New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: no support for SSLv2 Client Hello #46899
Comments
cc @FiloSottile |
@mrutter-amzn Michael, to be honest, by today SSLv2 and TLS 1.0 are insecure and obsolete protocols. As far as I know as a security engineer, you should upgrade to TLS 1.2. Adding insecure/obsolete protocols to |
Compare #45428. |
@moldabekov - Yes, we totally agree on using TLS 1.2 (and 1.3 for clients that support it). We had to write logic to reject any non-ping requests that negotiate to TLS 1.0. This issue isn't to add the SSLv2 protocol to @tmthrgd - Thanks for pointing to that issue. As long as we can set a |
Hi @mrutter-amzn! I can sympathize with how hard it is to upgrade legacy hardware, so I realize you’re in a tough spot. However, your requirements for this are fundamentally different from the goal of the crypto/tls package: you need compatibility with a rare edge case regardless of its security implications (since you’d be willing to use an unencrypted connection if it was a good health indicator) while the standard library aims to provide a secure, safe, broadly useful, and modern implementation of TLS. Although theoretically possible to implement SSLv2 Client Hellos for TLS 1.2 securely, it’s extra complexity in a critical path, and it’s not useful to the vast majority of our users, so unfortunately I can’t justify the trade-off, sorry! |
Thanks for the consideration. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What did you do?
This issue is to revisit #3930
That issue was closed because there weren't any strong use-cases that were still making use of SSLv2 Client Hello for compatibility: #3930 (comment)
We have a use-case at our company that we are unable to work around without considerable effort. We have a reverse proxy that performs TLS termination that has been deployed for thousands of services in tens of thousands of environments. We have written a new implementation of that proxy in Go.
The majority of those environments are behind hardware load balancers operating in TCP mode. We don't perform TLS termination with those load balancers because they are difficult and slow to update. The load balancers have been configured to use "ssl-ping" for health checks, where the load balancer sends an HTTPS request to
/ping
. We use this instead of "tcp-ping" because that mode only verifies that the load balancer can establish a TCP connection.For health checks the hardware load balancers send an SSLv2 Client Hello to then negotiate up to TLS 1.0 in order to send the HTTPS request to
/ping
. Because crypto/tls does not support the SSLv2 Client Hello, our proxy rejects the request signaling to the load balancer that it is not healthy.Options we see:
What did you expect to see?
Successful TLS 1.0 handshakes from the load balancer using SSLv2 Client Hello for health checks.
What did you see instead?
TLS handshake failures.
The text was updated successfully, but these errors were encountered: