mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-11 05:54:39 +00:00
1d6338ea96
DHE ciphers do not present a security risk if the key is big enough but they are slow and mostly obsoleted by ECDHE. This patch removes any default DH parameters. This will effectively disable all DHE ciphers unless a global ssl-dh-param-file is defined, or tune.ssl.default-dh-param is set, or a frontend has DH parameters included in its PEM certificate. In this latter case, only the frontends that have DH parameters will have DHE ciphers enabled. Adding explicitely a DHE ciphers in a "bind" line will not be enough to actually enable DHE. We would still need to know which DH parameters to use so one of the three conditions described above must be met. This request was described in GitHub issue #1604.
234 lines
7.8 KiB
Plaintext
234 lines
7.8 KiB
Plaintext
#REGTEST_TYPE=devel
|
|
|
|
# This reg-tests checks that the DH-related mechanisms works properly.
|
|
# When no DH is specified, either directly in the server's PEM or through a
|
|
# ssl-dh-param-file global option, and no tune.ssl.default-dh-param is defined,
|
|
# DHE ciphers are disabled.
|
|
# If a default-dh-param is defined, we will use DH parameters of the same size
|
|
# as the server's RSA or DSA key, or default-dh-param if it is smaller.
|
|
# This test has three distinct HAProxy instances, one with no DH-related option
|
|
# used, one with the tune.ssl.default-dh-param global parameter set, and one
|
|
# with an ssl-dh-param-file global option.
|
|
# We use "openssl s_client" calls in order to check the size of the "Server
|
|
# Temp Key" (which will be the same as the DH parameters in case a DHE cipher
|
|
# is used).
|
|
#
|
|
# The main goal of this test was to check that the newly added OpenSSLv3
|
|
# specific DH code worked as before, since it needed to be created in order to
|
|
# stop using deprecated APIs.
|
|
|
|
varnishtest "Test the DH related SSL options"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
|
|
feature cmd "command -v openssl && command -v grep && command -v socat"
|
|
feature ignore_unknown_macro
|
|
|
|
server s1 -repeat 8 {
|
|
rxreq
|
|
txresp
|
|
} -start
|
|
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
stats socket "${tmpdir}/h1/stats" level admin
|
|
|
|
defaults
|
|
mode http
|
|
option httpslog
|
|
log stderr local0 debug err
|
|
option logasap
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
retries 0
|
|
|
|
frontend clear-fe
|
|
bind "fd@${clearlst}"
|
|
use_backend gen_cert_be if { path /gencert }
|
|
default_backend dflt_be
|
|
|
|
backend dflt_be
|
|
server s1 "${tmpdir}/ssl_dflt.sock" ssl verify none ssl-max-ver TLSv1.2
|
|
|
|
backend gen_cert_be
|
|
server s1 "${tmpdir}/ssl_dflt_gencert.sock" ssl verify none ssl-max-ver TLSv1.2
|
|
|
|
listen ssl-dflt-lst
|
|
bind "${tmpdir}/ssl_dflt.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
|
|
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
|
|
server s1 ${s1_addr}:${s1_port}
|
|
|
|
listen ssl-dflt-gencert-lst
|
|
bind "${tmpdir}/ssl_dflt_gencert.sock" ssl generate-certificates crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt ca-sign-file ${testdir}/generate_certificates/gen_cert_ca.pem verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
|
|
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
|
|
server s1 ${s1_addr}:${s1_port}
|
|
} -start
|
|
|
|
haproxy h2 -conf {
|
|
global
|
|
stats socket "${tmpdir}/h2/stats" level admin
|
|
|
|
global
|
|
tune.ssl.default-dh-param 4096
|
|
|
|
defaults
|
|
mode http
|
|
option httpslog
|
|
log stderr local0 debug err
|
|
option logasap
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
retries 0
|
|
|
|
listen clear-lst
|
|
bind "fd@${clearlst_dfltdh}"
|
|
server s1 "${tmpdir}/ssl_dfltdh.sock" ssl verify none ssl-max-ver TLSv1.2
|
|
|
|
listen ssl-4096dh-dflt-lst
|
|
bind "${tmpdir}/ssl_dfltdh.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
|
|
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
|
|
