-
Daniel
Zash, what versions of prosody announce muc#stable_id?
-
Zash
Daniel, looks like >= 0.10.1
-
Daniel
ok cool thank. so i should be able to find one in the wild
-
mdosch
!version mdosch.de
-
mdosch
Ha, no HAL.
-
Zash
Should be possible to locate one or two .. :)
-
ralphm
I've been contemplating https://letsencrypt.org/2020/11/06/own-two-feet.html and its impact on the XMPP ecosystem. I haven't yet looked at certificates being used on public servers, but I'd expect a fair number of them using LE. While browsers already (Firefox) or soon (Chrome) ship with their own bundle of root certs, making it viable to keep working on Android < 7.1, this probably doesn't hold for XMPP clients? Thoughts?
-
Zash
I seem to remember that Pidgin ships with its own bundle, so it's certainly possible.
-
Ge0rG
> run a banner asking your Android users on older OSes to install Firefox Look, it's as easy as that!
-
Ge0rG
ralphm: that's an important problem. However, I can imagine that most Android xmpp clients will support something like my https://github.com/ge0rg/MemorizingTrustManager if they predate the wide availability of LE
-
Ge0rG
Because before LE, most small servers were running self signed or otherwise 'untrusted' certificates
-
Zash
Out of 578 s2s connections to this server, 526 seem to use LE
-
Zash
to+from, there'll be some dupes
-
Ge0rG
Zash: aren't you blocking invalid certificates?
-
Zash
Looks like 90-95%✎ -
Zash
Looks like 90-95% Let's Encrypt ✏
-
Zash
Checked prosody.im too
-
Zash
Ge0rG, on my personal server, yes. Awkward for public MUC hosts where you might try to join to get help with your broken TLS settings or code or whatever.
-
Ge0rG
Indeed. I'm also not blocking on yax.im, because who knows all the contacts of my users
-
mdosch
That would be like mod_block_strangers on abuse contact addresses…
-
Link Mauve
I once made the difficult decision to block all unencrypted s2s, which closed about 10% of my total s2s amounts.
-
Link Mauve
That was like two or three years ago.
-
Link Mauve
Blocking insecure certs would be a similarly difficult decision.
-
ralphm
Sure, but in this case, we're not actually talking about insecure certs. Just that clients that use the set of root certs provided by the OS are going to have issues if those don't include the LE root cert. Which, according to this post, is around 33% of Android devices.
-
ralphm
And I'm also not sure that it is a good idea for clients to do have their own, by the way. Deciding what certs are ok and which aren't, is hard. Mozilla has some good documentation on this.
-
Zash
Certpocalypse!
-
emus
Sorry, may one break down the issue to me? I read the article and I understood that old android cannot handle their certs anymore with update, which then will also affect xmpp servers?
-
Zash
Least terrible is probably to pick an existing bundle, e.g. Mozillas.
-
Zash
Possibly a subset of it, if you're daring.
-
ralphm
Conversations has an option to distrust the OS certs, but I'm not sure if the manual approval stuff also works if you have this disabled (the default).
-
ralphm
Zash: well, only if you also correctly interpret the Trust Bits. I.e. their collections has certs to explicitly *not* trust.
-
ralphm
emus: I'm not too worried about the server part, but rather clients not being able to verify the certs the server is offering.
-
ralphm
emus: i.e. if indeed 90+% of servers use Let's Encrypt, with any manual intervention, those will start serving up certificates signed by the new root (indirectly), without cross signing by a root cert that is in the OS trust store on Android devices < 7.1.
-
ralphm
Starting in January
-
Ge0rG
There are also other related problems, like older androids not supporting TLS 1.2 by default
-
ralphm
TLS 1.2 is supported from Android 5 and up, no?
-
Ge0rG
ralphm: supported from 4.1, enabled by default from 5
-
ralphm
According the table in the blog post, there are only 5.9% of devices on Android <5, so I'm a bit less worried about that.
-
Ge0rG
ralphm: how many android xmpp clients are there in the wild?
-
ralphm
No idea, TBH
-
Ge0rG
I only use one, and I know it'll gracefully degrade with certificates not signed by a trusted root. I'm sure there will be more significant actual compatibility problems.
-
ralphm
Ge0rG: I hope you are right
-
Zash
Yeah, with Debian stable shipping with TLS < 1.2 disabled people should have noticed that by now.
-
ralphm
TLS < 1.2 should have been obliterated by now.
