SSLv3 has been irreparably broken since the POODLE attack 5 years ago.
RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use in no uncertain terms, and proceeds to list everything that's broken with it.
SSLv3 MUST NOT be used.
Negotiation of SSLv3 from any version of TLS MUST NOT be permitted.
Major CDNs dropped support immediately upon the disclosure of POODLE. Google frontends followed in 2015. Mozilla called the end of SSL 3.0 in 2014.
In crypto/tls, SSLv3 is only supported on the server side, and is disabled by default. It's time we remove it entirely, as it's not just obsolete, but insecure.
I would like to mark it as deprecated in Go 1.13 and announce it in the release notes, also to get feedback on the impact, and then remove it in Go 1.14.
/cc @rsc @agl
FiloSottile
All 10 comments
Out of curiosity, this is the diffstat of a very straightforward removal of SSLv3, without touching tests or refactoring.
src/crypto/tls/auth_test.go | 7 -------
src/crypto/tls/cipher_suites.go | 48 ------------------------------------------------
src/crypto/tls/common.go | 9 ++-------
src/crypto/tls/conn.go | 22 +---------------------
src/crypto/tls/handshake_server_test.go | 1 -
src/crypto/tls/key_agreement.go | 11 ++++-------
src/crypto/tls/prf.go | 98 ++++----------------------------------------------------------------------------------------------
src/crypto/tls/prf_test.go | 16 ----------------
src/crypto/tls/tls_test.go | 1 -
9 files changed, 11 insertions(+), 202 deletions(-)
I'm certainly in favor of doing this but it would be nice to know more about the impact.
It seems clear from the links in the top message above that SSLv3 has not been a concern for HTTPS since 2014-2015. What's less clear is whether there are other SSL servers (especially on company-internal networks) that have not yet migrated to TLS. That seems very unlikely, but we simply don't know.
Marking it deprecated in Go 1.13 sounds like a reasonable tentative plan. I suggest we:
- consider this issue tentatively accepted
- add text to the Go 1.13 release notes about the removal and pointing back here for feedback
- remove support at the start of the Go 1.14 dev cycle
- leave this issue open to collect that feedback until the end of the Go 1.14 dev cycle
- accept the issue at the end of the Go 1.14 dev cycle assuming no showstopper feedback arrives
rsc
on 26 Jun 2019
Change https://golang.org/cl/184102 mentions this issue: crypto/tls: deprecate SSLv3 support
gopherbot
on 28 Jun 2019
Change https://golang.org/cl/191976 mentions this issue: crypto/tls: remove SSLv3 support
gopherbot
on 28 Aug 2019
This has now landed. We'll keep this open to collect feedback until the freeze, at which point we'll make a final decision.
FiloSottile
on 28 Aug 2019
@FiloSottile Time for a final decision.
ianlancetaylor
on 5 Dec 2019
We didn't see any breakage and hear any complaints. I think we should accept this.
Let's give it a round on the proposal review minutes as a likely accept?
FiloSottile
on 6 Dec 2019
This was tentatively accepted in June - see https://github.com/golang/go/issues/32716#issuecomment-505948497.
This issue was left open to collect feedback about problems after the change landed.
There have been no reported problems, so this is now a likely accept.
Leaving open for a week for final comments.
rsc
on 11 Dec 2019
No final comments, so accepting.
rsc
on 8 Jan 2020
This was implemented by CL 191976. Closing.
FiloSottile
on 8 Jan 2020
Related issues
derekperkins
路
180Comments
bradfitz
路
158Comments
jessfraz
路
154Comments
derekmarcotte
路
243Comments
tklauser
路
219Comments
Most helpful comment
I'm certainly in favor of doing this but it would be nice to know more about the impact.
It seems clear from the links in the top message above that SSLv3 has not been a concern for HTTPS since 2014-2015. What's less clear is whether there are other SSL servers (especially on company-internal networks) that have not yet migrated to TLS. That seems very unlikely, but we simply don't know.
Marking it deprecated in Go 1.13 sounds like a reasonable tentative plan. I suggest we: