Page MenuHomePhabricator

Improve SSL of lists.wikimedia.org
Closed, ResolvedPublic

Description

No PFS, old MAC (Sha1) and the ciphers could use an update too.

Related Objects

StatusAssignedTask
ResolvedJanZerebecki
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedRobH
ResolvedDzahn
ResolvedRobH
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
Resolved JohnLewis
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
DuplicateDzahn
ResolvedDzahn
ResolvedDzahn
DuplicateDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
InvalidDzahn
ResolvedDzahn
ResolvedDzahn
DeclinedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
Resolved JohnLewis
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Feb 21 2015, 4:59 PM
Maniphest changed the edit policy from "All Users" to "Custom Policy".
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 21 2015, 4:59 PM
DaBPunkt created this task.Feb 21 2015, 4:59 PM
DaBPunkt triaged this task as Normal priority.
DaBPunkt updated the task description. (Show Details)
DaBPunkt changed Security from None to Other confidential issue.
DaBPunkt edited subscribers, added: DaBPunkt; removed: Aklapper.

Does this need to be confidential, given it's just about dealing with SSL issues that anyone can see?

@DaBPunkt: Please respond.

@DaBPunkt: Please respond.

I was uncertain when I opened this bug, if it was confidential or not. I have no problem if this is switched to public (a similar bg about the OTRS is public after all).

JohnLewis changed Security from Other confidential issue to None.Apr 17 2015, 11:22 PM
JohnLewis removed a project: WMF-NDA.
JohnLewis added a subscriber: JohnLewis.
Krenair changed the visibility from "Custom Policy" to "Public (No Login Required)".Apr 17 2015, 11:24 PM
Krenair changed the edit policy from "Custom Policy" to "All Users".
BBlack added a subscriber: BBlack.

The TLS setup on this box is definitely awful. Many of the necessary changes are probably blocked by outdated software, so linking this to the jessie upgrade that sodium is long overdue for.

RobH added a subscriber: RobH.Jun 22 2015, 9:35 PM

also note the sha1 issue is fixed ;]

Dzahn added a subscriber: Dzahn.Aug 19 2015, 1:18 AM

Looking at the config now it already uses <%= @ssl_settings.join("\n") %> and $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365')

That means the settings are taken from the global place, HSTS is enabled with 1 year expiry and the rest will be solved by switching to Apache 2.4.

Dzahn added a comment.Aug 19 2015, 1:22 AM

as to the "compat" part, after upgrading we will have 3 options, "strong", "mid" or keeping "compat". I'm pasting the comments from wmflib here:

17 #   - strong:     Only TLSv1.2 with PFS+AEAD ciphers.  In practice this is a
18 #                 very short list, and requires a very modern client.  No
19 #                 tradeoff is made for compatibility.  Known to work with:
20 #                 New FF/Chrome, IE11, Java8, Android 4.4+, OpenSSL 1.0.x
21 #                 Definitely broken with: All Safari (OSX/iOS).
22 #                 IE11 support requires either DHE support or an ECDSA key.
23 #   - mid:        Supports TLSv1.0 and higher, and adds several forward-secret
24 #                 options which are not AEAD.  This is compatible with many
25 #                 more clients than "strong".  With a DHE-capable server,
26 #                 should only be incompatible with IE8/XP, ancient/un-updated
27 #                 Java6, and some small corner cases like Nokia feature
28 #                 phones.  With a non-DHE server, compatibility is also lost
29 #                 with Android 2.x, OpenSSL 0.9.8, and more Java6 clients.
30 #   - compat:     Supports most legacy clients, PFS optional but preferred.

I would say "strong" is out because it excludes too many clients for a very public service like lists. "mid" might be a reasonable choice, just no IE8 then. or we have to stay with "compat"

Change 232420 had a related patch set uploaded (by Dzahn):
mailman: SSL settings to Apache 2.4 and "mid"

https://gerrit.wikimedia.org/r/232420

I think “mid” should be enough for this case.

Dzahn claimed this task.Aug 25 2015, 8:04 PM

Change 232420 merged by Dzahn:
mailman: SSL settings to Apache 2.4 and "mid"

https://gerrit.wikimedia.org/r/232420

Dzahn added a comment.Aug 28 2015, 7:26 AM

what it will be soon on fermium with the "mid" setting:

per ssllabs.com:

Protocol Support: 95/100

Secure Renegotiation Supported

Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported - This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

Forward Secrecy Yes (with most browsers) ROBUST

Strict Transport Security (HSTS) Yes max-age=31536000 - This server supports HTTP Strict Transport Security with long duration.

Public Key Pinning (HPKP) No

Issuer RapidSSL SHA256 CA - G3

who will not be able to connect anymore ( Protocol or cipher suite mismatch):
Android 2.3.7
IE 6 / XP
IE 8 / XP
Java 6u45
OpenSSL 0.9.8y

Dzahn added a comment.Sep 18 2015, 5:26 PM

we are now rated Grade A+ by ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=lists.wikimedia.org

Forward Secrecy Yes (with most browsers) ROBUST

uses SHA256 instead of SHA1

ciphers updated , now on Apache 2.4

Dzahn closed this task as Resolved.Sep 18 2015, 5:26 PM
Dzahn added a subscriber: Chmarkine.
Dzahn added a comment.Sep 21 2015, 5:47 PM

apparently this broke support for the "listadmin" script below, but i don't know if we can do much about it since the last update of that script seems to be 2007 and our cipher settings are rated as modern and don't exclude many clients: (https://www.ssllabs.com/ssltest/analyze.html?d=lists.wikimedia.org&latest < mutante> clients we exclude: Java6, openssl 0.9.8, IE6/IE8 on XP)

10:37 < marktraceur> http://www.freecode.com/projects/listadmin
10:38 < marktraceur> ERROR: fetching https://lists.wikimedia.org/mailman/admindb/wikimedia-us-mn
10:38 < marktraceur> ERROR: 500 SSL negotiation failed: -- skipping list