You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2022/03/24 04:07:03 UTC
[kudu] branch master updated: [security] set minimum TLS protocol version to TSLv1.2
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new a8fb42d [security] set minimum TLS protocol version to TSLv1.2
a8fb42d is described below
commit a8fb42dc34e8f1f876db5b26fc3f5eb3196ce854
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Thu Apr 1 18:04:29 2021 -0700
[security] set minimum TLS protocol version to TSLv1.2
Since support for CentOS 6/RHEL 6, Ubuntu 14, Ubuntu 16, and Debian 8
is dropped since Kudu 1.14 [1], we can bump the minimum required TLS
protocol version up to TLSv1.2 for securing Kudu RPC. That's because
* Supported server-side OSes have OpenSSL of at least version 1.0.1
in their stock distribution, so Kudu servers running on supported
OSes automatically support TLSv1.2
* Kudu Java client requires Java 8+ in runtime since Kudu 1.10 [2],
so Kudu Java clients automatically support TLSv1.2 since then
* As of now, with contemporary Linux OS and updated Java 8 [4], Kudu
servers and clients should be able to use even TLSv1.3.
In addition, this patch updates the list of the preferred TLSv1.2
ciphers, bringing it up-to-date with the "intermediate compatibility"
cipher list of the Mozilla Security Server Side TLS recommendations [3]
(without the DH AES ciphers).
At some point I thought to set TLSv1.2 as the minimum protocol version
only for the server side, keeping TLSv1 as the minimum version for the
client side to allow newer Kudu clients work with Kudu servers running
at no longer supported, beyond-EOL OSes. However, I realized that the
set of TLS ciphers supported by Kudu servers in 1.3 -- 1.14 release
range contained only a couple of non-TLSv1.2 ciphers suites:
* AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA)
* AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA)
These can be used starting SSLv3, so these are the only ones that Kudu
clients and servers could use if either side didn't support TLSv1.2.
Both use non-GCM ciphers for data encryption, and data transfer rate
with those ciphers is an order of magnitute slower than with TLSv1.2
suites which use GCM ciphers for data encryption. Given all those
facts, I realized it's not worth it keeping such a compatibility around.
The rationale is: if people are still stuck with RHEL/CentOS 6 or other
EOL OS release, they most likely do not care about security and will
be able to use one of the workarounds listed below.
So, with this patch:
* TLSv1.2 is the minimum TLS protocol version that newer Kudu clients
are able to use for secure Kudu RPC. The newer clients are not able
to communicate with servers built and run with OpenSSL of versions
prior to 1.0.1. If such a Kudu cluster is running on a deprecated
OS (e.g., RHEL/CentOS 6.4), the following options are available to
work around the incompatibility:
** use Kudu clients of 1.14 or earlier versions to communicate
with such cluster
** disable RPC encryption and authentication for Kudu RPC, setting
--rpc_authentication=disabled and --rpc_encryption=disabled
for all masters and tablet servers in the cluster to allow the
new client to work with the old cluster
* TLSv1.2 is the minimum TLS protocol version that newer Kudu servers
are able to use for Kudu RPC. The newer servers are not able to
communicate using secure Kudu RPC with Kudu C++ client applications
linked with libkudu_client library built against OpenSSL of versions
prior to 1.0.1 or with Java client applications run with outdated
Java runtime that doesn't support TLSv1.2. The following options
are available to work around this incompatibility:
** customize settings for the --rpc_tls_min_protocol and
--rpc_tls_ciphers flags on all masters and tablet servers
in the cluster, setting --rpc_tls_min_protocol=TLSv1 and
adding TLSv1-capable cipher suites (e.g. AES128-SHA and
AES256-SHA) into the list
** disable RPC encryption and authentication for Kudu RPC, setting
--rpc_authentication=disabled and --rpc_encryption=disabled
for all masters and tablet servers in the cluster to allow such
Kudu clients to work with newer clusters
[1] https://kudu.apache.org/releases/1.14.0/docs/release_notes.html
[2] https://issues.apache.org/jira/browse/KUDU-2099
[3] https://wiki.mozilla.org/Security/Server_Side_TLS
[4] https://www.oracle.com/java/technologies/javase/8all-relnotes.html
Change-Id: I07633a04d3828100f148e5de3905094198d13396
Reviewed-on: http://gerrit.cloudera.org:8080/17268
Reviewed-by: Andrew Wong <aw...@cloudera.com>
Tested-by: Alexey Serbin <al...@apache.org>
---
.../java/org/apache/kudu/client/Negotiator.java | 44 +++++++++++-----------
src/kudu/security/security_flags.cc | 28 ++++++--------
2 files changed, 33 insertions(+), 39 deletions(-)
diff --git a/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java b/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
index a9c511d..0e3c361 100644
--- a/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
+++ b/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
@@ -115,29 +115,29 @@ public class Negotiator extends SimpleChannelInboundHandler<CallResponse> {
/**
* The cipher suites, in order of our preference.
+ *
* This list is based on the kDefaultTls13Ciphers and kDefaultTlsCiphers lists
* in security_flags.cc: see that file for details on how it was derived.
