Opened 17 years ago

Last modified 11 years ago

#141 closed defect

use better SSL certificates — at Version 3

Reported by: Brian Warner Owned by: Brian Warner
Priority: major Milestone: 0.8.0
Component: unknown Version: 0.4.1
Keywords: security Cc: davidsarah

Description (last modified by Brian Warner)

I was disappointed to see that a default foolscap certificate is using MD5 and RSA with 1024-bit pubkey keys, both of which are definitely behind the curve as far as modern crypto practices go. (several collisions have already been found for MD5, although what Foolscap really cares about are preimage attacks, and as far as I've heard nobody's found one of those yet): 

% python
>>> import foolscap
>>> foolscap.Tub(certFile="foo.pem")
<Tub id=lj37uywdnuoeghujdjnu7l5sxcxmzaoz>
>>> ^D
% openssl x509 -in foo.pem -text
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 132 (0x84)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=newpb_thingy
        Validity
            Not Before: Oct  7 23:02:55 2009 GMT
            Not After : Oct  7 23:02:55 2010 GMT
        Subject: CN=newpb_thingy
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
 ...

I was expecting a modern OpenSSL to choose better defaults (this was tested both on my OS-X 10.6 box and on a recent debian/sid system).

I don't know offhand how to tell python-openssl to use something better.

Change History (3)

comment:1 Changed 14 years ago by zancas

To inspect the contents of a <tub>.pem x.509-ish file one can use: 

openssl asn1parse -in <tub>.pem

Interestingly when I use this tool on a .pem in an incident-gatherer tub I get the following error: 

Error in encoding
17525:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:

However if I make a new file that contains only the section: 

 -----BEGIN CERTIFICATE---- --> -----END CERTIFICATE-----

i.e. excluding the RSA private key, this parser emits no errors.

There's a -i flag that makes the output of asn1parse slightly more readable, and the --strparse <OFFSET> option seems like it might be handy. Of course, see: 

man asn1parse

for details.

comment:2 Changed 13 years ago by davidsarah

Cc: davidsarah added
Owner: set to Brian Warner

Would fix https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1801.

comment:3 Changed 12 years ago by Brian Warner

Description: modified (diff)
Milestone: undecided0.8.0

I just tested this on my modern (OS-X 10.9) system, and my debian/sid box, and both are still getting the same kind of certificate. Time to fix this.

Note: See TracTickets for help on using tickets.