freebsd security - May 2015 - Forums.FreeBSD.org - SSL Issue?

On Fri, May 15, 2015, at 03:07, Ian Smith wrote:
> On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
>  > Hello
>  > 
>  > >> But I don't think disable TLS 1.0 is ok.
>  > >>
>  > > 
>  > > TLS 1.0 is dead and is even now banned in new installations
according to
>  > > the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be
supported
>  > > by *any* HTTPS site now.
>  > 
>  > Maybe is dead but is used in many old browser / software still used.
>  > 
>  > In PCI DSS 3.1 merchants must remove SSL and TLS 1.0 to 30 June 2016.
>  > (new installations "in theory" should not be built on TLS
1.0).
>  > 
>  > So we have 1 year and FreeBSD forum is not e-commerce site ;)
> 
> People seem determined to make sure freebsd forums are one of the first 
> sites to ban TLS 1.0, as some sort of best-practice example.
> 
> I admit my knowledge of TLS issues is scant.  I'd like to know whether 
> allowing TLS 1.0 - with fallback from later levels denied, as it already 
> is - endangers the server, or only the client?  If there's a clearly 
> stated and immediate danger to the forum server, I can accept that, but 
> I'd have thought https://www and svnweb would be more at such peril? 
> Will there be any notice before they're denied TLS 1.0 access also?
> 
The danger is decryption. Your username/password could be stolen if
someone captures your traffic after successfully initiating a downgrade
attack.

You can't login to www.freebsd.org or svnweb. The most they can do is
see what you're browsing, which isn't private anyway.
> If it's just for making the sort of point that Mark is advocating, to 
> force people to join this 'rolling automatic update' model so
beloved of
> Microsoft and their captive hardware vendors, then I think doing that, 
> without any sort of prior notice, is rather less than I've come to 
> expect from the FreeBSD project over 17 years.
> 
> But I'm a grandpa too; guess I have old-fashioned expectations :)
> 
Microsoft has nothing to do with this. They're setting a good example.
OSX is sort-of on that train too. FreeBSD has always been ahead of the
curve with the ports tree being a rolling-release model. We need the
Linux distros to get their heads on straight now, too.

Just a reminder: I don't speak for the project in these matters. I'm
just telling you what best current practices are. I have no idea who
made that decision for the forums, or if it's even worth having the
forums on https anyway. If it was up to me I probably wouldn't even put
https on the forums even though Google will penalize it in search
results. (Sure, you have a user account there... but it doesn't really
do anything... you're not using the same credentials everywhere are
you?)

Actually, that might be the reason -- Google search results. Perhaps
Google is also logging what protocols/ciphers your HTTPS has and is
using that in search rankings.

On Fri, 15 May 2015 07:51:34 -0500, Mark Felder wrote:
 > On Fri, May 15, 2015, at 03:07, Ian Smith wrote:
 > > On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
 > >  > Hello
 > >  > 
 > >  > >> But I don't think disable TLS 1.0 is ok.
 > >  > >>
 > >  > > 
 > >  > > TLS 1.0 is dead and is even now banned in new
installations according to
 > >  > > the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to
be supported
 > >  > > by *any* HTTPS site now.
 > >  > 
 > >  > Maybe is dead but is used in many old browser / software still
used.
 > >  > 
 > >  > In PCI DSS 3.1 merchants must remove SSL and TLS 1.0 to 30 June
2016.
 > >  > (new installations "in theory" should not be built on
TLS 1.0).
 > >  > 
 > >  > So we have 1 year and FreeBSD forum is not e-commerce site ;)
 > > 
 > > People seem determined to make sure freebsd forums are one of the
first
 > > sites to ban TLS 1.0, as some sort of best-practice example.
 > > 
 > > I admit my knowledge of TLS issues is scant.  I'd like to know
whether
 > > allowing TLS 1.0 - with fallback from later levels denied, as it
already
 > > is - endangers the server, or only the client?  If there's a
clearly
 > > stated and immediate danger to the forum server, I can accept that,
but
 > > I'd have thought https://www and svnweb would be more at such
peril?
 > > Will there be any notice before they're denied TLS 1.0 access
also?

 > The danger is decryption. Your username/password could be stolen if
 > someone captures your traffic after successfully initiating a downgrade
 > attack.

So the danger is only to myself, from some MITM, and not to the server?  
And despite the forum cert setup shown at 
https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org :

Downgrade attack prevention  	 Yes, TLS_FALLBACK_SCSV supported (more info)

which refers to RFC 7507, https://datatracker.ietf.org/doc/rfc7507/ 
which I've read, are we not trusting that mechanisn to prevent some 
successful initiation of a downgrade attack - which I rather imprecisely 
called "with fallback from later levels denied" above?

 > You can't login to www.freebsd.org or svnweb. The most they can do is
 > see what you're browsing, which isn't private anyway.

Alright.

 > > If it's just for making the sort of point that Mark is
advocating, to
 > > force people to join this 'rolling automatic update' model so
beloved of
 > > Microsoft and their captive hardware vendors, then I think doing
that,
 > > without any sort of prior notice, is rather less than I've come
to
 > > expect from the FreeBSD project over 17 years.
 > > 
 > > But I'm a grandpa too; guess I have old-fashioned expectations :)

 > Microsoft has nothing to do with this. They're setting a good example.

Alright, the leopard has changed its spots; wonders will never cease.

 > OSX is sort-of on that train too. FreeBSD has always been ahead of the
 > curve with the ports tree being a rolling-release model. We need the
 > Linux distros to get their heads on straight now, too.

The latter should be simple enough :)

 > Just a reminder: I don't speak for the project in these matters.
I'm
 > just telling you what best current practices are. I have no idea who
 > made that decision for the forums, or if it's even worth having the
 > forums on https anyway.

Other forums I use allow http connections, read only, only requiring 
switching to https for login and thus posting, which is fair enough,
and I have almost always only read a few forum posts, but see below ..

Noone has yet seen fit to even comment on the matter of no prior notice;
there is usually at least some heads-up warning, 'better upgrade now', 
before access is denied to some FreeBSD service from older browsers.

 > If it was up to me I probably wouldn't even put
 > https on the forums even though Google will penalize it in search
 > results. (Sure, you have a user account there... but it doesn't really
 > do anything... you're not using the same credentials everywhere are
 > you?)

Of course not.  And I just checked, being unsure I'd ever posted there, 
to find my password server-allocated anyway, so I must have posted once.

 > Actually, that might be the reason -- Google search results. Perhaps
 > Google is also logging what protocols/ciphers your HTTPS has and is
 > using that in search rankings.

You're seriously suggesting that the FreeBSD project should set security 
policies to favour higher rankings from an advertising company?

cheers, Ian