[Gluster-devel] Logjam

[Jeff Darcy]

> the logjam attack comes in two part. One is about downgrading
> cipher choice because a TLS setup allows EWPORT ciphers. glusterfs
> can thwart this by setting ssl.cipher-list to something hardened enough
> (ECDH:DH:!TLSv1:!aNULL!eNULL seems nice);

Our default is already based on HIGH, which excludes both *NULL and
EXPORT, so I don't think there's any more to be done here.

> Second part is about using pre-computed DH paramaeters. It can be
> worked around aither by
> - removing DH ciphers, which leads to a lack of diversity we may regret
>   later

We already exclude CBC, because of the POODLE attack, and that leaves us
with 32 ciphers.  Excluding DH as well leaves us with only four.

  AES256-GCM-SHA384
  AES256-SHA256
  AES128-GCM-SHA256
  AES128-SHA256

Really that's only one, with different key lengths.  That is cause for
concern.

> - computing your own DH params using openssl dhparam command. Unfortunately
>   glusterfs cannot use that.
> 
> Adding support for loading a DH parameter file is not very difficult:
>   /* generate: openssl dhparam 2048 > /etc/ssl/dhparam.pem */
>   #define DEFAULT_DHPARAM_PATH     DEFAULT_ETC_SSL "/dhparam.pem"
>   /* default: priv->ssl_dhparam = DEFAULT_DHPARAM_PATH; */
>   /* (...) */
> 
>   DH *dhpatams;
>   BIO *bio;
>   if ((bio = BIO_new_file(priv->ssl_dhparam, "r")) != NULL) {
>     dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
>     SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
>     BIO_free(bio);
>   } else {
>     /* display error */
>   }
> 
> I am a bit too busy on other fronts to submit code, but whoever is
> interested.... Of course there should also be the code for
> setting a transport.socket.ssl-dhparam option so that
> DEFAULT_DHPARAM_PATH does not remain hard-coded.

This doesn't seem particularly hard, or at least it wouldn't be if we
didn't have to account for every RHEL version and associated OpenSSL
version going back ten years.  >:-(  I'll investigate further to see
what's the right thing to do.