server s1 ${s1_addr}:${s1_port}
|
|
} -start
|
|
|
|
haproxy h3 -conf {
|
|
global
|
|
stats socket "${tmpdir}/h3/stats" level admin
|
|
|
|
global
|
|
ssl-dh-param-file ${testdir}/common.4096.dh
|
|
|
|
defaults
|
|
mode http
|
|
option httpslog
|
|
log stderr local0 debug err
|
|
option logasap
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
retries 0
|
|
|
|
listen clear-lst
|
|
bind "fd@${clearlst_dhfile}"
|
|
server s1 "${tmpdir}/ssl_dhfile.sock" ssl verify none ssl-max-ver TLSv1.2
|
|
|
|
listen ssl-dhfile-lst
|
|
bind "${tmpdir}/ssl_dhfile.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
|
|
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
|
|
server s1 ${s1_addr}:${s1_port}
|
|
} -start
|
|
|
|
#
|
|
# Check that all the SSL backend <-> SSL frontend connections work
|
|
#
|
|
client c1 -connect ${h1_clearlst_sock} {
|
|
txreq
|
|
rxresp
|
|
# No DH parameters are defined, DHE ciphers are unavailable
|
|
expect resp.status == 503
|
|
} -run
|
|
|
|
client c2 -connect ${h2_clearlst_dfltdh_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
|
|
} -run
|
|
|
|
client c3 -connect ${h3_clearlst_dhfile_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
|
|
} -run
|
|
|
|
client c4 -connect ${h1_clearlst_sock} {
|
|
txreq -url "/gencert"
|
|
rxresp
|
|
# No DH parameters are defined, DHE ciphers are unavailable
|
|
expect resp.status == 503
|
|
} -run
|
|
|
|
|
|
# On the second HAProxy instance, even if default-dh-param is set to 4096, this
|
|
# value is only considered as a maximum DH key length and we will always try to
|
|
# match the server's certificate key length in our DHE key exchange (2048 bits
|
|
# in the case of common.pem).
|
|
shell {
|
|
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dfltdh.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 2048 bits"
|
|
}
|
|
|
|
shell {
|
|
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dhfile.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
|
|
}
|
|
|
|
|
|
#
|
|
# Add a custom DH to the server's PEM certificate
|
|
#
|
|
shell {
|
|
printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/common.pem)\n$(cat ${testdir}/common.4096.dh)\n\n" | socat "${tmpdir}/h1/stats" -
|
|
echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h1/stats" -
|
|
|
|
printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/common.pem)\n$(cat ${testdir}/common.4096.dh)\n\n" | socat "${tmpdir}/h2/stats" -
|
|
echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h2/stats" -
|
|
|
|
printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/common.pem)\n$(cat ${testdir}/common.4096.dh)\n\n" | socat "${tmpdir}/h3/stats" -
|
|
echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h3/stats" -
|
|
}
|
|
|
|
|
|
#
|
|
# Check that all the SSL backend <-> SSL frontend connections still work
|
|
# Common.pem now contains DH parameters so the first instance's frontends
|
|
# can now use DHE ciphers.
|
|
#
|
|
client c5 -connect ${h1_clearlst_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
|
|
} -run
|
|
|
|
client c6 -connect ${h2_clearlst_dfltdh_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
|
|
} -run
|
|
|
|
client c7 -connect ${h3_clearlst_dhfile_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
|
|
} -run
|
|
|
|
client c8 -connect ${h1_clearlst_sock} {
|
|
txreq -url "/gencert"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
|
|
} -run
|
|
|
|
|
|
|
|
#
|
|
# Check the new size of the DH key
|
|
#
|
|
shell {
|
|
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dflt.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
|
|
}
|
|
|
|
shell {
|
|
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dfltdh.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
|
|
}
|
|
|
|
shell {
|
|
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dhfile.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
|
|
}
|
|
|
|
shell {
|
|
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dflt_gencert.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
|
|
}
|