Get the most out of your Centmin Mod LEMP stack
Become a Member

OpenSSL OpenSSL 1.1.1 Released with TLS 1.3 Support

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Sep 11, 2018.

  1. ahmed

    ahmed Active Member

    361
    49
    28
    Feb 21, 2017
    Ratings:
    +63
    Local Time:
    3:53 AM
    yes

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

     
  2. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    3:53 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    So, to use TLSv1.3 we have to do 3 things:
    1. recompile nginx if we use older version (1.15.3) or just upgrade nginx to newest version

    2. manually update ssl_ciphers to:
      Code:
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    3. update the file /usr/local/nginx/conf/ssl_include.conf to manualy add the TLS 1.3
      Code:
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    4. restart nginx after that

    Do we need anything else to do?
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    For TLS 1.3, yup steps 1 to 3 only :)
     
  4. ahmed

    ahmed Active Member

    361
    49
    28
    Feb 21, 2017
    Ratings:
    +63
    Local Time:
    3:53 AM
    it worked for me without step 2, however, i just modified it now, does it matter?
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    step 2 ? ssl_ciphers update ? I'd do the update :)
     
  6. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    8:53 PM
    If we are using Cloudflare SSL do we need to add ssl_ciphers line?

    This is currently the only lines I use for SSL with Cloudflare.

    Code:
            ssl_certificate      /usr/local/nginx/conf/ssl/cf.crt;
            ssl_certificate_key  /usr/local/nginx/conf/ssl/cf.key;
    
            ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare.crt;
            ssl_verify_client on;
    
            ssl_early_data on;
            proxy_set_header Early-Data $ssl_early_data;
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I'd update the ssl_ciphers line but remove
    Code (Text):
           ssl_early_data on;
           proxy_set_header Early-Data $ssl_early_data;
    

    Cloudflare doesn't support using Early Data session resumption (0-RTT) or TLS 1.3 for communication between Cloudflare and Centmin Mod Nginx origin server as CF is using TLS 1.3 draft 22 right now and even if they update to TLS 1.3 rfc final, they have said they won't support 0-RTT for CF to origin communications.
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Chrome 70 released so Nginx + OpenSSL 1.1.1 TLS 1.3 enabled :)

    chrome70-ssllabs-tls1.3-01.png

    chrome70-tls1.3-rfc-final-centminmod-nginx-1.15.5-openssl-1.1.1-02.png
     
  9. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    8:53 PM
    Working fine on Christian Forums and Autism Forums with Chrome 70 and TLS 1.3 on Cloudflare.
     
  10. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    8:53 PM
    Is OPENSSL_VERSION='1.1.1' still required with latest cmupdate?
     
  11. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    9:53 AM
    Mainline
    10.2
    No need.
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup no longer needed
     
  13. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    3:53 AM
    1.17
    10.3

    How strange, even to me chrome works with tls1.3 despite not having inserted the new chip suite.

    I have only updated nginx and openssl 1.1.1
    grabilla.g28136.png
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  15. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    9:53 AM
    Mainline
    10.2
    But ssl_protocols has TLS 1.3 listed? Then that is expected behavior.
     
  16. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    3:53 AM
    1.17
    10.3
    Sorry, at what point should the code be inserted to enable "earlydata" in the vhost configuration file?

    Because although I inserted it immediately after the chipersuite, it does not seem to work.

    Code (Text):
            ssl_early_data on;
            proxy_set_header Early-Data $ssl_early_data;
    



