SSL routines::ca md too weak and workaround - ciphers: "DEFAULT:@SECLEVEL=0" isn't working

[kumarrishav]

Version

18

Platform

Darwin 21.6.0 Darwin Kernel Version 21.6.0: Mon Dec 19 20:43:09 PST 2022; root:xnu-8020.240.18~2/RELEASE_ARM64_T6000 arm64

Subsystem

No response

What steps will reproduce the bug?

Run the app (with ca/cert sha1 signed)

How often does it reproduce? Is there a required condition?

Always

What is the expected behavior?

I am looking for workarounds. I expected the workaround to work

What do you see instead?

ciphers: "DEFAULT:@SECLEVEL=0"

isn't working.

Additional information

What are the possible workarounds I have as it will be difficult to update the certs/ca (or will take time given the huge infra) ?

can I build node v18 with openssl 1.x?
or is there any possible workaround?

The same issue in mac or ubuntu 20

[bnoordhuis]

It'd be helpful if you could explain why you're using SHA-1 and why switching to SHA-256 isn't an option for you. The deprecation of SHA-1 for X.509 started almost a decade ago so it's kind of odd to still see it around.

[kumarrishav]

Thanks for your prompt response.

I understand. But given the complex and legacy infrastructure, it will take some time to rotate these certs (most of them are updated with sha256 but there are still a few left with sha1) with an updated one. I have raised the priority for that as well.

Until then, if something can be done to unblock ourselves while testing nodejs v18, that would be great

[bnoordhuis]

Your original description sounds like a duplicate of #36655 but you should be able to work around that with --tls-cipher-list=DEFAULT@SECLEVEL=0 . Building from source against openssl v1.x is also an option.

Having said that... SECLEVEL=0 deliberately weakens the security of TLS. Push hard to get those certs rotated, it's the responsible thing to do.

[kumarrishav]

yes, #36655 was the issue. workaround mentioned in that issue did the job.

Btw, I have some questions for SSL routines::ca md too weak error

1. seems like SSL routines::ca md too weak comes even when there is an issue with cert as well as ca (in this case signed with sha1). in both cases, it throws ca md too weak. Shouldn't it be cert md too weak for the case of cert and ca md too weak in case of ca.
2. I assume this error comes while doing tls connect but only for client-side cert/ca. Does it matter what's the server cert and their sha/md? Will it/client above throw an error if the server cert is signed via sha1?

[kumarrishav]

@bnoordhuis any insights on those two questions would be helpful.

[bnoordhuis]

I'll convert this to a discussion. About that error message: it comes straight from openssl (node doesn't control it, it just passes it on) and yes, you're going to see it with any SHA-1 certificate.

[kumarrishav]

Confusing error message coming from OpenSSL.

Even though the issue is with cert,

it throws

SSL routines::ca md too weak. Shouldn't it throw SSL routines::cert md too weak?

[kumarrishav]

Quick question @bnoordhuis

The signature algorithm used in a certificate can be different from the ciphers used in the TLS connection. Then why changing the ciphers to @SECLEVEL=0 act as a workaround for the signature algorithm? aren't both separate things?

or is it like SECLEVEL=0 is a blanket relaxation for multiple things including signature algorithms and ciphers?

Just trying to get some understanding of the internals.

Thank you.

[bnoordhuis]

or is it like SECLEVEL=0 is a blanket relaxation for multiple things including signature algorithms and ciphers?

Yes. The levels are described here: https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_security_level.html (scroll down a bit, I can't link to specific sections)

[kumarrishav]

Just to confirm again -

It looks for cert as well as ca and not just cert, not to be signed with sha1 (or other unsupported algorithms)

[kumarrishav]

fixed in #50186