Disable tls1.3 support , can't get SNI / cert details when it's used

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable tls1.3 support , can't get SNI / cert details when it's used

Stilyan Georgiev
Hi,

Squid 4.5 with openssl support here.
SSL bumping can't obtain SNI / cert domain to perform filtering when
tls1.3 is used.
I want to disable support for tls1.3 in config but don't find way to do
so. There's the outdated sslproxy_options config directive which doesn't
appear to be supported in 4.5

The goal is - allow everything , besides tls1.3

Thanks in advance.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable tls1.3 support , can't get SNI / cert details when it's used

Alex Rousskov
On 2/26/19 4:55 AM, Stilyan Georgiev wrote:

> Squid 4.5 with openssl support here.
> SSL bumping can't obtain SNI / cert domain to perform filtering when
> tls1.3 is used.
> I want to disable support for tls1.3 in config but don't find way to do
> so. There's the outdated sslproxy_options config directive which doesn't
> appear to be supported in 4.5
>
> The goal is - allow everything , besides tls1.3

Good question!

TLS v1.3 clients that use "Middlebox Compatibility Mode", including
OpenSSL s_client and popular browsers, pretend to be TLS v1.2 clients
that attempt to restore a non-existent TLS session. Squid probably does
not have ACLs that can detect those lies. However, if you think you can
detect them, you can pass TLS Hello to your external ACL via the
%>handshake logformat code.

If you are asking whether Squid can downgrade TLS v1.3 to TLS v1.2, then
I suspect the answer is "yes, but only if you bump the client connection
first": A peeking Squid cannot negotiate a different TLS version with
the client. If TLS downgrade is what you want, you can probably use an
OpenSSL version that does not support TLS v1.3. There may also be an
OpenSSL v1.1.1 configuration option to turn TLS v1.3 support off, but I
have not research that.

Finally, there may be a bug in earlier versions of Squid that breaks
peeking at TLS v1.3 servers during step2. Staring works. We have not
tested Squid v4.5 though. Please note that peeking at TLS v1.3 servers
is largely pointless because useful information in TLS v1.3 Server Hello
is encrypted.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable tls1.3 support , can't get SNI / cert details when it's used

Stilyan Georgiev
Thanks for the input Alex.
I had many, many issues compiling openssl without tls1.3. At first i tried doing it side by side with version I had in OS but failed miserably, with squid continuing to use the OS package.
Eventually I release upgraded the OS and now have the 1.1.1-1 package from repo, rebuilt it with no-tls1_3 in CONFARGS

And to my amazement squid continues serving tls1.3 :)

Any suggestions on to how to allow tls1.1 and tls1.2 only are very welcome. Maybe tls_outgoing_options cipher= ...

Thanks in advance for helping out!

On Tue, Feb 26, 2019 at 9:10 PM Alex Rousskov <[hidden email]> wrote:
On 2/26/19 4:55 AM, Stilyan Georgiev wrote:

> Squid 4.5 with openssl support here.
> SSL bumping can't obtain SNI / cert domain to perform filtering when
> tls1.3 is used.
> I want to disable support for tls1.3 in config but don't find way to do
> so. There's the outdated sslproxy_options config directive which doesn't
> appear to be supported in 4.5
>
> The goal is - allow everything , besides tls1.3

Good question!

TLS v1.3 clients that use "Middlebox Compatibility Mode", including
OpenSSL s_client and popular browsers, pretend to be TLS v1.2 clients
that attempt to restore a non-existent TLS session. Squid probably does
not have ACLs that can detect those lies. However, if you think you can
detect them, you can pass TLS Hello to your external ACL via the
%>handshake logformat code.

If you are asking whether Squid can downgrade TLS v1.3 to TLS v1.2, then
I suspect the answer is "yes, but only if you bump the client connection
first": A peeking Squid cannot negotiate a different TLS version with
the client. If TLS downgrade is what you want, you can probably use an
OpenSSL version that does not support TLS v1.3. There may also be an
OpenSSL v1.1.1 configuration option to turn TLS v1.3 support off, but I
have not research that.

Finally, there may be a bug in earlier versions of Squid that breaks
peeking at TLS v1.3 servers during step2. Staring works. We have not
tested Squid v4.5 though. Please note that peeking at TLS v1.3 servers
is largely pointless because useful information in TLS v1.3 Server Hello
is encrypted.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


--
Yours Sincerely,
 
Stilyan Georgiev
 

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable tls1.3 support , can't get SNI / cert details when it's used

Stilyan Georgiev
When testing like so: openssl s_client -connect google.com:443
I get tls1.2 back

Via mobile chrome browser (android) and the proxy I get tls1.3
Truly don't understand :)

----- Some output -----
Service Name: squid
This binary uses OpenSSL 1.1.1  11 Sep 2018.

