Skip to content

Remove SSLv3 support #2255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yadij wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Remove SSLv3 support #2255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3b13db0
Remove SSLv3 support
yadij Sep 23, 2025
5234347
Merge branch 'master' into rfc7568-1
yadij Nov 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 28 additions & 1 deletion doc/release-notes/release-8.sgml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ The Squid-@SQUID_RELEASE@ change history can be <url url="https://github.com/squ

<p>The most important of these new features are:
<itemize>
<item>
<item>SSLv3 support removal
</itemize>

<sect1>Helper changes
Expand Down Expand Up @@ -67,6 +67,13 @@ lookups. Requests for that report now result in HTTP 404 errors.

Most user-facing changes are reflected in squid.conf (see below).

<sect1>SSLv3 support removal
<p>Details in <url url="https://tools.ietf.org/html/rfc7568" name="RFC 7568">.

<p>SSLv3 is not fit for purpose. Squid no longer supports being configured with
any settings regarding this protocol. That includes settings manually disabling
its use since it is now forced to disable by default. Also settings enabling
various client/server workarounds specific to SSLv3 are removed.

<sect>Changes to squid.conf since Squid-@SQUID_RELEASE_OLD@
<p>
Expand Down Expand Up @@ -106,6 +113,11 @@ This section gives an account of those changes in three categories:
<em>src_as</em> and <em>dst_as</em> ACLs, Squid no longer initiates ASN
lookups.

<tag>cache_peer</tag>
<p>Removed <em>sslversion=</em> option.
<p>Removed <em>tls-options=</em> support for <em>SSLREF2_REUSE_CERT_TYPE_BUG</em>,
<em>MICROSOFT_BIG_SSLV3_BUFFER</em> and <em>NO_SSLv3</em>.

<tag>client_ip_max_connections</tag>

<p>Fixed off-by-one enforcement. Squid now allows at most <em>N</em>
Expand All @@ -121,6 +133,21 @@ This section gives an account of those changes in three categories:
HTCP CLR requests allowed by this directive are forwarded to those
cache_peers.

<tag>http_port</tag>
<p>Removed <em>sslversion=</em> option.
<p>Removed <em>tls-options=</em> support for <em>SSLREF2_REUSE_CERT_TYPE_BUG</em>,
<em>MICROSOFT_BIG_SSLV3_BUFFER</em> and <em>NO_SSLv3</em>.

<tag>https_port</tag>
<p>Removed <em>sslversion=</em> option.
<p>Removed <em>tls-options=</em> support for <em>SSLREF2_REUSE_CERT_TYPE_BUG</em>,
<em>MICROSOFT_BIG_SSLV3_BUFFER</em> and <em>NO_SSLv3</em>.

<tag>tls_outgoing_options</tag>
<p>Removed <em>version=</em> option.
<p>Removed <em>options=</em> support for <em>SSLREF2_REUSE_CERT_TYPE_BUG</em>,
<em>MICROSOFT_BIG_SSLV3_BUFFER</em> and <em>NO_SSLv3</em>.

</descrip>

<sect1>Removed directives<label id="removeddirectives">
Expand Down
19 changes: 4 additions & 15 deletions src/cf.data.pre
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2429,8 +2429,6 @@ DOC_START
options= Various SSL implementation options. The most important
being:

NO_SSLv3 Disallow the use of SSLv3

NO_TLSv1 Disallow the use of TLSv1.0

NO_TLSv1_1 Disallow the use of TLSv1.1
Expand Down Expand Up @@ -3055,15 +3053,12 @@ DOC_START

min-version=1.N
The minimum TLS protocol version to permit.
To control SSLv3 use the options= parameter.
Supported Values: 1.0 (default), 1.1, 1.2, 1.3

options=... Specify various TLS/SSL implementation options.

OpenSSL options most important are:

NO_SSLv3 Disallow the use of SSLv3

SINGLE_DH_USE
Always create a new key when using
temporary/ephemeral DH key exchanges
Expand Down Expand Up @@ -3866,16 +3861,13 @@ DOC_START
to this peer.

tls-min-version=1.N
The minimum TLS protocol version to permit. To control
SSLv3 use the tls-options= parameter.
The minimum TLS protocol version to permit.
Supported Values: 1.0 (default), 1.1, 1.2

tls-options=... Specify various TLS implementation options.

OpenSSL options most important are:

NO_SSLv3 Disallow the use of SSLv3

SINGLE_DH_USE
Always create a new key when using
temporary/ephemeral DH key exchanges
Expand Down Expand Up @@ -9623,14 +9615,11 @@ DOC_START
to this icap server.

tls-min-version=1.N
The minimum TLS protocol version to permit. To control
SSLv3 use the tls-options= parameter.
The minimum TLS protocol version to permit.
Supported Values: 1.0 (default), 1.1, 1.2

tls-options=... Specify various OpenSSL library options:

NO_SSLv3 Disallow the use of SSLv3

SINGLE_DH_USE
Always create a new key when using
temporary/ephemeral DH key exchanges
Expand All @@ -9641,8 +9630,8 @@ DOC_START
strength to some attacks.

See the OpenSSL SSL_CTX_set_options documentation for a
more complete list. Options relevant only to SSLv2 are
not supported.
more complete list. Options relevant only to SSLv2 or SSLv3
are not supported.

tls-cafile= PEM file containing CA certificates to use when verifying
the icap server certificate.
Expand Down
71 changes: 5 additions & 66 deletions src/security/PeerOptions.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,6 @@ Security::PeerOptions::parse(const char *token)
}
KeyData &t = certs.back();
t.privateKeyFile = SBuf(token + 4);
} else if (strncmp(token, "version=", 8) == 0) {
debugs(0, DBG_PARSE_NOTE(1), "WARNING: UPGRADE: SSL version= is deprecated. Use options= and tls-min-version= to limit protocols instead.");
sslVersion = xatoi(token + 8);
} else if (strncmp(token, "min-version=", 12) == 0) {
tlsMinVersion = SBuf(token + 12);
optsReparse = true;
Expand Down Expand Up @@ -192,54 +189,6 @@ Security::PeerOptions::updateTlsVersionLimits()

return;
}

if (sslVersion > 2) {
// backward compatibility hack for sslversion= configuration
Copy link
Contributor

@rousskov rousskov Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, I support removing deprecated and undocumented version=X parameter because it would simplify Squid code quite a bit. I assume that such a removal would still allow admins to achieve the same configuration using an options=Y parameter. That assumption would need to be validated.

That version=X parameter removal can be done in this PR. This PR already has the necessary changes (or most of them -- I did not check carefully).

Copy link
Contributor Author

@yadij yadij Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FTR; This is how SSLv3 is enabled by admin for legacy installs (i.e. sslversion=3) forces Squid to negotiate SSLv3 regardless of BCP 195 requirements.

Copy link
Contributor

@rousskov rousskov Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am struggling to find a way to connect your statement to my change request. Are you implying that admins would not be able to force SSLv3 negotiations using options=Y parameter after version=X parameter1 is removed?

Footnotes

  1. In the context of this thread, version=X refers to all parameter name variations that configure sslVersion data members. Depending on the directive being parsed, Squid recognizes "version", "tlsversion", "tls-version", and "sslversion" spellings (at least2). AFAICT, those spelling differences are immaterial here.

  2. git grep -E 'strncmp.*"(tls|ssl)-?"'

Copy link
Contributor Author

@yadij yadij Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To meet your suggested "giving admins an option to overwrite that Squid default" would be to leave this configuration option in place. Just requiring it to be set to re-enable SSLv3 now, instead of auto-enabling with a manual disable.

Copy link
Contributor

@kinkie kinkie Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yadij how about we do just that in Squid 8 and remove in 9?

Copy link
Contributor

@rousskov rousskov Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To meet your suggested "giving admins an option to overwrite that Squid default" would be to leave this configuration option in place.

I did not suggest that. I actually said that "I am not convinced there is enough demand to implement that feature" and noted implementation complexities. In short, I suggested not to add that feature.

