neo4j icon indicating copy to clipboard operation
neo4j copied to clipboard

Published 20 hours ago verified publisher icon neo4j

TLS 1.2 on HTTPS killed/not avaiable under certain conditions

Open michael-o opened this issue 2 years ago • 0 comments

When HTTPS is being used with the OpenSSL provider, plus TLS 1.2 and 1.3 is configured with a specific cipher list TLS 1.2 is not available.

Neo4j Version: 4.4.11 Operating System: FreeBSD 12.4-STABLE API: Installed from community bundle

Steps to reproduce

Compiled Netty netty-tcnative-2.0.59.Final-SNAPSHOT-freebsd-x86_64.jar and netty-tcnative-classes-2.0.59.Final-SNAPSHOT.jar myself, added to NEO4J_HOME/lib against OpenSSL 1.1.1s-freebsd.

Configured both Bolt and HTTPS:

dbms.netty.ssl.provider=OPENSSL
# Bolt connector
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=REQUIRED
# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
# Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=/etc/ssl/deblndw011x.ad001.siemens.net
dbms.ssl.policy.bolt.private_key=key.crt
dbms.ssl.policy.bolt.private_key_password=$(/etc/ssl/passphrase.sh deblndw011x.ad001.siemens.net:7687)
dbms.ssl.policy.bolt.public_certificate=cert.crt
dbms.ssl.policy.bolt.tls_versions=TLSv1.2,TLSv1.3
dbms.ssl.policy.bolt.ciphers=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-CCM,ECDHE-ECDSA-ARIA256-GCM-SHA384,ECDHE-ARIA256-GCM-SHA384,DHE-RSA-ARIA256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-CCM,ECDHE-ECDSA-ARIA128-GCM-SHA256,ECDHE-ARIA128-GCM-SHA256,DHE-RSA-ARIA128-GCM-SHA256,AES256-GCM-SHA384,AES256-CCM8,AES256-CCM,ARIA256-GCM-SHA384,AES128-GCM-SHA256,AES128-CCM8,AES128-CCM,ARIA128-GCM-SHA256
dbms.ssl.policy.bolt.client_auth=NONE

# Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=/etc/ssl/deblndw011x.ad001.siemens.net
dbms.ssl.policy.https.private_key=key.crt
dbms.ssl.policy.https.private_key_password=$(/etc/ssl/passphrase.sh deblndw011x.ad001.siemens.net:7473)
dbms.ssl.policy.https.public_certificate=cert.crt
dbms.ssl.policy.https.tls_versions=TLSv1.2,TLSv1.3
dbms.ssl.policy.https.ciphers=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-CCM,ECDHE-ECDSA-ARIA256-GCM-SHA384,ECDHE-ARIA256-GCM-SHA384,DHE-RSA-ARIA256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-CCM,ECDHE-ECDSA-ARIA128-GCM-SHA256,ECDHE-ARIA128-GCM-SHA256,DHE-RSA-ARIA128-GCM-SHA256,AES256-GCM-SHA384,AES256-CCM8,AES256-CCM,ARIA256-GCM-SHA384,AES128-GCM-SHA256,AES128-CCM8,AES128-CCM,ARIA128-GCM-SHA256
dbms.ssl.policy.https.client_auth=NONE

This config is basically identical to what I have with Apache HTTPd and the cipher list has been created with:

# openssl ciphers 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS:!SHA:!SHA256:!SHA384'      
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256

Now scanned both ports with testssl.sh:

$ testssl.sh    deblndw011x.ad001.siemens.net:7473

###########################################################
    testssl.sh       3.0.8 from https://testssl.sh/

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
 on deblndw011x:/usr/local/openssl-unsafe/bin/openssl
 (built: "reproducible build, date unspecified", platform: "BSD-x86_64")


 Start 2023-02-17 18:30:55        -->> 147.54.64.17:7473 (deblndw011x.ad001.siemens.net) <<--

 A record via:           /etc/hosts
 rDNS (147.54.64.17):    deblndw011x.ad001.siemens.net.
 deblndw011x.ad001.siemens.net:7473 appears to support TLS 1.3 ONLY. You better use --openssl=<path_to_openssl_supporting_TLS_1.3>
 Type "yes" to proceed and accept all scan problems --> yes
 Service detected:       Couldn't determine what's running on port 7473, assuming no HTTP service => skipping all HTTP checks


 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered
...
$ testssl.sh deblndw011x.ad001.siemens.net:7687                                                         
###########################################################
    testssl.sh       3.0.8 from https://testssl.sh/

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
 on deblndw011x:/usr/local/openssl-unsafe/bin/openssl
 (built: "reproducible build, date unspecified", platform: "BSD-x86_64")


 Start 2023-02-17 18:31:39        -->> 147.54.64.17:7687 (deblndw011x.ad001.siemens.net) <<--

 A record via:           /etc/hosts
 rDNS (147.54.64.17):    deblndw011x.ad001.siemens.net.
 Service detected:       Couldn't determine what's running on port 7687, assuming no HTTP service => skipping all HTTP checks


 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing cipher categories

 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK)
 Triple DES Ciphers / IDEA                     not offered
 Obsolete CBC ciphers (AES, ARIA etc.)         not offered
 Strong encryption (AEAD ciphers)              offered (OK)
...

As you can see, both ports are identically configured, but for some reason TLS 1.2 is not available on HTTPS port. With s_client:

$ openssl s_client -connect deblndw011x.ad001.siemens.net:7473 -tls1_2
CONNECTED(00000003)
34371129344:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1556:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 232 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1676655197
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
...
$ openssl s_client -connect deblndw011x.ad001.siemens.net:7687 -tls1_2
CONNECTED(00000003)
depth=2 C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZZZZZA1, OU = Siemens Trust Center, CN = Siemens Root CA V3.0 2016
verify return:1
depth=1 C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZZZZZE7, CN = Siemens Issuing CA Intranet Server 2022
verify return:1
depth=0 C = DE, O = Siemens, OU = LDA IT IN, CN = deblndw011x.ad001.siemens.net
verify return:1
---
Certificate chain
 0 s:C = DE, O = Siemens, OU = LDA IT IN, CN = deblndw011x.ad001.siemens.net
   i:C = DE, ST = Bayern, L = Muenchen, O = Siemens, serialNumber = ZZZZZZE7, CN = Siemens Issuing CA Intranet Server 2022
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIvTCCBqWgAwIBAgIUQcCuaVdsRACIbY0cWW1l0O/5p+kwDQYJKoZIhvcNAQEL
BQAwgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCYXllcm4xETAPBgNVBAcMCE11
ZW5jaGVuMRAwDgYDVQQKDAdTaWVtZW5zMREwDwYDVQQFEwhaWlpaWlpFNzEwMC4G
A1UEAwwnU2llbWVucyBJc3N1aW5nIENBIEludHJhbmV0IFNlcnZlciAyMDIyMB4X
DTIzMDEyMzE2MDUwMloXDTI0MDIyODA5MTUxM1owWzELMAkGA1UEBhMCREUxEDAO
BgNVBAoMB1NpZW1lbnMxEjAQBgNVBAsMCUxEQSBJVCBJTjEmMCQGA1UEAwwdZGVi
bG5kdzAxMXguYWQwMDEuc2llbWVucy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCb4KWojzdwQg/ia2lvwaMjC0bA820rlxlSq8bXguXqP2DDVT2c
98OxRTUNo+qOyqs6emu3BOMuL+Rukdrq8xILlqwGhTxCgpAgPIO1kmsjf0eJAAQn
SBqmQ4lk6IpU3leVcEIaFAfXoMk8SGyD0GHajFfiCZVwdufePg3f/wYA1dU1TfbP

michael-o avatar Feb 17 '23 17:02 michael-o