Want to subscribe to topics you're interested in?
Become a Member

Nginx Nginx - No longer needed workaround for BoringSSL

Discussion in 'Nginx and PHP-FPM news & discussions' started by buik, Aug 23, 2016.

  1. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    @eva2000 Great thanks for the news.
    Early data aka 0-RTT is also usable for OpenSSL 1.1.1*, the patch is probably the first step into the general 0-RTT feature.

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah I asked Nginx on twitter, there response nginx web server on Twitter
     
  3. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Take your time because this can take some time. Nginx has other priorities nowadays.
    Good luck.
     
  4. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Hereby another update in line with the latest upstream code:
    [PATCH] to Enable TLS 1.3 on BoringSSL.

    Tested on Nginx 1.15.2 - (BoringSSL master (git branch Aug 15 2018 with TLS 1.3 draft up-to TLS 1.3 final IETF standard)).
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Looks like latest Centmin Mod 123.09beta01 updates for boringssl support now allow me to join the party for boringssl testing :D

    Code (Text):
    lsof | egrep 'libcrypt|libssl|zlib-cf|pcre|ngx|ndk|jemalloc|librt|libdl|libpthread|libz|libc|libstdc|libm|libfreebl|vdso' | awk '/nginx/ {print $NF}' | awk '!a[$0]++' | grep -v lib64
    /usr/local/zlib-cf/lib/libz.so.1.2.8
    /usr/local/lib/libpcre.so.1.2.10
    /opt/boringssl/.openssl/lib/libssl.so
    /opt/boringssl/.openssl/lib/libcrypto.so
    /usr/local/nginx/modules/ngx_stream_module.so
    /usr/local/nginx/modules/ngx_http_brotli_static_module.so
    /usr/local/nginx/modules/ngx_http_fancyindex_module.so
    /usr/local/nginx/modules/ngx_http_echo_module.so
    /usr/local/nginx/modules/ngx_http_set_misc_module.so
    /usr/local/nginx/modules/ndk_http_module.so
    /usr/local/nginx/modules/ngx_http_headers_more_filter_module.so
    /usr/local/nginx/modules/ngx_http_brotli_filter_module.so
    /usr/local/nginx/modules/ngx_http_image_filter_module.so
    

    Code (Text):
    /opt/boringssl/build/tool/bssl speed -filter RSA
    Did 986 RSA 2048 signing operations in 1050509us (938.6 ops/sec)
    Did 34000 RSA 2048 verify (same key) operations in 1009988us (33663.8 ops/sec)
    Did 30000 RSA 2048 verify (fresh key) operations in 1010392us (29691.4 ops/sec)
    Did 130 RSA 4096 signing operations in 1012938us (128.3 ops/sec)
    Did 9647 RSA 4096 verify (same key) operations in 1074233us (8980.4 ops/sec)
    Did 8459 RSA 4096 verify (fresh key) operations in 1028181us (8227.2 ops/sec)
    

    Code (Text):
    /opt/boringssl/build/tool/bssl speed -filter ECDSA
    Did 18000 ECDSA P-224 signing operations in 1038393us (17334.5 ops/sec)
    Did 6942 ECDSA P-224 verify operations in 1001430us (6932.1 ops/sec)
    Did 34000 ECDSA P-256 signing operations in 1027135us (33101.8 ops/sec)
    Did 9999 ECDSA P-256 verify operations in 1068820us (9355.2 ops/sec)
    Did 1595 ECDSA P-384 signing operations in 1047417us (1522.8 ops/sec)
    Did 1496 ECDSA P-384 verify operations in 1046931us (1428.9 ops/sec)
    Did 649 ECDSA P-521 signing operations in 1088881us (596.0 ops/sec)
    Did 583 ECDSA P-521 verify operations in 1064068us (547.9 ops/sec)
    

    Compared to OpenSSL 1.1.1 dev9 master
    Code (Text):
    /opt/openssl-tls1.3/bin/openssl speed -multi 1 rsa2048 ecdsap256
    
    OpenSSL 1.1.1-pre9-dev  xx XXX xxxx
    built on: Sat Aug 18 06:08:41 2018 UTC
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.001083s 0.000032s    923.6  31108.1
                                  sign    verify    sign/s verify/s
     256 bits ecdsa (nistp256)   0.0000s   0.0001s  30215.9   9045.8
    

    If i am reading correctly, for 1 cpu thread test
    • BoringSSL RSA 2048bit sign/op per second is ~1.6% faster than OpenSSL 1.1.1-dev9 master
    • BoringSSL RSA 2048bit (fresh) verify/op per second is ~4.55% slower than OpenSSL 1.1.1-dev9 master
    • BoringSSL ECDSA 256bit sign/op per second is ~9.55% faster than OpenSSL 1.1.1-dev9 master
    • BoringSSL ECDSA 256bit verify/op per second is ~3.42% faster than OpenSSL 1.1.1-dev9 master
    Guess BoringSSL is being used by Nginx as OCSP stapling is being ignored/not supported which is expected as BoringSSL removed OCSP stapling support
    Code (Text):
    nginx -t
    nginx: [warn] "ssl_stapling" ignored, not supported
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    

