Respect system wide minimum TLS version

[ekohl]

It is possible to have a system wide crypto policy for OpenSSL, and Red Hat based distros (Fedora, RHEL & friends) do this out of the box. As far as I can see, the way this is done is in /etc/pki/tls/openssl.cnf:

# Load default TLS policy configuration

openssl_conf = default_modules

[ default_modules ]

ssl_conf = ssl_module

[ ssl_module ]

system_default = crypto_policy

[ crypto_policy ]

.include /etc/crypto-policies/back-ends/opensslcnf.config

Then in /etc/crypto-policies/back-ends/opensslcnf.config there is:

CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1

Note how there's a TLS.MinProtocol. This is not respected by Ruby, and I think it's because of this bit:

openssl/lib/openssl/ssl.rb

Line 25 in 1fa9fc5

:min_version => OpenSSL::SSL::TLS1_VERSION,

It doesn't appear to be possible to set this to nil and I don't see any constant that tells it to use the system default.

When I comment the line out, it does respect the system wide default. This appears to be done for ciphers already.

[ekohl]

And Debian (checked on Debian Bullseye (11)) has:

openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

[rhenium]

OpenSSL::SSL::SSLContext#set_params overrides the minimum protocol version based on the discussion in https://bugs.ruby-lang.org/issues/9424. In short, the latest OpenSSL version at that time (1.0.1) still allowed SSL 3.0 and SSL 2.0 by default, and we wanted to disable them.

PR #710 seems reasonable to me.

[junaruga]

@rhenium Can we backport this issue's fix: ae215a4 (#710) into maint-3.2 and maint-3.1 branches that are in the normal maintenance status? Then I can see this fix in the future versions of the Ruby 3.3.z and 3.2.z.

[rhenium]

I saw this (and the SSL options counterpart #767) as an enhancement rather than a bug fix. I'm not sure if we want to have this kind of changes in a patch release.

[junaruga]

I saw this (and the SSL options counterpart #767) as an enhancement rather than a bug fix. I'm not sure if we want to have this kind of changes in a patch release.

All right. I was thinking that not respecting the system-wide OpenSSL configuration file was a bug. But if you think these (#710 and #767) are an enhancement rather than a bug fix, and it is not the case of the normal maintenance in our maintenance policy table, that's okay. I was asking you to backport the commit in the context of downstream Ruby 3.3 RPM in Fedora Linux version 41 and 40. And I can just keep the patch (#710) in the Ruby 3.3 RPMs.