I am still struggling to understand whether sslversion=X removal would still allow admins to achieve the same configuration using options=Y parameter(s). It seems like a simple/straightforward question, but I am probably missing the reason why there is no answer on this change request thread.

Copy link
Contributor Author

@yadij yadij Nov 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To meet your suggested "giving admins an option to overwrite that Squid default" would be to leave this configuration option in place.

I did not suggest that.

You did. I cut-and-pasted that quote from your comment in the other review thread.

I am still struggling to understand whether sslversion=X removal would still allow admins to achieve the same configuration using options=Y parameter(s).

If the only PR action taken is removing sslversion= the answer would be yes. In official code that option is just appending a few hard-coded values to any options= setting.

Removal of support for options=NO_SSLv3 by this PR means that the sslversion= values 4/5/6 are no longer able to be replaced fully by options=. But, the change to hard-code NO_SSLv3 restores that.

Which leaves sslversion=3. That officially disables all TLS verisons, forcing SSLv3 as the only potential choice of transport for TLS/SSL connections. without doing anything to ensure that SSLv3 works or is even available from the used openssl.

// only use if tls-min-version=N.N is not present
// values 0-2 for auto and SSLv2 are not supported any longer.
// Do it this way so we DO cause changes to options= in cachemgr config report
const char *add = nullptr;
switch (sslVersion) {
case 3:
#if USE_OPENSSL
add = ":NO_TLSv1:NO_TLSv1_1:NO_TLSv1_2:NO_TLSv1_3";
#elif HAVE_LIBGNUTLS
add = ":-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2:-VERS-TLS1.3";
#endif
break;
case 4:
#if USE_OPENSSL
add = ":NO_SSLv3:NO_TLSv1_1:NO_TLSv1_2:NO_TLSv1_3";
#elif HAVE_LIBGNUTLS
add = ":+VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2:-VERS-TLS1.3";
#endif
break;
case 5:
#if USE_OPENSSL
add = ":NO_SSLv3:NO_TLSv1:NO_TLSv1_2:NO_TLSv1_3";
#elif HAVE_LIBGNUTLS
add = ":-VERS-TLS1.0:+VERS-TLS1.1:-VERS-TLS1.2:-VERS-TLS1.3";
#endif
break;
case 6:
#if USE_OPENSSL
add = ":NO_SSLv3:NO_TLSv1:NO_TLSv1_1:NO_TLSv1_3";
#elif HAVE_LIBGNUTLS
add = ":-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.3";
#endif
break;
default: // nothing
break;
}
if (add) {
if (sslOptions.isEmpty())
sslOptions.append(add+1, strlen(add+1));
else
sslOptions.append(add, strlen(add));
optsReparse = true;
}
sslVersion = 0; // prevent sslOptions being repeatedly appended
}
}

Security::ContextPointer
Expand Down Expand Up @@ -307,16 +256,6 @@ static struct ssl_option {
"NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{
"SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{
"MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{
"SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG
Expand Down Expand Up @@ -382,11 +321,6 @@ static struct ssl_option {
"NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
},
#endif
#if defined(SSL_OP_NO_SSLv3)
{
"NO_SSLv3", SSL_OP_NO_SSLv3
},
#endif
#if defined(SSL_OP_NO_TLSv1)
{
"NO_TLSv1", SSL_OP_NO_TLSv1
Expand Down Expand Up @@ -524,6 +458,11 @@ Security::PeerOptions::parseOptions()
// compliance with RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0
if (SSL_OP_NO_SSLv2)
op |= SSL_OP_NO_SSLv2;
#endif
#if defined(SSL_OP_NO_SSLv3)
// compliance with RFC 7568: Prohibiting Secure Sockets Layer (SSL) Version 3.0
if (SSL_OP_NO_SSLv3)
op |= SSL_OP_NO_SSLv3;
Copy link
Contributor

@rousskov rousskov Sep 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not convinced we should make this "no SSLv3" decision for Squid admins, especially since Squid is quite often used to "upgrade" legacy clients and servers. The vast majority of existing Squid builds do not support SSLv3 today because OpenSSL builds disable SSLv3 by default since OpenSSL v1.1.0. Folks that use OpenSSL v1.0 today1 probably do not want to disable SSLv3, but even they can already disable SSLv3 in their Squid configurations and/or OpenSSL builds.

