rfc:improved-tls-defaults
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:improved-tls-defaults [2014/02/12 16:09] – Update examples rdlowrey | rfc:improved-tls-defaults [2017/09/22 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Improved TLS Defaults ====== | ====== Improved TLS Defaults ====== | ||
- | * Version: 0.10 | + | * Version: 0.11 |
* Date: 2014-01-28 | * Date: 2014-01-28 | ||
* Author: Daniel Lowrey, rdlowrey@php.net | * Author: Daniel Lowrey, rdlowrey@php.net | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
- | * Minor Revision (v0.1 → v0.2): 2014-01-28 | ||
- | * Major Revision (v0.2 → v0.3): 2014-01-29 | ||
- | * Minor Revision (v0.3 → v0.4): 2014-01-30 | ||
- | * Minor Revision (v0.4 → v0.5): 2014-01-30 | ||
- | * Major Revision (v0.5 → v0.6): 2014-02-01 | ||
- | * Minor Revision (v0.6 → v0.7): 2014-02-02 | ||
- | * Minor Revision (v0.7 → v0.8): 2014-02-03 | ||
- | * Minor Revision (v0.8 → v0.9): 2014-02-06 | ||
- | * Minor Revision (v0.9 → v0.10): 2014-02-11 | ||
===== Introduction ===== | ===== Introduction ===== | ||
Line 45: | Line 36: | ||
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
- | * [[https:// | + | * [[https:// |
* [[https:// | * [[https:// | ||
- | * [[https:// | + | * [[https:// |
===== Default Ciphers ===== | ===== Default Ciphers ===== | ||
Line 75: | Line 66: | ||
'' | '' | ||
- | * Anonymous Diffie-Hellman ciphers disallowed as per [[http://www.ietf.org/rfc/rfc2246.txt|RFC2246 Section A.5]] | + | * Anonymous Diffie-Hellman ciphers disallowed as per [[http://tools.ietf.org/html/rfc2246#appendix-A.5|RFC2246 Section A.5]] |
'' | '' | ||
Line 193: | Line 184: | ||
Users may wish to access information regarding the negotiated protocol and/or cipher for a given | Users may wish to access information regarding the negotiated protocol and/or cipher for a given | ||
encrypted session. The '' | encrypted session. The '' | ||
- | conflicts with other wrappers | + | conflicts with other wrappers. The context option approach also remains consistent with the existing |
- | also remains consistent with the existing '' | + | '' |
- | context abstractions. When the new context option is truthy the '' | + | context option is truthy the '' |
- | option is populated with an informational array as shown here: | + | informational array as shown here: |
**Example** | **Example** | ||
Line 224: | Line 215: | ||
</ | </ | ||
- | ===== Forward Secrecy | + | ===== Server |
**Proposal** | **Proposal** | ||
- | Encrypted client streams already support [[http:// | + | Encrypted client streams already |
- | as this functionality is largely implemented server-side. | + | (PFS) as this functionality is largely implemented server-side. |
- | encrypted PHP stream //servers// to also achieve (perfect) forward secrecy when negotiating cipher | + | support for PFS, however, the proposed |
- | suites that utilize ephemeral key agreements. | + | in servers negotiating cipher suites that utilize ephemeral key agreements. |
+ | |||
+ | //NOTE:// Servers deploying certificates capable of PFS aren't required to take any additional action | ||
+ | to achieve forward secrecy. The proposed context options simply allow fine-grained configuration and | ||
+ | broader potential FS support/ | ||
**New Context Options** | **New Context Options** | ||
Line 291: | Line 286: | ||
// to enable crypto in a non-blocking way ... | // to enable crypto in a non-blocking way ... | ||
- | stream_socket_enable_crypto($client, | + | stream_socket_enable_crypto($client, |
?> | ?> | ||
Line 386: | Line 381: | ||
* Internally re-value the existing '' | * Internally re-value the existing '' | ||
- | * Remove the new stream wrappers previously merged for inclusion in 5.6: | + | * New '' |
- | * '' | + | * Repurpose |
- | * '' | + | |
- | * Deprecate the following stream wrappers in PHP 5.6 with removal | + | |
- | * '' | + | |
- | * '' | + | |
- | + | ||
- | **Logic** | + | |
- | + | ||
- | The main reason for reshuffling the stream wrappers is simplicity. Most users are unlikely to know | + | |
- | the difference between the various protocols much less which they should use. It's not difficult to | + | |
