AST-2016-001 http: Provide greater control of TLS and set modern defaults.

This change exposes the configuration of various aspects of the TLS
support and sets the default to the modern standards.

The TLS cipher is now set to the best values according to the
Mozilla OpSec team, different TLS versions can now be disabled, and
the cipher order can be forced to be that of the server instead of
the client.

ASTERISK-24972 #close

Change-Id: I18b74a4830729896cdedc85324bf4c1ac1df29ba

diff --git a/configs/http.conf.sample b/configs/http.conf.sample
index 98c672b2ae54c4a47d37ef8ee1c36bb7464ccbfc..f47b8de68a49a76f8fad618a9acdf806cd22c195 100644 (file)
--- a/configs/http.conf.sample
+++ b/configs/http.conf.sample
@@ -69,10 +69,31 @@ bindaddr=127.0.0.1
 ; If no path is given for tlscertfile or tlsprivatekey, default is to look in current
 ; directory. If no tlsprivatekey is given, default is to search tlscertfile for private key.
 ;
+;
 ; To produce a certificate you can e.g. use openssl. This places both the cert and
 ; private in same .pem file.
 ; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem
 ;
+; tlscipher=                             ; The list of allowed ciphers
+;                                        ; if none are specified the following cipher
+;                                        ; list will be used instead:
+; ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
+; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
+; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
+; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
+; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
+; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
+; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
+; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:
+; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+;
+; tlsdisablev1=yes                ; Disable TLSv1 support - if not set this defaults to "yes"
+; tlsdisablev11=yes               ; Disable TLSv1.1 support - if not set this defaults to "no"
+; tlsdisablev12=yes               ; Disable TLSv1.2 support - if not set this defaults to "no"
+;
+; tlsservercipherorder=yes        ; Use the server preference order instead of the client order
+;                                 ; Defaults to "yes"
+;
 ; The post_mappings section maps URLs to real paths on the filesystem.  If a
 ; POST is done from within an authenticated manager session to one of the
 ; configured POST mappings, then any files in the POST will be placed in the

diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h
index 3356a92ccd1c4d3855d606481aaa14ad8cf1a370..9110039d8d28e2b32a85b5b68a484297ef328343 100644 (file)
--- a/include/asterisk/tcptls.h
+++ b/include/asterisk/tcptls.h
@@ -86,7 +86,15 @@ enum ast_ssl_flags {
        /*! Use SSLv3 for outgoing client connections */
        AST_SSL_SSLV3_CLIENT = (1 << 4),
        /*! Use TLSv1 for outgoing client connections */
-       AST_SSL_TLSV1_CLIENT = (1 << 5)
+       AST_SSL_TLSV1_CLIENT = (1 << 5),
+       /*! Use server cipher order instead of the client order */
+       AST_SSL_SERVER_CIPHER_ORDER = (1 << 6),
+       /*! Disable TLSv1 support */
+       AST_SSL_DISABLE_TLSV1 = (1 << 7),
+       /*! Disable TLSv1.1 support */
+       AST_SSL_DISABLE_TLSV11 = (1 << 8),
+       /*! Disable TLSv1.2 support */
+       AST_SSL_DISABLE_TLSV12 = (1 << 9),
 };
 
 struct ast_tls_config {

diff --git a/main/http.c b/main/http.c
index a123dd28c5178091f867053f9a077fdd8987757a..5dd5b7f121cb650432903bb2728f7724c657bb61 100644 (file)
--- a/main/http.c
+++ b/main/http.c
@@ -1078,10 +1078,13 @@ static int __ast_http_load(int reload)
        }
        http_tls_cfg.pvtfile = ast_strdup("");
 
+       /* Apply modern intermediate settings according to the Mozilla OpSec team as of July 30th, 2015 but disable TLSv1 */
+       ast_set_flag(&http_tls_cfg.flags, AST_SSL_DISABLE_TLSV1 | AST_SSL_SERVER_CIPHER_ORDER);
+
        if (http_tls_cfg.cipher) {
                ast_free(http_tls_cfg.cipher);
        }
-       http_tls_cfg.cipher = ast_strdup("");
+       http_tls_cfg.cipher = ast_strdup("ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA");
 
        AST_RWLIST_WRLOCK(&uri_redirects);
        while ((redirect = AST_RWLIST_REMOVE_HEAD(&uri_redirects, entry))) {
@@ -1106,8 +1109,6 @@ static int __ast_http_load(int reload)
                                && strcasecmp(v->name, "tlsdontverifyserver")
                                && strcasecmp(v->name, "tlsclientmethod")
                                && strcasecmp(v->name, "sslclientmethod")
-                               && strcasecmp(v->name, "tlscipher")
-                               && strcasecmp(v->name, "sslcipher")
                                && !ast_tls_read_conf(&http_tls_cfg, &https_desc, v->name, v->value)) {
                                continue;
                        }

diff --git a/main/tcptls.c b/main/tcptls.c
index 11f47f7e687c06341c35a9029ad7e22285c56b80..8388d4d0028845dc4b48fe7e1c7c7eef795b6390 100644 (file)
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -748,7 +748,8 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
        return 0;
 #else
        int disable_ssl = 0;
- 
+       long ssl_opts = 0;
+
        if (!cfg->enabled) {
                return 0;
        }
@@ -793,11 +794,24 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
         * them. SSLv23_*_method supports TLSv1+.
         */
        if (disable_ssl) {
-               long ssl_opts;
+               ssl_opts |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+       }
+
+       if (ast_test_flag(&cfg->flags, AST_SSL_SERVER_CIPHER_ORDER)) {
+               ssl_opts |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+       }
 
-               ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-               SSL_CTX_set_options(cfg->ssl_ctx, ssl_opts);
+       if (ast_test_flag(&cfg->flags, AST_SSL_DISABLE_TLSV1)) {
+               ssl_opts |= SSL_OP_NO_TLSv1;
        }
+       if (ast_test_flag(&cfg->flags, AST_SSL_DISABLE_TLSV11)) {
+               ssl_opts |= SSL_OP_NO_TLSv1_1;
+       }
+       if (ast_test_flag(&cfg->flags, AST_SSL_DISABLE_TLSV12)) {
+               ssl_opts |= SSL_OP_NO_TLSv1_2;
+       }
+
+       SSL_CTX_set_options(cfg->ssl_ctx, ssl_opts);
 
        SSL_CTX_set_verify(cfg->ssl_ctx,
                ast_test_flag(&cfg->flags, AST_SSL_VERIFY_CLIENT) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_NONE,
@@ -1114,6 +1128,14 @@ int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_
                        ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
                        ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
                }
+       } else if (!strcasecmp(varname, "tlsservercipherorder")) {
+               ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_SERVER_CIPHER_ORDER);
+       } else if (!strcasecmp(varname, "tlsdisablev1")) {
+               ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DISABLE_TLSV1);
+       } else if (!strcasecmp(varname, "tlsdisablev11")) {
+               ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DISABLE_TLSV11);
+       } else if (!strcasecmp(varname, "tlsdisablev12")) {
+               ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DISABLE_TLSV12);
        } else {
                return -1;
        }