Contributed by pitrh on from the puffy hugged a dropbear dept.
So, I wasn't going to do this one, but I had enough fun sitting next to jsing@ in Toulouse in November working on LibreSSL, I did a bunch of stuff this time:
- I went through LibreSSL and attacked all the constant time functions in the bignum library, and changed these functions as used internally to always use the safe constant time mode of operation, to somewhat mitigate timing attacks.
- jsing@ and I bumped the LibreSSL majors and started moving a lot of the bits out of the SSL/TLS structures into private locations, removing publicly accessible API that is not used (or should not be used unless you are a crack addled rhesus monkey) We are still dealing with the ports fallout (ensuring that most ports still build) and we have had to move a few things back that we got too aggressive with, but largely this has been a success and will let us move forward at unifying more of the libssl code to make our lives easier going forward (I'll let jsing@ talk about that.)
- I did a bunch of fixes to ftp, as well as the ftp cgi's on www.openbsd.org used by the installer to support TLS in the installer and new awesomeness to be done by rpe@.
- I wrote and committed ocspcheck(8) so we have a command in base to use for OCSP stapling on servers, replacing the need to use a lot of nasty "openssl x509' and 'openssl ocsp' to accomplish the same thing.
Thanks very much to dlg@ jono, and the University of Queensland for hosting! it was very productive
Thanks for the report, Bob! Judging from recent commits, other devs will be queueing up with interesting reports over the next few days too, and we're looking forward to hearing from them all.
(Comments are closed)
By Etienne (2400:cb00:25:10e::1) on
While ocspcheck could possibly be used in scripts to query responders for server certificates seen on client connections, this is almost always a bad idea. God kills a kitten every time you make an OCSP query from the client side of a TLS connection.
I'm really unsure what the problem is with that. It seems to me that it's exactly what OCSP was meant for? Can anyone explain?
Comments
By Chas (142.79.57.1) on
As I prefer to use stunnel for most TLS (which doesn't yet support OCSP stapling), it's certainly a price that I'm willing to pay. Privilege separation in a chroot is simply a better policy.
The cost is added OCSP/CRL hassle between the clients and the CA, but I generally don't admin those, so it's not a high priority for me.
By nahun (2601:602:9400:e12b:8cc5:fbe3:1844:bef) on
>
> While ocspcheck could possibly be used in scripts to query responders for server certificates seen on client connections, this is almost always a bad idea. God kills a kitten every time you make an OCSP query from the client side of a TLS connection.
>
> I'm really unsure what the problem is with that. It seems to me that it's exactly what OCSP was meant for? Can anyone explain?
I'm pretty sure it means making an OCSP query from the SERVER side for each TLS connection is fine, but not from the client side. Server side seems normal in my experience. I'm not sure how much OCSP is used on clients to confirm server certs, I've only used it in client certificate authentications.
By Philip Guenther (76.253.1.113) on
>
> While ocspcheck could possibly be used in scripts to query responders for server certificates seen on client connections, this is almost always a bad idea. God kills a kitten every time you make an OCSP query from the client side of a TLS connection.
>
> I'm really unsure what the problem is with that. It seems to me that it's exactly what OCSP was meant for? Can anyone explain?
Doing OCSP from the client means you're also dependent on connectivity to the OCSP server, which was quite poor in empirical tests done by Google using backend queries by Chrome.
Instead, the recommended approach is to have the server do the OCSP query and 'staple' the sufficiently fresh response into the TLS handshake to clients after that via a TLS extension sent by the server to the client.
By Chas (142.79.57.1) on
It would be really nice if the portable LibreSSL bundled ftpd. I'm occasionally asked for ftps, and I point out the stern warning from the vsftpd manpage.
There are many who despise the protocol for it's ambiguities who would be displeased by such a move, but a whole ftps stack with OpenBSD code quality would be quite useful in dealing with an OS2200 system that occasionally troubles me.
Comments
By George Koehler (kernigh) on
The base tools in OpenBSD don't do FTP over TLS. The ftpd(8) manual doesn't mention TLS; the ftp(1) client only uses TLS with HTTPS, not FTP.
Comments
By Chas (142.79.57.1) on
I've never tried to use this. I should give it a whirl.
https://www.openbsd.org/papers/libtls-fsec-2015/
Current libtls API users:
ftpd, nc, ntpd, httpd, spamd, syslog in OpenBSD