From be164fc401343ed81b9ebd1f6a3cbb31e364a016 Mon Sep 17 00:00:00 2001 From: Tony Chen Date: Wed, 4 Sep 2024 00:58:59 +0000 Subject: [PATCH] ssl_cipher parameter cannot configure TLSv1.3 and TLSv1.2 ciphers at the same time SSL_CTX_set_ciphersuites() sets the TLSv1.3 cipher suites. SSL_CTX_set_cipher_list() sets the ciphers for TLSv1.2 and below. The current TLS configuration logic will not perform SSL_CTX_set_cipher_list() to configure TLSv1.2 ciphers if the call to SSL_CTX_set_ciphersuites() was successful. The call to SSL_CTX_set_ciphersuites() is successful if any TLSv1.3 cipher suite is passed into `--ssl-cipher`. This is a potential security vulnerability because users trying to restrict specific secure ciphers for TLSv1.3 and TLSv1.2, would unknowingly still have the database support insecure TLSv1.2 ciphers. For example: If setting `--ssl_cipher=TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256`, the database would still support all possible TLSv1.2 ciphers rather than only ECDHE-RSA-AES128-GCM-SHA256. The solution is to execute both SSL_CTX_set_ciphersuites() and SSL_CTX_set_cipher_list() even if the first call succeeds. This allows the configuration of exactly which TLSv1.3 and TLSv1.2 ciphers to support. Note that there is 1 behavior change with this. When specifying only TLSv1.3 ciphers to `--ssl-cipher`, the database will not support any TLSv1.2 cipher. However, this does not impose a security risk and considering TLSv1.3 is the modern protocol, this behavior should be fine. All TLSv1.3 ciphers are still supported if only TLSv1.2 ciphers are specified through `--ssl-cipher`. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc. --- mysql-test/include/have_tlsv13.inc | 10 +++++++ mysql-test/main/tlsv13.result | 18 +++++++++++++ mysql-test/main/tlsv13.test | 43 ++++++++++++++++++++++++++++++ mysql-test/suite.pm | 3 +++ vio/viosslfactories.c | 20 +++++++++----- 5 files changed, 87 insertions(+), 7 deletions(-) create mode 100644 mysql-test/include/have_tlsv13.inc create mode 100644 mysql-test/main/tlsv13.result create mode 100644 mysql-test/main/tlsv13.test diff --git a/mysql-test/include/have_tlsv13.inc b/mysql-test/include/have_tlsv13.inc new file mode 100644 index 00000000000..ef897d92f97 --- /dev/null +++ b/mysql-test/include/have_tlsv13.inc @@ -0,0 +1,10 @@ +--disable_query_log +connect (ssl_connection,localhost,root,,,,,SSL); + +if (`SELECT VARIABLE_VALUE NOT LIKE 'TLSv1.3' FROM information_schema.SESSION_STATUS WHERE VARIABLE_NAME = 'ssl_version'`) { + skip Needs TLSv1.3; +} + +disconnect ssl_connection; +connection default; +--enable_query_log diff --git a/mysql-test/main/tlsv13.result b/mysql-test/main/tlsv13.result new file mode 100644 index 00000000000..772cfd85eae --- /dev/null +++ b/mysql-test/main/tlsv13.result @@ -0,0 +1,18 @@ +# restart: --ssl-cipher=TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384 +Variable_name Value +Ssl_cipher TLS_AES_128_GCM_SHA256 +Ssl_cipher_list TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384 +Variable_name Value +Ssl_cipher ECDHE-RSA-AES256-GCM-SHA384 +Ssl_cipher_list TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384 +ERROR 2026 (HY000): TLS/SSL error: ssl/tls alert handshake failure +ERROR 2026 (HY000): TLS/SSL error: ssl/tls alert handshake failure +# restart: --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 +Variable_name Value +Ssl_cipher TLS_AES_128_GCM_SHA256 +Variable_name Value +Ssl_cipher ECDHE-RSA-AES256-GCM-SHA384 +# restart: --ssl-cipher=TLS_AES_128_GCM_SHA256 +Variable_name Value +Ssl_cipher TLS_AES_128_GCM_SHA256 +Ssl_cipher_list TLS_AES_128_GCM_SHA256 diff --git a/mysql-test/main/tlsv13.test b/mysql-test/main/tlsv13.test new file mode 100644 index 00000000000..f90b6849a86 --- /dev/null +++ b/mysql-test/main/tlsv13.test @@ -0,0 +1,43 @@ +--source include/have_ssl_communication.inc +--source include/require_openssl_client.inc +--source include/have_tlsv13.inc + +# +# BUG - SSL_CIPHER SYSTEM VARIABLE CANNOT CONFIGURE TLSV1.3 AND TLSV1.2 CIPHERS AT THE SAME TIME +# +# If users specify TLSv1.3 and TLSv1.2 ciphers, it will only configure the +# TLSv1.3 ciphers correctly but then it will keep all TLSv1.2 ciphers enabled. +# +# This is a potential security vulnerability because users trying to restrict +# secure TLSv1.3 and TLSv1.2 ciphers will unintentionally have insecure TLSv1.2 +# ciphers enabled on the database. +# +let $restart_parameters=--ssl-cipher=TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384; +source include/restart_mysqld.inc; + +--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_128_GCM_SHA256 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher%';" +--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher%';" + +# Check that other ciphers are correctly not supported by the server +--replace_regex /sslv3 alert handshake failure/ssl\/tls alert handshake failure/ +--error 1 +--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_256_GCM_SHA384 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher';" 2>&1 + +--replace_regex /sslv3 alert handshake failure/ssl\/tls alert handshake failure/ +--error 1 +--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';" 2>&1 + +# TLSv1.3 ciphers are still supported if only TLSv1.2 ciphers are passed to --ssl-cipher +let $restart_parameters=--ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384; +source include/restart_mysqld.inc; +--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_128_GCM_SHA256 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher';" +--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';" +--error 1 +--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';" + +# TLSv1.2 ciphers are not supported if only TLSv1.3 ciphers are passed to --ssl-cipher +let $restart_parameters=--ssl-cipher=TLS_AES_128_GCM_SHA256; +source include/restart_mysqld.inc; +--exec $MYSQL --host=localhost --ssl-cipher=TLS_AES_128_GCM_SHA256 --tls-version=TLSv1.3 -e "SHOW STATUS LIKE 'Ssl_cipher%';" +--error 1 +--exec $MYSQL --host=localhost --ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256 --tls-version=TLSv1.2 -e "SHOW STATUS LIKE 'Ssl_cipher';" diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm index d5c4855ce6e..3270c62b37d 100644 --- a/mysql-test/suite.pm +++ b/mysql-test/suite.pm @@ -71,6 +71,9 @@ sub skip_combinations { $skip{'main/ssl_7937.combinations'} = [ 'x509v3' ] unless $ssl_lib =~ /WolfSSL/ or $openssl_ver ge "1.0.2"; + $skip{'main/tlsv13.test'} = 'does not work with OpenSSL <= 1.1.1' + unless $ssl_lib =~ /WolfSSL/ or $openssl_ver ge "3.0.0"; + $skip{'main/ssl_verify_ip.test'} = 'x509v3 support required' unless $openssl_ver ge "1.0.2"; diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 3d007cdd1d8..38dabba822a 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -295,16 +295,22 @@ new_VioSSLFd(const char *key_file, const char *cert_file, /* Set the ciphers that can be used - NOTE: SSL_CTX_set_cipher_list will return 0 if + NOTE: SSL_CTX_set_ciphersuites/SSL_CTX_set_cipher_list will return 0 if none of the provided ciphers could be selected */ - if (cipher && - SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, cipher) == 0 && - SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0) + if (cipher) { - *error= SSL_INITERR_CIPHERS; - DBUG_PRINT("error", ("%s", sslGetErrString(*error))); - goto err2; + int cipher_result= 0; + + cipher_result|= SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, cipher); + cipher_result|= SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher); + + if (cipher_result == 0) + { + *error= SSL_INITERR_CIPHERS; + DBUG_PRINT("error", ("%s", sslGetErrString(*error))); + goto err2; + } } /* Load certs from the trusted ca */