+ *
+ * For the mapping between IANA and OpenSSL cipher names, run
+ * `openssl ciphers -stdname` on OpenSSL 1.1.1 (and newer) or see
+ * https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
+ * https://wiki.mozilla.org/Security/Cipher_Suites
+ *
+ * For information on TLSv1.3 (JEP 332) and appropriate ciphers in Java 8
+ * updates, see
+ * https://www.oracle.com/java/technologies/javase/8all-relnotes.html
*/
static final String[] PREFERRED_CIPHER_SUITES = new String[] {
- "TLS_AES_128_GCM_SHA256", // Java 8 (updated), Java 11 (TLS 1.3+ only)
- "TLS_AES_256_GCM_SHA384", // Java 8 (updated), Java 11 (TLS 1.3+ only)
- "TLS_CHACHA20_POLY1305_SHA256", // Java 8 (updated), Java 11 (TLS 1.3+ only)
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", // Java 8
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", // Java 8
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", // Java 8
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // Java 8
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", // Java 7 (TLS 1.2+ only)
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", // Java 7 (TLS 1.2+ only)
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", // Java 7 (TLS 1.2+ only)
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", // Java 7 (TLS 1.2+ only)
- "TLS_RSA_WITH_AES_256_GCM_SHA384", // Java 8
- "TLS_RSA_WITH_AES_128_GCM_SHA256", // Java 8
- "TLS_RSA_WITH_AES_256_CBC_SHA256", // Java 7 (TLS 1.2+ only)
- "TLS_RSA_WITH_AES_128_CBC_SHA256", // Java 7 (TLS 1.2+ only)
- // The following two are critical to allow the client to connect to
- // servers running versions of OpenSSL that don't support TLS 1.2.
- "TLS_RSA_WITH_AES_256_CBC_SHA", // All Java versions
- "TLS_RSA_WITH_AES_128_CBC_SHA" // All Java versions
+ "TLS_AES_128_GCM_SHA256", // TLSv1.3: Java 8 updates (8u261), Java 11
+ "TLS_AES_256_GCM_SHA384", // TLSv1.3: Java 8 updates (8u261), Java 11
+ "TLS_CHACHA20_POLY1305_SHA256", // TLSv1.3: Java 12
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",// TLSv1.2: Java 8
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", // TLSv1.2: Java 8
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",// TLSv1.2: Java 8
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", // TLSv1.2: Java 8
+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // TLSv1.2: Java 12
+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", // TLSv1.2: Java 12
};
/**
@@ -145,10 +145,8 @@ public class Negotiator extends SimpleChannelInboundHandler<CallResponse> {
* This list is based on the kDefaultTlsMinVersion in security_flags.cc.
*/
static final String[] PREFERRED_PROTOCOLS = new String[]{
- "TLSv1.3",
- "TLSv1.2",
- "TLSv1.1",
- "TLSv1",
+ "TLSv1.3", // Java 8 updates (8u261), Java 11
+ "TLSv1.2", // Java 8
};
private enum State {
diff --git a/src/kudu/security/security_flags.cc b/src/kudu/security/security_flags.cc
index bfd09fb..ae7e36c 100644
--- a/src/kudu/security/security_flags.cc
+++ b/src/kudu/security/security_flags.cc
@@ -17,26 +17,20 @@
#include "kudu/security/security_flags.h"
+// The list of ciphers and minimum TLS protocol versions are influenced by the
+// Mozilla Security Server Side TLS recommendations accessed March 2021, at
+// https://wiki.mozilla.org/Security/Server_Side_TLS
namespace kudu {
namespace security {
-// This is the "modern compatibility" cipher list of the Mozilla Security
-// Server Side TLS recommendations, accessed Feb. 2017, with the addition of
-// the non ECDH/DH AES cipher suites from the "intermediate compatibility"
-// list. These additional ciphers maintain compatibility with RHEL 6.5 and
-// below. The DH AES ciphers are not included since we are not configured to
-// use DH key agreement.
-// TODO(aserbin): refresh the list to drop RHEL6/CentOS6 ciphers and
-// sync it with https://wiki.mozilla.org/Security/Server_Side_TLS
+// This is TLSv1.2-related section from the "intermediate compatibility" cipher
+// list of the Mozilla Security Server Side TLS recommendations without the
+// DH AES ciphers: they are not included since we are not configured to use
+// the DH key agreement.
const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCiphers =
- "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
- "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
- "ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:"
- "ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:"
- "AES256-GCM-SHA384:AES128-GCM-SHA256:"
- "AES256-SHA256:AES128-SHA256:"
- "AES256-SHA:AES128-SHA";
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
+ "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305";
// This is the "modern compatibility" TLSv1.3 cipher list of the Mozilla
// Security Server Side TLS recommendations, accessed March 2021.
@@ -44,7 +38,9 @@ const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCiphers =
const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsCipherSuites =
"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256";
-const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsMinVersion = "TLSv1";
+// According to the cipher lists above, the minimum supported TLS version among
+// all the cipher suites is TLSv1.2.
+const char* const SecurityDefaults::SecurityDefaults::kDefaultTlsMinVersion = "TLSv1.2";
} // namespace security
} // namespace kudu