    Code (Text):
    issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    
    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Peer signature type: ECDSA
    Server Temp Key: X25519, 253 bits
    ---
    SSL handshake has read 2901 bytes and written 390 bytes
    Verification error: unable to get local issuer certificate
    ---
    New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
    Server public key is 256 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 20 (unable to get local issuer certificate)
    ---
    ---
    Post-Handshake New Session Ticket arrived:
    SSL-Session:
        Protocol  : TLSv1.3
        Cipher    : TLS_AES_256_GCM_SHA384
        Session-ID: AA3B77C9DAA9FE467B48A5D1D94605DD550444230203D78BEB1D520EB6F01B74
        Session-ID-ctx:
        Resumption PSK: 4BE682D92F637270A938D41CE57D24908E57DD2D4D815B234F9F5534F5174F33AE75D4DA9BC16D1A263D88A4DD7F09A2
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 3600 (seconds)
        TLS session ticket:
        0000 - 75 82 1c 51 93 75 6d 77-d9 44 5e 29 3a fe 96 c5   u..Q.umw.D^):...
        0010 - 48 ee 4a 0c 82 86 4f 86-5e 86 1a 72 27 49 ec 8d   H.J...O.^..r'I..
        0020 - bf 88 46 d5 bb 72 ec b3-20 5e 4d 3a 12 f8 9e 33   ..F..r.. ^M:...3
        0030 - 60 ca ea 35 f1 d2 a7 da-b6 e9 30 90 14 0e d9 34   `..5......0....4
        0040 - 2a c3 85 42 d3 b8 3a 56-c0 8d 91 9b 08 d2 3e 51   *..B..:V......>Q
        0050 - 89 24 04 2a 34 fd 6c 76-92 ad 3f e1 0a 66 d1 87   .$.*4.lv..?..f..
        0060 - 95 19 64 23 a3 5d d9 82-40 c0 97 20 cd 92 a9 1a   ..d#.]..@.. ....
        0070 - a4 c0 03 cd 17 b7 32 3c-98 91 ee a4 78 98 f9 cc   ......2<....x...
        0080 - 24 3e 12 57 fb fb 4d dc-0d cd ea 19 b1 18 fe f3   $>.W..M.........
        0090 - 4b 1f 41 5f e7 e5 4d 29-1d f7 bb 77 15 9a 75 6c   K.A_..M)...w..ul
        00a0 - 5d 43 a3 44 e0 95 d9 5f-c3 c4 42 34 d2 cb 90 10   ]C.D..._..B4....
        00b0 - fe 3a e4 b0 ca ef 72 a0-a7 eb 90 11 57 6f 1a cb   .:....r.....Wo..
        00c0 - 60 9e 7c 24 1f a3 97 f2-42 46 6a b2 33 fe 3f 68   `.|$....BFj.3.?h
        00d0 - 7b a9 db 40 9e 57 18 07-74 d0 af 58 7a 27 14 a4   {..@.W..t..Xz'..
        00e0 - e7 9b 1b 7d ea 2d 43 6e-90 00 ee d0 1d c5 af 5b   ...}.-Cn.......[
    
        Start Time: 1541790636
        Timeout   : 7200 (sec)
        Verify return code: 20 (unable to get local issuer certificate)
        Extended master secret: no
        Max Early Data: 16384
    ---
    

    moreover, why does ECDSA no longer work with tls 1.3?

    Thanks!
     
    Last edited: Nov 10, 2018
  17. eva2000

    eva2000 Administrator Staff Member

    53,461
    12,128
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,668
    Local Time:
    11:53 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    TLS 1.3 works with ECDSA or RSA ssl certificates. But it's reported by it's own own ssl cipher see TLS1.3 - OpenSSLWiki (bold part)
    anywhere in server{} context

    How did you test as openssl s_client needs to save a previous HTTPS session and have it replayed to test if early data is working and you don't really want to be using it due to security and replay attacks unless your web app knows how to handle it.
     
  18. buik

    buik “The best traveler is one without a camera.”

    1,999
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,649
    Local Time:
    3:53 AM
  19. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    3:53 AM
    1.17
    10.3
    I have several alerts of this type.. inside the vhost error log.

    not many.

    [QUOTEB]
    2018/11/16 12:30:37

    4642#4642: *333385 ignoring stale global SSL error (SSL: error:1409E10F:SSL routines:ssl3_write_bytes:bad length) while processing HTTP/2 connection, client: 213.45.x.xxx, server: 0.0.0.0:443
    [/QUOTEB]

     
  20. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    9:53 AM
    Mainline
    10.2
    I have few of this daily and I just ignore it :/.
    Not sure what's causing this.