[squid-users] LEGACY_SERVER_CONNECT, ALLOW_UNSAFE_LEGACY_RENEGOTIATION does not work - SSL bump, OpenSSL 3

Amish anon.amish at gmail.com
Tue Dec 27 15:42:38 UTC 2022 

Hi Alex,

Thank you for putting so much efforts in reply.

Unfortunately, something is still wrong somewhere, as below.

On 26/12/22 21:31, Alex Rousskov wrote:
> On 12/26/22 00:46, Amish wrote:
>
>> I am using squid v5.7 with OpenSSL 3.0.7. (Arch Linux)
>
>> squid.conf:
>>
>> # workaround for legacy / unpatched servers
>> tls_outgoing_options 
>> options=LEGACY_SERVER_CONNECT,ALLOW_UNSAFE_LEGACY_RENEGOTIATION
>
> There are two problems here:
>
> 1. Squid v5.7 hides important configuration errors. That problem was 
> fixed in master/v6 commit 61be1d8, but that fix has not been 
> backported to v5. If it were, you would have seen errors like this:
>
>     ERROR: Unknown TLS option LEGACY_SERVER_CONNECT
>     ERROR: Unknown TLS option ALLOW_UNSAFE_LEGACY_RENEGOTIATION
>
> You can still see those level-1 errors on stderr if you start Squid 
> v5.7 with "-X", but they will be drowned in a sea of debugging 
> records. Save stderr output into a file and search it for ERROR.
>
> I recommend lobbying for making the above configuration errors fatal 
> in Squid v6. I would be happy to post the corresponding code changes 
> if others agree that they should be fatal.


Yes indeed, the ERROR does appear on stderr with -X.

It should definitely be fatal as otherwise someone may lose proper 
security, with wrong OR incomplete OR unimplemented settings thinking 
that, squid did not give error so its working fine.

> 2. As the above errors imply, you are using options that Squid does 
> not understand. Squid cannot pass named options that it does not 
> understand to OpenSSL because Squid does not know their numerical 
> values (OpenSSL API requires a numeric value to enable an option). 
> However, you can use a dangerous workaround: You can specify their raw 
> numeric values (in hex). You may use the table at [1] to get those 
> values[2]:
>
>     tls_outgoing_options options=0x4,0x40000
>
> Disclaimer: I have not tested whether the above configuration matches 
> your intent. I only know that Squid v5 does not generate an ERROR for it.


With numeric hex values, I do not see the ERROR on stderr.

But it still does not seem to be working as expected. Squid still does 
not open the page and gives same legacy negotiation error.

How do I know that SSL_CTX_set_options() is working with above options?

There appears to be nothing in cache.log.

$ grep debug_options squid.conf
debug_options 83,6

$ tail -f /var/log/squid/cache.log |grep -i 'ssl\|tls'
2022/12/27 20:39:04.939 kid1| 83,3| client_side_request.cc(1557) 
sslBumpNeed: sslBump required: peek
2022/12/27 20:39:05.920 kid1| 83,5| 
../../src/security/PeerOptions.h(111) convertContextFromRawPtr: SSL_CTX 
construct, this=0x557039611e60
2022/12/27 20:39:05.920 kid1| 83,5| Session.cc(103) NewSessionObject: 
SSL_new session=0x55703adcfd70
2022/12/27 20:39:05.920 kid1| 83,5| Session.cc(161) CreateSession: link 
FD 12 to TLS session=0x55703adcfd70
2022/12/27 20:39:05.920 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 
remote=127.0.0.1:48458 FD 12 flags=1
2022/12/27 20:39:05.927 kid1| 83,5| Session.cc(103) NewSessionObject: 
SSL_new session=0x557039a59050
2022/12/27 20:39:05.927 kid1| 83,5| Session.cc(161) CreateSession: link 
FD 16 to TLS session=0x557039a59050
2022/12/27 20:39:05.928 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS 
connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 
remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.062 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 
remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.062 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 
remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.063 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x557039a59050 over conn23913 local=[2001:db8::2]:60020 
remote=[2405:200:1601:c0e1:49:40:8:183]:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.063 kid1| 83,2| PeerConnector.cc(256) 
handleNegotiationResult: ERROR: failure while establishing TLS 
connection on FD: 160x55703a2d9e40*1
2022/12/27 20:39:06.063 kid1| 83,5| NegotiationHistory.cc(85) 
retrieveNegotiatedInfo: SSL connection info on FD 16 SSL version 
NONE/0.0 negotiated cipher
2022/12/27 20:39:06.063 kid1| 83,5| PeerConnector.cc(540) callBack: TLS 
setup ended for
2022/12/27 20:39:06.069 kid1| 83,5| Session.cc(103) NewSessionObject: 
SSL_new session=0x557039779b10
2022/12/27 20:39:06.069 kid1| 83,5| Session.cc(161) CreateSession: link 
FD 16 to TLS session=0x557039779b10
2022/12/27 20:39:06.070 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS 
connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 
remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.191 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 
remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.192 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 
remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.193 kid1| 83,5| Io.cc(91) Handshake: -1/0 for TLS 
connection 0x557039779b10 over conn23916 local=192.168.0.2:54084 
remote=49.40.8.180:443 HIER_DIRECT FD 16 flags=1
2022/12/27 20:39:06.193 kid1| 83,2| PeerConnector.cc(256) 
handleNegotiationResult: ERROR: failure while establishing TLS 
connection on FD: 160x55703a2d9e40*1
2022/12/27 20:39:06.193 kid1| 83,5| NegotiationHistory.cc(85) 
retrieveNegotiatedInfo: SSL connection info on FD 16 SSL version 
NONE/0.0 negotiated cipher
2022/12/27 20:39:06.193 kid1| 83,5| PeerConnector.cc(540) callBack: TLS 
setup ended for
2022/12/27 20:39:06.193 kid1| 83,5| Session.cc(100) operator(): SSL_free 
session=0x557039779b10
2022/12/27 20:39:06.236 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS 
connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 
remote=127.0.0.1:48458 FD 12 flags=1
2022/12/27 20:39:06.247 kid1| 83,5| Io.cc(91) Handshake: -1/11 for TLS 
connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 
remote=127.0.0.1:48458 FD 12 flags=1
2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(292) store_session_cb: 
Request to store SSL_SESSION
2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(314) store_session_cb: 
wrote an SSL_SESSION entry of size 129 at pos 129
2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(292) store_session_cb: 
Request to store SSL_SESSION
2022/12/27 20:39:06.254 kid1| 83,5| Session.cc(314) store_session_cb: 
wrote an SSL_SESSION entry of size 128 at pos 80
2022/12/27 20:39:06.255 kid1| 83,5| Io.cc(91) Handshake: 1/0 for TLS 
connection 0x55703adcfd70 over conn23909 local=127.0.0.1:8080 
remote=127.0.0.1:48458 FD 12 flags=1
-----BEGIN SSL SESSION PARAMETERS-----
-----END SSL SESSION PARAMETERS-----
2022/12/27 20:39:06.255 kid1| 83,2| client_side.cc(2460) 
clientNegotiateSSL: New session 0x55703abd32f0 on FD 12 (127.0.0.1:48458)
2022/12/27 20:39:06.255 kid1| 83,5| NegotiationHistory.cc(85) 
retrieveNegotiatedInfo: SSL connection info on FD 12 SSL version TLS/1.3 
negotiated cipher TLS_AES_256_GCM_SHA384
2022/12/27 20:39:06.255 kid1| 83,5| client_side.cc(2483) 
clientNegotiateSSL: FD 12 has no client certificate.
2022/12/27 20:39:06.255 kid1| 83,3| Session.cc(36) tls_read_method: 
started for session=0x55703adcfd70
2022/12/27 20:39:06.256 kid1| 83,3| Session.cc(73) tls_write_method: 
started for session=0x55703adcfd70
2022/12/27 20:39:06.256 kid1| 83,3| Session.cc(73) tls_write_method: 
started for session=0x55703adcfd70
2022/12/27 20:39:06.257 kid1| 83,5| Session.cc(100) operator(): SSL_free 
session=0x557039a59050
2022/12/27 20:39:06.257 kid1| 83,5| Session.cc(100) operator(): SSL_free 
session=0x55703adcfd70
2022/12/27 20:39:06.257 kid1| 83,5| 
../../src/security/PeerOptions.h(113) operator(): SSL_CTX destruct, 
this=0x557039611e60


Any idea on how do I know if SSL_CTX_set_options() is working with 
legacy negotiations enabled?


> [1] https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags


Above link should be placed in tls_outgoing_options documentation at 
http://www.squid-cache.org/Doc/config/tls_outgoing_options/

Additionally a NOTE should be placed stating that it supports HEX values.

Current documentation gives an impression that I can use all the named 
options supported by OpenSSL. But in reality only selected named options 
are supported.


> [2] The table provides numerical values for OpenSSL v1 options. For 
> OpenSSL v3, the table provides a SSL_OP_BIT(n) formula: 2 to the power 
> of n. For example, SSL_OP_BIT(2) is, in hex notation, 0x4.
>     #define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
>
> HTH,
>
> Alex.
>
>> # other related TLS related settings
>> tls_outgoing_options cafile=/etc/ssl/cert.pem
>>
>> tls_outgoing_options 
>> cipher=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
>>
>> # systemctl reload squid
>>
>> But I am still getting the same error when trying to connect to the 
>> above site via squid proxy. (Works fine without proxy)
>>
>> What am I doing wrong?
>>
>> Tips / help appreciated,
>>
>> Thank you,
>>
>> Amish.

Thank you

Amish.

More information about the squid-users mailing list