Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HEADS UP: OpenSSL 3.0.x deprecates a lot of old/weak algorithms and may require manual changes

    Plus 23.09 Development Snapshots (Retired)
    1
    1
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      tl;dr summary: OpenSSL 3.0.x dropped support for SHA1 certs and lots of other weak encryption and digest algorithms. However, if you have followed any kind of secure best practice recommendations from the last several years you may not be affected. If you fix the problems before upgrading, you'll have a better experience.

      There is a lot more detail in the draft release notes for 23.09:

      https://docs.netgate.com/pfsense/en/latest/releases/23-09.html#openssl-3-0-x-upgrade-warnings

      What it boils down to is:

      • Snapshot builds are coming soon and they include OpenSSL 3.0.x

      • If you have any CA or certificate entries that used SHA1, they will no longer work in many places (GUI, Captive Portal, OpenVPN, probably several packages)

        • The GUI has defaulted to SHA256 for several years for manual and automatically generated certificates. Though users could opt to use SHA1 manually, the GUI has warned against using SHA1 for some time as it has been considered weak for years.
        • Using the renewal mechanism you can choose to enforce strict security parameters which will renew the certificate with SHA256 and so on. Alternately, create new entries manually. Note that there is a problem on 23.05.1 and before where some SHA1 certs don't trigger this detection when renewing with strict security, so manual replacement may be necessary.
        • Peers using SHA1 certificates also need to be updated as they will not be able to connect to a server using OpenSSL 3.0.x.
        • For very rare cases that required SHA1 certificates and could not use anything newer, such as ancient Snom/Yealink VPN-enabled firmware, these will break and there is no way to allow them to function. Reach out to the client OEM for an updated firmware with an OpenVPN client that doesn't have such weaknesses, if one exists.

      • Several OpenVPN encryption and digest algorithms have been removed as they are deprecated in OpenSSL 3.0.x. This includes Blowfish (BF-CBC) which was for many years the default OpenVPN cipher that it used when no other cipher was specified. A full list of affected algorithms is in the release notes link above.

        • Servers and clients using these algorithms should be adjusted now to avoid disruptions.

      There is upgrade code in place which attempts to accommodate some, but not all of these changes. Notably, during the upgrade process:

      • Weak GUI certs are replaced with a new secure default GUI certificate
      • Weak Captive Portal zone certificates (for HTTPS login support) are also replaced with a new secure default certificate
      • OpenVPN instances using a weak certificate are disabled on upgrade as there is no generally applicable method to replace those certificates in a way that is reliable enough to automate.
      • OpenVPN instances will have any usage of deprecated algorithms removed and replaced with secure defaults. While this is not ideal, it's better than disabling them in this case. This also allows a tunnel to reconnect successfully if both endpoints are upgraded in the same manner.

      Ultimately the best practice here is to check for, plan, and fix any of these cases before upgrading to make sure the transition is smooth. You don't want to upgrade and suddenly discover you need to immediately reissue a large number of VPN client certificates on short notice.

      There are some areas which are unaffected, such as the GUI certificate manager, IPsec, and Unbound which can continue using SHA1 certificates for the time being as they are implemented in other ways. The best practice is still to fix these if they are affected, but it's not as urgent as with the areas noted above.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 9
      • jimpJ jimp pinned this topic on
      • jimpJ jimp referenced this topic on
      • J jrey referenced this topic on
      • First post
        Last post