start requiring TLS 1.3 support
Background
Any relay without TLS 1.3 is probably using an EOL version of OpenSSL.
1.1.0 support ended upstream in September 2019, one year after 1.1.1 was released. Debian stretch, the last Debian release to package openssl 1.1.0, will hit EOL on 30 June 2022. (The most recent security patch was on 26 Sep 2021 for DLA-2766-1.)
CentOS 7 still ships a very old version of OpenSSL, and is not EOL until 2024, but it also ships much more recent versions of NSS, which unlike OpenSSL 1.0.2, do have TLS 1.3 support.
The one bug that could make TLS 1.3 unuseable, #28973 (closed) (openssl issue 7712), has been fixed since 1.1.1b (Revert "Reduce stack usage in tls13_hkdf_expand"
):
https://github.com/openssl/openssl/commits/OpenSSL_1_1_1b/ssl/tls13_enc.c
What to change
Now that it's 2022, it should be safe not only to do #28977 (closed) but to also:
-
if (!isServer) SSL_set_min_proto_version(result->ssl, TLS1_3_VERSION);
-
delist relays from the consensus if they can't negotiate TLS 1.3,
-
but continue to allow TLS 1.2 connections from older clients for now.
Impact
This change will make TLS 1.2 support optional for clients, so a client like arti can statically link rustls
with the tls12
feature disabled at compile-time, reducing its code footprint.
RPM packages targeting CentOS 7 may have to be configured with --enable-nss
to support TLS 1.3 and operate as a relay.