[Box Backup-commit] [boxbackup/boxbackup] b44cc4: Fix Debian bug 907135: weak certificates

Tue May 14 19:32:23 BST 2019

  Branch: refs/heads/fix_debian_907135_ssl_key_size_merge
  Home:   https://github.com/boxbackup/boxbackup
  Commit: b44cc44f788a9efea03efb366eb97489b04a18ad
      https://github.com/boxbackup/boxbackup/commit/b44cc44f788a9efea03efb366eb97489b04a18ad
  Author: Chris Wilson <chris+github at qwirx.com>
  Date:   2019-05-14 (Tue, 14 May 2019)

  Changed paths:
    M bin/bbackupd/bbackupd-config.in
    M bin/bbackupquery/bbackupquery.cpp
    M bin/bbstored/bbstored-certs.in
    M bin/bbstored/bbstored-config.in
    M lib/backupclient/BackupDaemonConfigVerify.cpp
    M lib/bbackupd/BackupDaemon.cpp
    M lib/common/BoxPortsAndFiles.h.in
    M lib/server/ConnectionException.txt
    M lib/server/Daemon.cpp
    M lib/server/Daemon.h
    M lib/server/ServerException.txt
    M lib/server/ServerTLS.h
    M lib/server/SocketStream.cpp
    M lib/server/SocketStream.h
    M lib/server/SocketStreamTLS.cpp
    M lib/server/SocketStreamTLS.h
    M lib/server/TLSContext.cpp
    M lib/server/TLSContext.h
    M test/backupstorefix/testbackupstorefix.cpp
    M test/backupstorefix/testfiles/testbackupstorefix.pl.in
    M test/basicserver/testbasicserver.cpp
    A test/basicserver/testfiles/seclevel2-sha1/bbackupd.conf
    A test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-csr.pem
    A test/basicserver/testfiles/seclevel2-sha1/bbackupd/1234567-key.pem
    A test/basicserver/testfiles/seclevel2-sha1/bbackupd/NotifySysadmin.sh
    A test/basicserver/testfiles/seclevel2-sha1/bbstored.conf
    A test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-csr.pem
    A test/basicserver/testfiles/seclevel2-sha1/bbstored/localhost-key.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootCSR.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/keys/clientRootKey.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootCSR.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/keys/serverRootKey.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/roots/clientCA.srl
    A test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.pem
    A test/basicserver/testfiles/seclevel2-sha1/ca/roots/serverCA.srl
    A test/basicserver/testfiles/seclevel2-sha1/ca/servers/localhost-cert.pem
    A test/basicserver/testfiles/seclevel2-sha1/raidfile.conf
    A test/basicserver/testfiles/seclevel2-sha256/bbackupd.conf
    A test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-csr.pem
    A test/basicserver/testfiles/seclevel2-sha256/bbackupd/1234567-key.pem
    A test/basicserver/testfiles/seclevel2-sha256/bbackupd/NotifySysadmin.sh
    A test/basicserver/testfiles/seclevel2-sha256/bbstored.conf
    A test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-csr.pem
    A test/basicserver/testfiles/seclevel2-sha256/bbstored/localhost-key.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootCSR.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/keys/clientRootKey.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootCSR.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/keys/serverRootKey.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/roots/clientCA.srl
    A test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/roots/serverCA.srl
    A test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert-sha1.pem
    A test/basicserver/testfiles/seclevel2-sha256/ca/servers/localhost-cert.pem
    A test/basicserver/testfiles/seclevel2-sha256/raidfile.conf
    A test/basicserver/testfiles/srv3-insecure-daemon.conf
    A test/basicserver/testfiles/srv3-seclevel2-sha1.conf
    A test/basicserver/testfiles/srv3-seclevel2-sha256.conf
    A test/basicserver/testfiles/srv4-noseclevel.conf
    A test/basicserver/testfiles/srv4-seclevel1.conf
    A test/basicserver/testfiles/srv4-seclevel2-insecure.conf
    A test/basicserver/testfiles/srv4-seclevel2-secure.conf
    R test/basicserver/testfiles/srv4.conf
    M test/bbackupd/testbbackupd.cpp

  Log Message:
  -----------
  Fix Debian bug 907135: weak certificates

Debian Linux have recently upgraded to OpenSSL 1.1.1, which has increased the
default global security level from 1 to 2. Level 2 does not accept certificates
with 1024-bit keys, and certificates signed with the SHA1 algorithm,
considering them to be weak and therefore dangerous. It now requires a minimum
of 2048-bit keys and SHA256 signatures. (At the time of writing, this change is
only in Debian Unstable, but it will eventually make its way into a stable
release.)

This has caused the following issues with Box Backup:

* All existing certificates are signed with the SHA1 algorithm, and can no longer be used (by default); and
* Some tests use 1024-bit certificates which can no longer be used either.

This change implements the workarounds to enable users to continue to use old certificates,
for the time being, with a warning:

* Ensure that new installations are secure (stronger certificates generated and required);
* Ensure that existing installations are not broken, even if they are considered "weak";
* Warn users if their certificates are (or might be) weak;
* Allow them to disable this warning if required (not recommended);
* Provide the option to not override the system-wide security level (which may be higher than 2 in future).

It does this by adding the new SSLSecurityLevel configuration option, fixing
the supplied scripts to generate stronger SSL certificates from now on,
replacing the old certificates used in tests, and adding tests for the issue.
If compiled with OpenSSL 1.0, existing behaviour will not change, and the
security level cannot be raised. The SSLSecurityLevel option is recognised, but
has no effect except to show a warning that it is not supported.

More work could be done on making it easier to regenerate certificates, however
some discussion is needed to come up with a plan that works and helps users.

See https://www.boxbackup.org/wiki/WeakSSLCertificates for more details.