From owner-freebsd-security@freebsd.org Sun Jul 29 16:14:41 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15F72105A55A for ; Sun, 29 Jul 2018 16:14:41 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5EA3E85732 for ; Sun, 29 Jul 2018 16:14:40 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074425-af3ff7000000770c-2d-5b5de455515f Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 87.F0.30476.654ED5B5; Sun, 29 Jul 2018 11:59:18 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w6TFxGRT018323; Sun, 29 Jul 2018 11:59:16 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6TFxBtH010903 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 29 Jul 2018 11:59:14 -0400 Date: Sun, 29 Jul 2018 10:59:11 -0500 From: Benjamin Kaduk To: Dewayne Geraghty Cc: "PRAKASH RAI (prakrai)" , "freebsd-security@freebsd.org" Subject: Re: TLSv1.3 support in freeBSD 11.X Message-ID: <20180729155908.GA79679@kduck.kaduk.org> References: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> <81dc7784-62d2-37e8-95f0-1f49215d4a58@heuristicsystems.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <81dc7784-62d2-37e8-95f0-1f49215d4a58@heuristicsystems.com.au> User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsUixCmqrBv2JDba4PFrXYut96YxW/RsesJm sen2c2YHZo8pvzeyesz4NJ/FY8PhZcwBzFFcNimpOZllqUX6dglcGVvvfmMtuChRMfX/AdYG xhfCXYycHBICJhL/l3xj72Lk4hASWMwkcXHybVYIZyOjxNHrd6Gcq0wSJ87PZO5i5OBgEVCV +LFXHqSbTUBFoqH7MlhYRMBe4tt6P5Aws0C5xNR3k9hBbGEBHYnXS/eB2bxAy279vA1mCwnU S9z/dJ0VIi4ocXLmExaIXh2JnVvvsIGMZBaQllj+jwMiLC/RvHU2M4jNKeAtcffvSrAxogLK Env7DrFPYBSchWTSLCSTZiFMmoVk0gJGllWMsim5Vbq5iZk5xanJusXJiXl5qUW6Fnq5mSV6 qSmlmxhBYc7uorqDcc5fr0OMAhyMSjy8ATdjooVYE8uKK3MPMUpyMCmJ8rLkAoX4kvJTKjMS izPii0pzUosPMUpwMCuJ8Cbdj40W4k1JrKxKLcqHSUlzsCiJ896vCY8WEkhPLEnNTk0tSC2C ycpwcChJ8KY8BmoULEpNT61Iy8wpQUgzcXCCDOcBGj4dpIa3uCAxtzgzHSJ/ilGX48/7qZOY hVjy8vNSpcR5vz8CKhIAKcoozYObA0pPEtn7a14xigO9Jcz7FaSKB5ja4Ca9AlrCBLREOwRs SUkiQkqqgbExlclzatixgz9P+E+/Kx/Pauf/NnjZccf7z5nWpJ2wfSz5e+nkNbOajfYdD56Z 8YlxyxadeOM57P1bZm+7xGRwe8kRi1iPBtdtl347pnEWr536Ym30J54HP3JmBW89zKy+b9/e jkP5LCKHnoScq//npSk996FgE4ONln+0qavbGcWJprzbuBuUWIozEg21mIuKEwHuL1WrKgMA AA== X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jul 2018 16:14:41 -0000 Hi Dewayne, (Full disclosure: I am currently the IETF Area Director responsible for the TLS working group, and as such the TLS 1.3 spec itself; I am also an OpenSSL committer.) On Sun, Jul 29, 2018 at 09:59:29AM +1000, Dewayne Geraghty wrote: > > On 26/07/2018 9:45 PM, PRAKASH RAI (prakrai) via freebsd-security wrote: > > Hi All, > > > > I was going through the https://wiki.freebsd.org/OpenSSL and found that openssl 1.1.1 support is planned for freeBSD 12. > > As TLSv1.3 is based on openssl 1.1.1, does it mean that freeBSD 11.X would not be having support for TLSv1.3? > > > > Basically I would like to understand if I can build openssl 1.1.1 (which is having support for TLSv1.3) with FreeBSD 11.2 without any issue and enable TLSv1.3 support? > > > > Regards, > > Prakash > > > Prakash, > You're very ambitious ;)  TLSv1.3 is very different from 1.2 and > others.  Additional ciphers are "nice", but the session controls are > quite different and will take a while for applications to settle into.  While I don't dispute that this is an amibitous goal, I do dispute that the changes in TLS 1.3 are merely "nice"; there are real improvements to performance, privacy, and security that can be compelling points to drive work for adoption, in some cases. We should let Prakesh make their own decision based on the facts. > Quite a few applications are not yet at openssl 1.1.0, so surprise > yourself and try something like: > for interests in security www; do find /usr/ports/$interests/ -name > Makefile|xargs grep openssl-devel|grep BROKEN; done > > And you should also note that the ports are only built on lowest > supported FreeBSD (#1), and on the 11 stream, that seems to be FreeBSD The officially published *packages* are built on the oldest supported release from a branch; anyone can build the ports on the version they are running (and, of course, build software outside the Ports Collection entirely). > 11.1Release; so we should really work in unison to migrate to openssl > 1.1.1 :)  Drawn your own conclusions about what ports have been tested > on 11.2Release > > FYI perhaps consider libressl which has some additional/useful ciphers, > might be worth a look if the ciphers are your driver.  I'm not sure that I'd echo that advice -- openssl has made some pretty substantial architectural improvements in the 1.1.x series, with a well-designed state machine, unified extension handling, and the (W)PACKET_ APIs for handling network data (and of course the prospect of TLS 1.3 support). While I'm happy to see that libressl has adopted the CBB/CBS APIs from boringssl (to be frank, not using an API of that sort for network data would be pretty hard to justify, in this day and age), it seems to still be organically evolving the openssl 1.0.1 state machine it inherited, and I am unaware of motion for TLS 1.3 support therein. I also don't think that ciphers would be a motivation for OpenSSL 1.1.1 over 1.1.0 -- the only non-TLS 1.3 ciphers that are new across that version jump appear to be the ARIA ciphers, which are not exactly widely used. -Ben