-
Ge0rG
Which is one of the reasons I still haven't upgraded my server from oldstable. I have many Russian users on old Android phones
-
mdosch
Do you have stats how many percent use tls < 1.2?
-
ralphm
I hope you understand that leaves them open to an increasing set of vulnerabilities, though.
-
Arne
you should add 1.3 as standard and below as possible Ge0rG
-
Arne
did you✎ -
Arne
did you? ✏
-
Zash
TLS implementations generally pick the highest mutually supported version
-
ralphm
I'm sure that'll go over nicely in Russia :-D
-
Arne
mh maybe it's in postfix or somewhere I set this Zash✎ -
Arne
mh maybe it's in postfix or somewhere I've seen this Zash ✏
-
Arne
but no matter, 1.3 should always be added today
-
Ge0rG
Arne: no, because oldstable doesn't do 1.3
-
Arne
but can't you upgrade and still allow below 1.2?
-
Zash
Yes
-
Ge0rG
I suppose it should be possible to configure to support a superset of the oldstable ciphers
-
Zash
Some lines in a config file to poke
-
mdosch
See prosody@
-
Ge0rG
ralphm: I'm not sure how I'm leaving owners of old phones leaving open to vulnerabilities by not locking them out
-
Arne
in prosody it's an easy setting
-
ralphm
Ge0rG: I understand the dilemma.
-
Arne
like this maybe: https://prosody.im/doc/advanced_ssl_config
-
Zash
Noooooooooooooooo
-
mdosch
But if everything keeps compatibility for ancient and insecure stuff some won't ever update.
-
mdosch
Also I hate to throw away working devices due to missing SW support, too. Such a waste of ressources…
-
mdosch
Zash: This site is legit now. Otherwise it would still be red blinking text on yellow ground. :D
-
Arne
oh wait it's a wrong site?
-
Ge0rG
mdosch: I'm not the patch police
-
Zash
Don't make me bring back Comic Sans
-
mdosch
I understand. But do you want to keep stretch forever until the last russian Android is updated?
- mdosch forgot about comic sans on that site…
-
Ge0rG
At least not in my leasure time 😁😁😁
-
mdosch
Probably some self defense mechanism erased the memory.
-
Ge0rG
Why can you do big red comic sans on the ssl page but not on the IBR page?
-
Ge0rG
But I think I've got most of the accidentally IBR servers down by now. The spam I'm still seeing mostly comes from large public servers
-
emus
> emus: i.e. if indeed 90+% of servers use Let's Encrypt, with any manual intervention, those will start serving up certificates signed by the new root (indirectly), without cross signing by a root cert that is in the OS trust store on Android devices < 7.1. Thanks for clarifying. As I see no other way I can help: Anything you want/should announce through the newsletter?
-
Zash
More acute cases of people shooting their entire security away from following random blogs that used that page as source.
-
Ge0rG
emus: users can't do much, server operators should add that "alternate" flag to their acme client. Client developers should bundle the new root
-
Arne
actually I set it up pretty good this way
-
ralphm
Zash: shouldn't that be incentive to make the page better? What is the default minimal version that ships with Prosody now?
-
Zash
ralphm, you mean replace the whole page with "the defaults are fine, no touchy" ? sure, that'd be an improvement
-
ralphm
Is the default TLS 1.2+ ?
-
Zash
ralphm, still TLS 1.0+, but distros may make that stricter. Likely be changed to 1.0+ in the next major version.
-
mdosch
1.2+ you mean?
-
Zash
Right, yes, 1.2+
-
Ge0rG
There is also a difference between setting up a new server and upgrading an old one. You can get away with strict settings on a new box. People won't be able to register with their old clients.
-
Ge0rG
I can't just lock out my users from one day to the other
-
emus
> emus: users can't do much, server operators should add that "alternate" flag to their acme client. Client developers should bundle the new root But then I guess they may read the newsletter^^
-
emus
But wait - to get it correctly: The problem are actually the user devices, which are more than outdated, right? So the issue is a general one and LE calls server maintainers to ask their users to upgrade (to another closed source device which will be outdated soon)?
-
ralphm
Going forward this is less of a problem. The LE X1 root expires in 2035.
-
ralphm
Also, how open the platform is doesn't say anything about its continued future updates.
-
moparisthebest
> I can't just lock out my users from one day to the other
-
moparisthebest
I mean if all the cellphone providers in the USA can why not you
-
ralphm
Yup, providers are turning off 2G GSM here in Europe, too.
-
moparisthebest
They just announced they are turning off 3g here, in January
-
emus
But wait, but was my statement kinda correct?