[THRIFT-3165] Disable unsafe TLSv1.0 and TLSv1.1 by default - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.9.2
Fix Version/s: None
Component/s: C++ - Library
Labels:
- Breaking-Change
- SSL
- SSLSocketFactory
- Security
- TLS

Description

Thrift provides an SSL implementation and implements some best practices (for example, SSLv2 and SSLv3 are disabled). The current mechanism in the C++ library to control the protocol negotiation is unnecessarily complex.

The current behavior is to use an enumeration to set the protocol level. The methods these call are deprecated in OpenSSL 1.1 and do not provide the desired control.

The proposed new behavior is to:

Remove SSLProtocol
Require the consumer to subclass SSLContext and call SSL_CTX_set_option to disable certain behaviors, like negotiation protocol levels.

For example the following SSLContext subclass will allow connections at TLSv1.1 or later, whereas the default will only allow TLSv1.2 or later:

class CustomSSLContext : public SSLContext
{
  public:
    CustomSSLContext() : SSLContext()
    {
        // SSLContext disables SSLv2, SSLv3, TLSv1_0, and TLSv1_1
        SSL_CTX_clear_options(get(), SSL_OP_NO_TLSv1_1);
    }
};

Attachments

Issue Links

breaks

THRIFT-4084 Improve SSL security in thrift by adding a make cross client that checks to make sure SSLv3 protocol cannot be negotiated

Closed

is related to

THRIFT-3164 Thrift C++ library SSL socket by default allows for unsecure SSLv3 negotiation

Closed

links to

GitHub Pull Request #1185

Activity

People

Assignee:: James E. King III

Reporter:: James E. King III

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 19/May/15 18:58

Updated:: 17/Jul/19 09:57