TLS renegotiation failing between squids in hierarchy in Squid 4.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS renegotiation failing between squids in hierarchy in Squid 4.

Manoj Wajekar
Hi,

I am currently squid-cache in hierarchy setup, with TLS enabled throughout.

client --> child Squid --> parent Squid --> web server

Openssl version: 1.0.2k
This setup is working for 3.5.20.

But when I updated to squid 4(tried 4.8, 4.11 and 4.13),
initial HTTP request goes through, but TLS renegotiation is failing between child and parent squid for the following requests.

From the logs, it looks like child squid is trying to initialize TLS renegotiating using old TLS session ID, but parent squid is rejecting session resumption.

I confirm this behavior using openssl s_client --reconnect option.
 
I tried to disabled client initialed TLS renegotiating by setting tls-options=NO_TICKET (on child squid), but it is affecting the behavior.

Are there any changes in default TLS renegotiation behavior between squid 3.5 and 4.x?
Is there a way to disable the client (child squid) initialized TLS renegotiation in squid 4?

Thanks,
Manoj



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS renegotiation failing between squids in hierarchy in Squid 4.

Alex Rousskov
On 11/11/20 10:19 AM, Manoj Wajekar wrote:

> I am currently squid-cache in hierarchy setup, with TLS enabled throughout.
>
> client --> child Squid --> parent Squid --> web server

Do you use SslBump anywhere?


> Openssl version: 1.0.2k
> This setup is working for 3.5.20.

> But when I updated to squid 4(tried 4.8, 4.11 and 4.13),

Does all of the above apply to both child and parent Squids? Or just the
child?


> initial HTTP request goes through, but TLS renegotiation is failing
> between child and parent squid for the following requests.
>
> From the logs, it looks like child squid is trying to initialize TLS
> renegotiating using old TLS session ID, but parent squid is rejecting
> session resumption.
>
> I confirm this behavior using openssl s_client --reconnect option.
>  
> I tried to disabled client initialed TLS renegotiating by setting
> tls-options=NO_TICKET (on child squid), but it is affecting the behavior.

Did you mean to say "_not_ affecting the behavior"?


> Are there any changes in default TLS renegotiation behavior between
> squid 3.5 and 4.x?

It is difficult for me to say for sure -- too many changes in the
surrounding code, too long ago. "Maybe" is the best answer I can give.
Hopefully, others can be more specific.


> Is there a way to disable the client (child squid) initialized TLS
> renegotiation in squid 4?

OpenSSL v1.1 docs have the following paragraph:

> By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET
> option will cause stateless tickets to not be issued. In TLSv1.2 and
> below this means no ticket gets sent to the client at all. In TLSv1.3
> a stateful ticket will be sent. This is a server-side option only.

The last sentence is interesting. However, OpenSSL v1.0 documentation
does not have that last caveat. It has another somewhat vague or open to
interpretation statement. Perhaps OpenSSL behavior changed with v1.1. In
that case, ignore this caveat.

You can try options discussed in the SECURE RENEGOTIATION section of
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
but it is not clear to me whether they apply to your environment.


Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS renegotiation failing between squids in hierarchy in Squid 4.

Manoj Wajekar
   > I am currently squid-cache in hierarchy setup, with TLS enabled throughout.
> client --> child Squid --> parent Squid --> web server

>> Do you use SslBump anywhere?
       I am not using  SslBump. Part of my child squid config looks like:
 
      
https_port 3128\
 accel\
 no-vhost\
 defaultsite=origin\
 cert=/squid/certs/server/cert.pem\
 key=/squid/certs/server/key.pem\
 cafile=/squid/certs/server/ca.pem\
 clientca=/squid/certs/server/ca.pem

cache_peer\
 parentsquid.com\
 parent\
 3128\
 0\
 no-query\
 originserver\
 no-digest\
 no-netdb-exchange\
 login=PASSTHRU\
 tls\
 tls-options=NO_TICKET\
 sslcert=/squid/certs/client/cert.pem\
 sslkey=/squid/certs/client/key.pem\
 tls-cafile=/squid/certs/client/ca.pem
    


> Openssl version: 1.0.2k
> This setup is working for 3.5.20.

> But when I updated to squid 4(tried 4.8, 4.11 and 4.13),

>> Does all of the above apply to both child and parent Squids? Or just the
>> child?
    Following scenarios are working:
    client --> child Squid 3.5.20 --> parent Squid 3.5.20 --> web server
    client --> child Squid 4 --> parent Squid 3.5.20 --> web server
    client --> Squid 4  --> web server
   
    But this scenarios is failing:
  client --> child Squid 4 --> parent Squid 4 --> web server

> initial HTTP request goes through, but TLS renegotiation is failing
> between child and parent squid for the following requests.
>
> From the logs, it looks like child squid is trying to initialize TLS
> renegotiating using old TLS session ID, but parent squid is rejecting
> session resumption.
>
> I confirm this behavior using openssl s_client --reconnect option.
>  
> I tried to disabled client initialed TLS renegotiating by setting
> tls-options=NO_TICKET (on child squid), but it is affecting the behavior.

>> Did you mean to say "_not_ affecting the behavior"?
      Sorry for typo. Yes, with NO_TICKET set, I am encountering same issue.


> Are there any changes in default TLS renegotiation behavior between
> squid 3.5 and 4.x?

It is difficult for me to say for sure -- too many changes in the
surrounding code, too long ago. "Maybe" is the best answer I can give.
Hopefully, others can be more specific.


> Is there a way to disable the client (child squid) initialized TLS
> renegotiation in squid 4?

>> OpenSSL v1.1 docs have the following paragraph:

> By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET
> option will cause stateless tickets to not be issued. In TLSv1.2 and
> below this means no ticket gets sent to the client at all. In TLSv1.3
> a stateful ticket will be sent. This is a server-side option only.
>> The last sentence is interesting. However, OpenSSL v1.0 documentation
>> does not have that last caveat. It has another somewhat vague or open to
>> interpretation statement. Perhaps OpenSSL behavior changed with v1.1. In
>> that case, ignore this caveat.

>> You can try options discussed in the SECURE RENEGOTIATION section of
>> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_options.html
>> but it is not clear to me whether they apply to your environment.

  I tried SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, etc in
 openssl option.
  but it did not changed the behaviour.
  Unfortunately, I can't update to OpenSSL v1.1 because of OS dependency issues.


Manoj

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users