec34 100644
> > > > --- a/langs/de/cgi-bin/de.pl
> > > > +++ b/langs/de/cgi-bin/de.pl
> > > > @@ -1982,6 +1982,9 @@
> > > > 'ovpn subnet is invalid' => 'Das OpenVPN-Subnetz ist
> > > > ungültig.',
> > > > 'ovpn subnet overlap' => 'OpenVPNSubnetz überschneidet sich
> > > > mit  ',
> > > > 'ovpn tls auth' => 'TLS-Kanalabsicherung:',
> > > > +'ovpn warning 64 bit block cipher' => 'Dieser Algorithmus ist
> > > > unsicher und wird bald entfernt. <br>Bitte Ändern Sie dies auf
> > > > beiden Seiten (Server und Client) so schnell wie
> > > > möglich!</br>',
> > > > +'ovpn warning algorithm' => 'Folgender Algorithmus wurde
> > > > konfiguriert',
> > > > +'ovpn warning algorithm n2n' => 'Für die Netz-zu-Netz
> > > > Verbindung',
> > > > 'ovpn warning rfc3280' => 'Das Host Zertifikat ist nicht
> > > > RFC3280
> > > > Regelkonform. <br>Bitte IPFire auf die letzte Version updaten
> > > > und
> > > > generieren sie ein neues Root und Host Zertifikat so bald wie
> > > > möglich.</br><br>Es müssen dann alle OpenVPN clients erneuert
> > > > werden!</br>',
> > > > 'ovpn_fastio' => 'Fast-IO',
> > > > 'ovpn_fragment' => 'Fragmentgrösse',
> > > > diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
> > > > index bf18b22a2..9aaf3e765 100644
> > > > --- a/langs/en/cgi-bin/en.pl
> > > > +++ b/langs/en/cgi-bin/en.pl
> > > > @@ -2035,6 +2035,9 @@
> > > > 'ovpn subnet is invalid' => 'OpenVPN subnet is invalid.',
> > > > 'ovpn subnet overlap' => 'OpenVPN Subnet overlaps with : ',
> > > > 'ovpn tls auth' => 'TLS Channel Protection:',
> > > > +'ovpn warning 64 bit block cipher' => 'This encryption
> > > > algorithm
> > > > is broken and will soon be removed. <br>Please change this on
> > > > both
> > > > sides (server and client) as soon as possible!</br>',
> > > > +'ovpn warning algorithm' => 'The following algorithm was
> > > > configured',
> > > > +'ovpn warning algorithm n2n' => 'For the Net-to-Net
> > > > connection',
> > > > 'ovpn warning rfc3280' => 'Your host certificate is not RFC3280
> > > > compliant. <br>Please update to the latest IPFire version and
> > > > generate as soon as possible a new root and host
> > > > certificate.</br><br>All OpenVPN clients needs then to be
> > > > renewed!</br>',
> > > > 'ovpn_fastio' => 'Fast-IO',
> > > > 'ovpn_mssfix' => 'MSSFIX Size',
> > > > -- 
> > > > 2.35.1
> 
>