    SSLlabs test also confirms it and with Nginx 1.15.3 master + BoringSSL, TLS 1.3 is there thanks to commit in Nginx 1.15.3 master for SSL: enabled TLSv1.3 with BoringSSL

    currently using old OpenSSL nginx ssl_ciphers preferences but looks like Nginx native dual RSA 2048/ECDSA SSL certificates isn't working as SSLlabs shows all connections over ECDSA ?

    cmm-nginx-1.15.3-boringssl-ssllabs-00.png cmm-nginx-1.15.3-boringssl-ssllabs-01.png

    Client connections

    cmm-nginx-1.15.3-boringssl-ssllabs-02.png

    Code (Text):
    echo -n | /opt/boringssl/build/tool/bssl s_client -connect domain.com:443
    Connecting to IP:443
    Connected.
      Version: TLSv1.3
      Resumed session: no
      Cipher: TLS_AES_128_GCM_SHA256
      ECDHE curve: X25519
      Signature algorithm: ecdsa_secp256r1_sha256
      Secure renegotiation: yes
      Extended master secret: yes
      Next protocol negotiated: 
      ALPN protocol: 
      OCSP staple: no
      SCT list: no
      Early data: no
      Cert subject: CN = domain.com
      Cert issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    
     
    Last edited: Aug 20, 2018
  6. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Dual cert is removed from BoringSSL a few years ago.
    But dual cert is quite useless as using Windows XP (i.e. dual cert compatibility target group) with IE8 even Lets-encrypt cert sites showing a warning.

    And you have to click it away before going any further.
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah must of overlooked that dual cert removal from BoringSSL :) Guess it makes it easier to just use ECDSA SSL certificates out of the box :)
     
  8. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    You are not going to miss out on visitors. With Windows XP and IE8, almost all sites look distorted, nowadays. So apart from certificates, there are enough reasons to switch to a more modern system. Almost everyone has done that already.
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah I am just thinking from point of view of my Centmin Mod Nginx users and their respective visitors some may need RSA SSL certs.
     
  10. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Yep you could always choose for RSA only or dual cert with OpenSSL.
    RSA or ECDSA it does not matter that mutch.

    Then you can achieve half a percent here and there.
    But most performance loss you get through the internet connection itself.
    0.2/0.3 sec for page loading is max, it is not going any faster.
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    True.. will compare OpenSSL vs BoringSSL built Nginx with HTTP/2 HTTPS benchmarks soon. My new nginx binary backup and restore tool will make it much easier to test various Nginx configured binaries now Beta Branch - Nginx binary + modules backup/restore - nginx-binary-backup.sh :D

    Code (Text):
    ./nginx-binary-backup.sh list                                             
    --------------------------------------------------------
    Listing of available Nginx binary/module backups
    --------------------------------------------------------
    /home/backup-nginxbin/1.15.3-gcc-8.2.1-20180810-openssl-1.1.0i-170818-184702
    /home/backup-nginxbin/1.15.3-gcc-8.2.1-20180817-boringssl-190818-020957
    /home/backup-nginxbin/1.15.3-gcc-8.2.1-20180817-openssl-1.1.1-pre9-dev-190818-022340
    --------------------------------------------------------
     
    Last edited: Aug 19, 2018
  12. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Nice work m8
     
  13. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Hereby another update in line with the latest upstream code:
    [PATCH] to Enable TLS 1.3 on BoringSSL.

    Tested on Nginx 1.15.2 - (BoringSSL master (git branch Aug 19 2018 with TLS 1.3 draft up-to TLS 1.3 final IETF standard)).
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers :)
    So patch is for 1.15.2 only? on 1.15.3 TLS 1.3 auto gets enabled with BoringSSL for me
     
  15. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    It has been tested by me up to and including Nginx 1.15.2.
    Naturally, you decide what you do with it as the source code is open sourced.
    I will mention it more clearly as patch description.
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers.. if Nginx is on schedule Nginx 1.15.3 is due in ~9 days Roadmap – nginx with 0-RTT TLS 1.3 support :D
     
  17. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    10:42 PM
    Already patched the source over here, of course :D
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    oh now I think about it if i am using nginx master 1.15.3 is likely 0-RTT TLS 1.3 code is already there unless they are adding more over next 9 days :)
     
  19. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you mean BoringSSL patched ?

    I need to do more 0-RTT research/reading Simple TLS Server - OpenSSLWiki

     
    Last edited: Aug 20, 2018
  20. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    6:42 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI Cloudflare has a unique and more secure 0-RTT implementation when using TLS 1.3 Introducing Zero Round Trip Time Resumption (0-RTT)