Debian OpenSSL 1.1.1~~pre6-1 defaults to requiring 2048 bit RSA keys

Francois writes on https://bugs.debian.org/907351:

I get the following error in my logs approximately every 2 hours:

Aug 26 05:05:01 hostname Tor![25963]: TLS error while constructing a TLS context: dh key too small (in SSL routines:ssl3_ctx_ctrl:---)

I tried upgrading to the version in experimental and it also has this problem.

[experimental had 0.3.4.6-rc-1 at that time.]

changed milestone to %Tor: 0.3.4.x-final

added 029-backport 032-backport 033-backport 034-backport 034-must 035-must component::core tor/tor debian milestone::Tor: 0.3.4.x-final openssl priority::medium resolution::fixed severity::normal status::closed type::defect version::tor unspecified labels

Trac:
Description: Francois writes on https://bugs.debian.org/907351:

I get the following error in my logs approximately every 2 hours:

Aug 26 05:05:01 hostname Tor[25963]: TLS error while constructing a TLS context: dh key too small (in SSL routines:ssl3_ctx_ctrl:---)

I tried upgrading to the version in experimental and it also has this problem.

[experimental had 0.3.4.6-rc-1 at that time.]

to

Francois writes on https://bugs.debian.org/907351:

I get the following error in my logs approximately every 2 hours:

Aug 26 05:05:01 hostname Tor![25963]: TLS error while constructing a TLS context: dh key too small (in SSL routines:ssl3_ctx_ctrl:---)

I tried upgrading to the version in experimental and it also has this problem.

[experimental had 0.3.4.6-rc-1 at that time.]

Note that the Debian openssl package has the default security level at 2 according to the packaging changelog.

openssl (1.1.1~~pre6-1) experimental; urgency=medium

  * New upstream version
  * Increase default security level from 1 to 2. This moves from the 80 bit
    security level to the 112 bit securit level and will require 2048 bit RSA
    and DHE keys.

[from https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/unstable_changelog]

This appears to be a bug on Tor 0.0.9pre5, but we only backport to supported release series.

The following Tor subsystems use RSA 1024 bit keys:

• relay and bridge legacy onion keys
• authorities and bridge authorities parsing those keys
• v2 onion services

Some helpful people on #tor-dev suggest that we set the security level at runtime: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html

We should fix this in 0.3.4, then backport to 0.2.9 and later.

Trac:
Keywords: N/A deleted, debian, 033-backport, 029-backport, openssl, 034-backport, 032-backport, 035-must, 034-must added
Summary: TLS error while constructing a TLS context: dh key too small (in SSL routines:ssl3_ctx_ctrl:---) to Debian OpenSSL 1.1.1~~pre6-1 requires 2048 bit RSA keys
Milestone: N/A to Tor: 0.3.4.x-final
Version: Tor: 0.3.3.9 to Tor: unspecified

Trac:
Summary: Debian OpenSSL 1.1.1pre6-1 requires 2048 bit RSA keys to Debian OpenSSL 1.1.1pre6-1 defaults to requiring 2048 bit RSA keys

also, fwiw, the original warning is about DH keys. Nothing would break if we switched to using DH2048 groups in the cases where ECDHE isn't working.

Please review branch ticket27344_029 -- the fix here is extremely simple.

PR at https://github.com/torproject/tor/compare/maint-0.2.9...nmathewson:ticket27344_029?expand=1

Trac:
Status: new to needs_review

Code LGTM. Perhaps "these ciphers disabled by default" -> "these ciphers are disabled by default" in the changes file.

Trac:
Status: needs_review to merge_ready

added "are" to changes file; merged to 0.2.9 and forward. Thanks!

Trac:
Status: merge_ready to closed
Resolution: N/A to fixed

closed

mentioned in issue #27971 (moved)

moved to tpo/core/tor#27344 (closed)

mentioned in issue tpo/core/tor#27971