We could support disabling SSLv3 by default while giving admins an option to overwrite that Squid default, but I am not convinced there is enough demand to implement that feature. And if we are really serious about disabling SSLv3 (where it is supported by an OpenSSL build), then adding that feature would require cooperating on developing a new suitable configuration interface for this -- just using SSL_OP_NO_SSLv3 when no other options were configured would not be good enough; that additional complexity raises the bar for supporting "disabling SSLv3 by default while giving admins an option to overwrite that Squid default" idea.

I would support warning admins if their Squid instance allows SSLv3 use (if we can detect that state reliably).

Footnotes

  1. Assuming master/v8 still builds with OpenSSL v1.0.

Copy link
Contributor Author

@yadij yadij Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Squid is quite often used to "upgrade" legacy clients and servers

You have already imposed the design decision earlier this year that this use-case for Squid is no longer valid, to justify removal of Gopher protocol and other older code.

Copy link
Contributor

@rousskov rousskov Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Squid is quite often used to "upgrade" legacy clients and servers

You have already imposed the design decision earlier this year that this use-case for Squid is no longer valid, to justify removal of Gopher protocol and other older code.

I have not imposed any design decisions.

FWIW, our (IMO, correct) decision to remove Gopher code does not imply we should add code to prohibit SSLv3 support.

Copy link
Contributor Author

@yadij yadij Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Squid is quite often used to "upgrade" legacy clients and servers

You have already imposed the design decision earlier this year that this use-case for Squid is no longer valid, to justify removal of Gopher protocol and other older code.

I have not imposed any design decisions.

You proposed removal of a feature and ensured it was removed for design reasons, despite my objections that said protocol had/has actively growing usage. Ergo you imposed a design decision. Specifically to stop officially supporting translation from legacy protocols to HTTP.

FWIW, our (IMO, correct) decision to remove Gopher code does not imply we should add code to prohibit SSLv3 support.

Reasons for code removal should be applied consistently for all code meeting the stated criteria. Ergo, for the "legacy protocol" and "unsolvable security issues" criteria used for removing protocol "Gopher" we have this PR for removing protocol "SSlv3".

SSLv3 has:

  • major security issues that cannot be solved.
  • officially prohibited ("MUST NOT be negotiated") over 10 years ago.
  • an actively declining support worldwide.
    • under 1.5% support. That is just being available on a server, actual usage is far less.

Copy link
Contributor

@kinkie kinkie Oct 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see the merit in @yadij 's position here. RFC7568 dates back to June 2015; given the age, I would not expect that there are many clients dating so far back in the past that cannot speak to Squid in TLS 1.0 or later. Do we have any hard evidence to the contrary?

Furthermore, any change here would get distributed with Squid v7, which should be scheduled to start beta in late 2026 (we didn't explicitly tie up that discussion, but that's for another thread) and is likely to be felt by real-world users probably sometime in mid 2027; 12 years should be enough to deprecate a functionality, isn't it?

Copy link
Contributor

@rousskov rousskov Oct 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kinkie, AFAICT, your comment supports a "position" that nobody is attacking -- we all agree that SSL is old, insecure, and rarely used. SSL is also not supported by a typical Squid installation these days (as detailed in my change request).

Copy link
Contributor Author

@yadij yadij Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The vast majority of existing Squid builds do not support SSLv3 today because OpenSSL builds disable SSLv3 by default since OpenSSL v1.1.0.

So ... Squid has silently stopped supporting SSLv3 since 4 years ago without anyone noticing. One more argument for merging this PR change.

#endif
parsedOptions = op;

Expand Down
2 changes: 0 additions & 2 deletions src/security/PeerOptions.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,6 @@ class PeerOptions
#endif
}

int sslVersion = 0;

/// flags governing Squid internal TLS operations
struct flags_ {
flags_() : tlsDefaultCa(true), tlsNpn(true) {}
Expand Down