TLS

From Wzdftpd

Contents 1 What is TLS or SSL ? 2 SSL/TLS Support in wzdftpd 3 Problems 4 SSL/TLS Documentation

What is TLS or SSL ?

SSL (Secure Sockets Layer) provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; mutual authentication requires public key infrastructure (or PKI) deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery.

During the establishment of a connection, client and server exchange certificates (depending on the selected public key cipher). These certificates are currently X.509, but there's also a draft specifying the use of OpenPGP based certificates.

TLS (Transport Layer Security) is the successor of SSL. TLS has a variety of security measures in addition to SSL:

• Numbering all the records and using the sequence number in the MACs (Message Authentication Codes).
• Using a message digest enhanced with a key (so only with the key can you check the MAC). This is specified in RFC 2104).
• Protection against several known attacks (including man in the middle attacks), like those involving a downgrade of the protocol to previous (less secure) versions, or weaker cipher suites.
• The message that ends the handshake ("Finished") sends a hash of all the exchanged data seen by both parties.
• The pseudo random function splits the input data in 2 halves and processes them with different hashing algorithms (MD5 and SHA), then XORs them together. This way it protects itself in the event that one of these algorithms is found vulnerable.

SSL/TLS Support in wzdftpd

wzdftpd supports both SSL and TLS (TLS is preferred when both are available). This support can be implemented using two libraries: OpenSSL or GnuTLS.

• OpenSSL is the historic reference implementation, but suffers problems with its license, and with its code (people who tried to look at the sources still have headaches). It works on several platforms is very fast, and provides additional routines for cryptography, compression etc.
• GnuTLS is a project that aims to develop a library which provides a TLS implementation under the Lesser General Public License (LGPL). It works well, is GPL compatible, but sometimes suffers from compatibility problems when the server uses OpenSSL.

GnuTLS is preferred over OpenSSL if detected, unless --disable-gnutls flag is given to the configure script.

Two modes are currently available:

• Explicit: server listens normally (in clear mode), and a client can start a TLS negotiation using the AUTH TLS or AUTH SSL command. This mode is compatible with clients not supporting SSL/TLS (since they can still connect in clear mode). The beginning of a connection (welcome message) is done using cleartext commands.
• Implicit (also known as ftps): server listens only in secure mode (the negotiation is done before sending any command). Many clients do not support this mode.

Problems

Using SSL/TLS can cause problems if you are not careful:

• Firewalls do NOT understand SSL/TLS. When a connexion is encrypted, it appears to be binary data to a firewall. Yet, a firewall needs to decode the protocol to detect the PORT or PASV commands, in order to dynamically open the ports. When using encryption, ports will never be opened (since the firewall can't understand encrypted datas), so you will have to use the passive mode (or normal), depending on the direction of the connection:
  • If the server is behind a firewall and the connection is encrypted, the client can't connect. Thus you must use non-passive mode (PORT) so the server opens data connections
  • If the client is behind a firewall and the connection is encrypted, the PORT command won't work, and you must use passive mode (PASV)
  • If both are behind a firewall and the connection is encrypted, then you can't open data connections directly. The only available workaround is to configure the server to use a specified port range, and to allow connections on this range to the server on the firewall, and use the passive mode.
  • note: in any case, if the connection is not encrypted, most firewalls will decode the protocol and open ports dynamically, so you won't need any workaround.
• Site to Site transfers (FXP) can cause many problems:
  • if one of the servers asks for a client certificate, it cannot be provided by the other. The connexion will fail
  • if using self-signed authorities, the CA will probably not be known to both sides, resuting in problems if the servers check certificates
  • if one (or both) server is behind a firewall, the previously mentioned problems are likely to happen.

Some of these problems (for FXP) will probably be resolved in a future RFC.

SSL/TLS Documentation

• Self Signed Certificates - how to create testing certificates.

• Certificate Authority (CA) - how to setup and manage a small local CA.

Several important parts from these documents were taken from Jeremy Mates’s Domain. This is an excellent site ! I mainly changed some comments and added sections for GnuTLS.