Replacing SECLEVEL with AUTHSECLEVEL and TLSSECLEVEL

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Replacing SECLEVEL with AUTHSECLEVEL and TLSSECLEVEL

Armen Babikyan
Hello,

I was wondering if there was any effort to make progress in separating the SECLEVEL directive into AUTHSECLEVEL and TLSSECLEVEL as described in $openssl/ssl/ssl_cert.c's ssl_verify_cert_chain() function.  I found a post from 2016 on this mailing list about this:

https://mta.openssl.org/pipermail/openssl-users/2016-May/003768.html

I have a use case where I need to enable Mutual TLS authentication for hardware clients that have immutable manufacturer-signed certificates.  Some of those certificates are signed with MD5, but I don't know which ones beforehand, and I'd rather not have SECLEVEL=0 compromise the allowable ciphers in the TLS connection.

[re MD5 insecurity in auth: I already have application-layer authentication (e.g. HTTPS Bearer auth), and I'm not looking to replace that with Mutual TLS - I do need to opportunistically gather other information from the client certs though.]

In the meantime, if my only option is to use SECLEVEL=0, I think I'd need to do some application-layer enforcement of TLS parameters.  I suppose I could enforce ciphers by using SSL_get_cipher_name().  Are there other parameters that you recommend I enforce at the application layer?  Is it possible to reach parity with "SECLEVEL=1" behavior this way?  Are there any other downsides or issues to be aware of with this approach?

Many thanks!

Armen