dpkg --list |grep ssl
ii  libgnutls-openssl27:amd64             3.6.4-2ubuntu1.1                  amd64        GNU TLS library - OpenSSL wrapper
ii  libio-socket-ssl-perl                 2.060-3                           all          Perl module implementing object oriented interface to SSL sockets
ii  libnet-smtp-ssl-perl                  1.04-1                            all          Perl module providing SSL support to Net::SMTP
ii  libnet-ssleay-perl                    1.85-2ubuntu2                     amd64        Perl module for Secure Sockets Layer (SSL)
ii  libssl-dev:amd64                      1.1.1-1ubuntu2.1                  amd64        Secure Sockets Layer toolkit - development files
ii  libssl1.0.0:amd64                     1.0.2n-1ubuntu6.2                 amd64        Secure Sockets Layer toolkit - shared libraries
ii  libssl1.1:amd64                       1.1.1-1ubuntu2.1                  amd64        Secure Sockets Layer toolkit - shared libraries
ii  libxmlsec1-openssl:amd64              1.2.26-3                          amd64        Openssl engine for the XML security library
ii  libzstd1:amd64                        1.3.5+dfsg-1ubuntu1               amd64        fast lossless compression algorithm
ii  openssl                               1.1.1-1ubuntu2.1                  amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  perl-openssl-defaults:amd64           3build1                           amd64        version compatibility baseline for Perl OpenSSL packages
ii  python3-openssl                       18.0.0-1                          all          Python 3 wrapper around the OpenSSL library
rc  ssl-cert                              1.0.39                            all          simple debconf wrapper for OpenSSL


On Thu, Feb 28, 2019 at 1:13 AM Stilyan Georgiev <[hidden email]> wrote:
Thanks for the input Alex.
I had many, many issues compiling openssl without tls1.3. At first i tried doing it side by side with version I had in OS but failed miserably, with squid continuing to use the OS package.
Eventually I release upgraded the OS and now have the 1.1.1-1 package from repo, rebuilt it with no-tls1_3 in CONFARGS

And to my amazement squid continues serving tls1.3 :)

Any suggestions on to how to allow tls1.1 and tls1.2 only are very welcome. Maybe tls_outgoing_options cipher= ...

Thanks in advance for helping out!

On Tue, Feb 26, 2019 at 9:10 PM Alex Rousskov <[hidden email]> wrote:
On 2/26/19 4:55 AM, Stilyan Georgiev wrote:

> Squid 4.5 with openssl support here.
> SSL bumping can't obtain SNI / cert domain to perform filtering when
> tls1.3 is used.
> I want to disable support for tls1.3 in config but don't find way to do
> so. There's the outdated sslproxy_options config directive which doesn't
> appear to be supported in 4.5
>
> The goal is - allow everything , besides tls1.3

Good question!

TLS v1.3 clients that use "Middlebox Compatibility Mode", including
OpenSSL s_client and popular browsers, pretend to be TLS v1.2 clients
that attempt to restore a non-existent TLS session. Squid probably does
not have ACLs that can detect those lies. However, if you think you can
detect them, you can pass TLS Hello to your external ACL via the
%>handshake logformat code.

If you are asking whether Squid can downgrade TLS v1.3 to TLS v1.2, then
I suspect the answer is "yes, but only if you bump the client connection
first": A peeking Squid cannot negotiate a different TLS version with
the client. If TLS downgrade is what you want, you can probably use an
OpenSSL version that does not support TLS v1.3. There may also be an
OpenSSL v1.1.1 configuration option to turn TLS v1.3 support off, but I
have not research that.

Finally, there may be a bug in earlier versions of Squid that breaks
peeking at TLS v1.3 servers during step2. Staring works. We have not
tested Squid v4.5 though. Please note that peeking at TLS v1.3 servers
is largely pointless because useful information in TLS v1.3 Server Hello
is encrypted.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


--
Yours Sincerely,
 
Stilyan Georgiev
 


--
Yours Sincerely,
 
Stilyan Georgiev
 

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable tls1.3 support , can't get SNI / cert details when it's used

Amos Jeffries
Administrator
On 28/02/19 12:25 pm, Stilyan Georgiev wrote:
> When testing like so: openssl s_client -connect google.com:443
> I get tls1.2 back
>
> Via mobile chrome browser (android) and the proxy I get tls1.3
> Truly don't understand :)
>

I expect that Chrome is using their own custom SSL library and HTTP/3
protocol which does not go through Squid.

The openssl test will be strictly using a single TCP connection with a
CONNECT tunnels through your Squid. The SSL-Bump process you have setup
will be bumpign that and Squid begotiating teh TLS versio you have
configured.

The Chrome on the other hand may be negotiating TLS/1.3 handshake via
side channels and then resuming it as a normal TLS session resumption
over the Squid connection, OR possibly not even going via the proxy at
all (aka QUIC, HTTP/3).

Google products also has a preference for using Googles custom SSL
library rather than OpenSSL - so your custom OpenSSL may not be relevant
at the client endpoint. Whereas the openssl tools will be naturally be
using libssl like Squid.


If you are not using SSL-Bump in the way(s) indicated previously by
Alex, then your custom OpenSSL build and squid.conf options are
irrelevant. The CONNECT traffic would be going straight through the
proxy without being touched. To have any control over TLS the proxy must
be an _active_ agent participating in the TLS handshake.

HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users