- | imagine a scenario in which a user reasons, //"If SSL is safe, SSLv2 and SSLv3 must be REALLY safe. | + | |
- | I should use those."// | + | |
- | despite its standing as the most secure option. | + | |
- | + | ||
- | So the overarching goal in this change is two-fold: | + | |
- | + | ||
- | * Keep users safe by default without preventing them from doing insecure things if they need to do so; | + | |
- | * Eliminate the confusion of having many different wrappers for encrypted streams. By deprecating the superfluous stream wrappers we // | + | |
- | + | ||
- | Note again that the protocol-specific stream wrappers //are not// removed. Their use will trigger an | + | |
- | '' | + | |
- | + | ||
- | Note also that the '' | + | |
- | and TLSv1.2 protocols. Because '' | + | |
- | this wrapper was previously | + | |
- | + | ||
- | **BC Implications of Proposed Stream Wrapper Changes** | + | |
- | + | ||
- | //None.// | + | |
- | + | ||
- | The only implications for existing code are the '' | + | |
- | '' | + | |
- | notices. This notice triggering has nothing to do with the underlying protocols; it only occurs when | + | |
- | using the wrappers made unnecessary by the introduction of protocol flags. Users are encouraged to | + | |
- | specify protocol flags in their stream contexts to avoid these deprecation notices. | + | |
**Existing Constant Re-Valuing** | **Existing Constant Re-Valuing** | ||
Line 438: | Line 399: | ||
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), /* New in 5.6 */ | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT = (1 << 5 | 1), /* New in 5.6 */ | ||
STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), /* Any TLS protocol */ | STREAM_CRYPTO_METHOD_TLS_CLIENT = ((1 << 3) | (1 << 4) | (1 << 5) | 1), /* Any TLS protocol */ | ||
- | STREAM_CRYPTO_CLIENT | + | STREAM_CRYPTO_METHOD_ANY_CLIENT |
STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1), | STREAM_CRYPTO_METHOD_SSLv2_SERVER = (1 << 1), | ||
STREAM_CRYPTO_METHOD_SSLv3_SERVER = (1 << 2), | STREAM_CRYPTO_METHOD_SSLv3_SERVER = (1 << 2), | ||
Line 446: | Line 407: | ||
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5), /* New in 5.6 */ | STREAM_CRYPTO_METHOD_TLSv1_2_SERVER = (1 << 5), /* New in 5.6 */ | ||
STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)) /* Any TLS protocol */ | STREAM_CRYPTO_METHOD_TLS_SERVER = ((1 << 3) | (1 << 4) | (1 << 5)) /* Any TLS protocol */ | ||
- | STREAM_CRYPTO_SERVER | + | STREAM_CRYPTO_METHOD_ANY_SERVER |
} php_stream_xport_crypt_method_t; | } php_stream_xport_crypt_method_t; | ||
</ | </ | ||
Line 456: | Line 417: | ||
legacy naming convention is a source of constant confusion for users not versed in the inner-workings | legacy naming convention is a source of constant confusion for users not versed in the inner-workings | ||
of OpenSSL. Here we use the more natural connotation and translate '' | of OpenSSL. Here we use the more natural connotation and translate '' | ||
- | mean " | + | mean " |
+ | represent //"any protocol we can support."// | ||
**Examples** | **Examples** | ||
Line 532: | Line 494: | ||
]]); | ]]); | ||
$sock = stream_socket_client(' | $sock = stream_socket_client(' | ||
- | |||
- | ?> | ||
- | </ | ||
- | |||
- | There is no need to use the deprecated wrappers as the '' | ||
- | the best available protocol. However, for the sake of completeness, | ||
- | works: | ||
- | |||
- | <code php> | ||
- | <?php | ||
- | |||
- | $sock = stream_socket_client(' | ||
?> | ?> | ||
Line 561: | Line 511: | ||
Encrypt an existing stream choosing from any protocol we can possibly support using the new catch-all | Encrypt an existing stream choosing from any protocol we can possibly support using the new catch-all | ||
- | '' | + | '' |
<code php> | <code php> | ||
Line 568: | Line 518: | ||
$sock = stream_socket_client(' | $sock = stream_socket_client(' | ||
var_dump($sock); | var_dump($sock); | ||
- | var_dump(stream_socket_enable_crypto($sock, | + | var_dump(stream_socket_enable_crypto($sock, |
?> | ?> | ||
Line 578: | Line 528: | ||
