Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go1.22: Prepare for RSA Key Exchange removal by default #7321

Closed
mcpherrinm opened this issue Feb 12, 2024 · 2 comments
Closed

go1.22: Prepare for RSA Key Exchange removal by default #7321

mcpherrinm opened this issue Feb 12, 2024 · 2 comments
Assignees
@aarongable
Milestone
Sprint 2024-02-13

Comments

@mcpherrinm
Copy link
Contributor

In Go 1.22, the cipher suites using RSA kex are disabled in clients by default.
This may affect outgoing validation requests for TLS-ALPN-01 and HTTP-01 (with https redirects).

We likely want a way to measure how many RSA key exchanges we're doing to decide how long a deprecation period we want.

We can re-enable them in crypto/tls#Config.CipherSuites. If that's not feasible for some reason, we can also use the GODEBUG tlsrsakex=1 variable, though it would be better to have that in Boulder's own code I think.
@aarongable aarongable mentioned this issue Feb 12, 2024
Merged
@aarongable
Copy link
Contributor

As discussed in standup, better approach than the above:

  1. Do it in logs (e.g. add a "usedRSAKEX" field to va.go's validationRequestEvent)
  2. For http-01, get the tls ConnectionState from the http.Response object, rather than using the verify func

Difficulty: there's no easy way to exfiltrate extra metadata from the individual verify functions up to the top level of the VA where the logEvent lives.

@aarongable aarongable changed the title Prepare for Go 1.22 RSA Key Exchange removal by deafult go1.22: Prepare for RSA Key Exchange removal by default Feb 13, 2024
@aarongable aarongable added this to the Sprint 2024-02-13 milestone Feb 13, 2024
@aarongable aarongable self-assigned this Feb 13, 2024
aarongable added a commit that referenced this issue Feb 14, 2024
@aarongable
VA: Add metrics to measure key exchange cipher suites (#7322)
b483ec2 
Add a new field to the structured JSON object logged by the VA
indicating whether the HTTP-01 or TLS-ALPN-01 requests ended up
negotiating a TLS cipher suite which uses RSA key exchange. This is
useful for measuring how many servers we reach out to are RSA-only, so
we can determine the deprecation timeline for RSA key exchange (which
has been removed from go1.22).

The go TLS library always prefers ECDHE key exchange over RSA, so we
should only be negotiating RSA key exchange if the server we're reaching
out to doesn't support ECDHE at all.

Part of #7321
maksimsavrilov pushed a commit to plesk/boulder that referenced this issue Feb 14, 2024
@aarongable
VA: Add metrics to measure key exchange cipher suites (letsencrypt#7322)
a448b1f 
Add a new field to the structured JSON object logged by the VA
indicating whether the HTTP-01 or TLS-ALPN-01 requests ended up
negotiating a TLS cipher suite which uses RSA key exchange. This is
useful for measuring how many servers we reach out to are RSA-only, so
we can determine the deprecation timeline for RSA key exchange (which
has been removed from go1.22).

The go TLS library always prefers ECDHE key exchange over RSA, so we
should only be negotiating RSA key exchange if the server we're reaching
out to doesn't support ECDHE at all.

Part of letsencrypt#7321
pgporada pushed a commit that referenced this issue Feb 16, 2024
@aarongable @pgporada
VA: Add metrics to measure key exchange cipher suites (#7322)
e31ab9e 
Add a new field to the structured JSON object logged by the VA
indicating whether the HTTP-01 or TLS-ALPN-01 requests ended up
negotiating a TLS cipher suite which uses RSA key exchange. This is
useful for measuring how many servers we reach out to are RSA-only, so
we can determine the deprecation timeline for RSA key exchange (which
has been removed from go1.22).

The go TLS library always prefers ECDHE key exchange over RSA, so we
should only be negotiating RSA key exchange if the server we're reaching
out to doesn't support ECDHE at all.

Part of #7321
@aarongable
Copy link
Contributor

This work is complete and we have the relevant (moderate in absolute terms, minuscule in relative terms) numbers. The plan from here is to set the tlsrsakex=1 env var, upgrade to go1.22.1, announce the deprecation of RSA KEX, wait a few weeks, and then remove the env var.

@aarongable aarongable mentioned this issue Jul 24, 2024
Merged
beautifulentropy pushed a commit that referenced this issue Jul 26, 2024
@aarongable
Remove RSA KEX tracking from validation (#7629)
a21c417 
We used this data to inform our decision making, and have now fully
turned off support for RSA KEX during validation. This log event field
will now never be set, so it can be removed.

Part of #7321
Fixes #7628
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aarongable aarongable

Labels
None yet
Projects
None yet
Milestone
Sprint 2024-02-13
Development

No branches or pull requests
2 participants
@mcpherrinm @aarongable