[Spec-pending] TLS 1.0 and 1.1 are disabled by default

NB: this is not fully validated yet

Index FO152
Title TLS 1.0 and 1.1 are disabled by default
Status Pending Review
Authors Adrien Nader
Type Standard
Created 2024-01-12

Abstract

TLS 1.0 and 1.1 have been deprecated in 2021 by RFC 8996. This is about disabling them by default in Ubuntu across the full range of supported software.

Rationale

TLS 1.0 and 1.1 are now deprecated. There are several issues with these TLS versions and TLS 1.2 has been around since 2008. Many standards bodies, governmental agencies and non-governmental entities advise against using these deprecated versions.

Users do not typically change such settings. These versions are also not sensible default settings anymore. They can still be available but there is no point in enabling them by default.

In 2020, Ubuntu started disabling TLS 1.0 and 1.1 by default for these reasons. Coverage was partial however since full coverage is an arduous task.

Specification

A number of related protocols must not be enabled anymore for both server and client roles, unless users take extra steps to re-enable them. While this would ideally apply to every package in main and universe, we can only realistically guarantee this for packages in main.

This specification does not mandate patching out the code for these protocols.

Protocols

For the purpose of this specification, a forbidden protocol is:

  • any SSL version,
  • a TLS version before TLS 1.2 (i.e. TLS 1.0 and 1.1),
  • a DTLS version before DTLS 1.2 (i.e. gnutls’ DTLS “0.9” and standard DTLS 1.0),
  • any protocol based on TLS before TLS version 1.2

Servers

Using its default configuration or when users “enable TLS”, a service must not offer to use a forbidden protocol.

Clients

A client must not use a forbidden protocol without explicit additional user instructions.

Libraries

Since libraries are often where the forbidden protocols are implemented and handled, they should be configured to disable these protocols.

Annexes

Software this is relevant to

The lists below are best-effort because some software or packages have already been modified due to TLS 1.0 and 1.1 being deprecated for almost six years already.

Done

Openssl

Uses SECLEVEL=2 which disables the forbidden protocols (definition of SECLEVELs changes over openssl releases).

Gnutls

Forbids TLS 1.0, TLS 1.1, DTLS 0.9, DTLS 1.0.

In progress

Rabbitmq-server

Still enables TLS 1.0 and 1.1. Change of defaults is being worked on.

Future

No package identified yet.

Others

The list of packages that will have to be changed is not completely known and is probably provably impossible to know statically. It is however certainly very large and creating a full list is equivalent to implementing this specification: creating the list would therefore defeat the purpose of writing specifications before implementations. There are however a number of heuristics.

Software exposing or using TLS often uses openssl, gnutls or other libraries, either completely or partially. Moreover, server software often provides systemd service units. Apparmor profiles can also provide hints at the purpose of some packages based on access to paths such as /etc/ssl.

References

Security agencies and standards organizations

Other entities

Quoting https://en.wikipedia.org/wiki/Transport_Layer_Security :

« Support for TLS versions 1.0 and 1.1 was widely deprecated by web sites around 2020, disabling access to Firefox versions before 24 and Chromium-based browsers before 29.[39][40][41] »

This includes Mozilla, Google, Apple, Microsoft, Twitter, …

Browser support

Quoting https://caniuse.com/?search=tls

  • While supported in older browsers, support for TLS 1.0 & 1.1 was removed in Chrome 84, Edge 84, Firefox 78, & Safari 14.

  • Firefox 78+ displays a full page dismissable warning the first time it connects over TLS 1.1

  • Chrome 85+ displays a full page dismissable warning every time a new site connects over TLS 1.1

NB: 98.45% of browsers support TLS 1.2 and the same share of browsers support TLS 1.1, indicating there is probably a complete overlap between the two, therefore no negative consequence to disabling TLS 1.1 in favor of TLS 1.2

Web server support

https://www.ssllabs.com/ssl-pulse/

99.9% of surveyed web servers support TLS 1.2

Spec History and Changelog

Please be thorough when recording changes and progress with the spec itself and the work resulting from it. Record every meeting, attendees and conclusions from the meeting.

Date Status Author(s) Comment
2024-01-12 Pending Review Adrien Nader