**Forward Secrecy** | **Forward Secrecy** | ||
- | Encrypted stream servers | + | Encrypted stream servers support |
- | elliptic curve DH. | + | and elliptic curve DH. No additional action is required for servers deploying certificates capable |
+ | of ephemeral key exchange; new context options for fine-grained configuration are available. | ||
**Requirements for a secure client transfer prior to PHP 5.6:** | **Requirements for a secure client transfer prior to PHP 5.6:** | ||
Line 633: | Line 584: | ||
===== Removed Features Originally Planned for 5.6 ===== | ===== Removed Features Originally Planned for 5.6 ===== | ||
- | The following stream | + | Originally this RFC proposed the deprecation and future remove of the protocol-specific |
- | + | This recommendation was removed to retain the ability | |
- | | + | to interface with protocol-specific clients and servers. In particular, the '' |
- | - tlsv1.2 | + | cannot accept a stream context. As a result, removing protocol-specific stream |
- | + | '' | |
- | These wrappers | + | hello methods. |
- | direction chosen in this proposal obviates the need for these wrappers which have never | + | |
- | been part of an official release. Their removal has no BC implications. | + | |
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Most existing code is expected to work without any BC implications. The only source of potential breakage | Most existing code is expected to work without any BC implications. The only source of potential breakage | ||
- | involves the scenario where users connect to servers employing outdated/ | + | involves the scenario where users connect to servers employing |
- | For these users the option always exists to manually override secure defaults with insecure settings | + | technologies. For these users the option always exists to manually override secure defaults with |
- | in the stream context. | + | insecure settings in the stream context. |
===== Proposed PHP Version ===== | ===== Proposed PHP Version ===== | ||
Line 659: | Line 608: | ||
Provides userland access to the default cipher list used for stream encryption. | Provides userland access to the default cipher list used for stream encryption. | ||
- | '' | + | '' |
Crypto method interpreted as "any client crypto method we can possibly support." | Crypto method interpreted as "any client crypto method we can possibly support." | ||
use this method for maximum compatibility with SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 servers. | use this method for maximum compatibility with SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 servers. | ||
- | '' | + | '' |
Crypto method interpreted as "any server crypto method we can possibly support." | Crypto method interpreted as "any server crypto method we can possibly support." | ||
Line 681: | Line 630: | ||
* Should PHP implement the recommendations in this proposal as part of 5.6? | * Should PHP implement the recommendations in this proposal as part of 5.6? | ||
- | ===== Patches and Tests ===== | + | https:// |
- | + | ||
- | The proposed changes and tests are available here: | + | |
- | + | ||
- | https:// | + | |
- | + | ||
- | ===== Implementation ===== | + | |
- | + | ||
- | TBD | + | |
===== Vote ===== | ===== Vote ===== | ||
Line 699: | Line 640: | ||
of the RFC. They are noted here to avoid confusion. | of the RFC. They are noted here to avoid confusion. | ||
- | <doodle title=" | + | <doodle title=" |
* Yes | * Yes | ||
* No | * No | ||
Line 706: | Line 647: | ||
Thanks for your time :) | Thanks for your time :) | ||
- | ===== Rejected Features ===== | ||
- | TBD | ||
+ | == Revisions == | ||
+ | v0.11 Updated constant names, protocol-specific stream wrappers no longer deprecated | ||
- | == Revisions == | + | v0.10 Removed default verify depth setting; tls wrapper no longer deprecated |
- | + | ||
- | v0.10 Removed default verify depth setting; tls:// wrapper no longer deprecated | + | |
v0.9 Added server forward secrecy, updated default cipher list | v0.9 Added server forward secrecy, updated default cipher list |
rfc/improved-tls-defaults.1392221392.txt.gz · Last modified: 2017/09/22 13:28 (external edit)