Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After Update to 1.22.0 LDAP Login is not working anymore #31228

Closed
swiedernix opened this issue Jun 3, 2024 · 12 comments
Closed

After Update to 1.22.0 LDAP Login is not working anymore #31228

swiedernix opened this issue Jun 3, 2024 · 12 comments
Labels
reviewed/wontfix The problem described in this issue/fixed in this pull request is not a problem we will fix type/bug

Comments

@swiedernix
Copy link

Description

Hi,
I've upgrade to 1.22.0 and after the update LDAP login is no longer possible.

I see tls handshake failures in the logfile:
2024/06/03 11:18:01 ...dap/source_search.go:424:SearchEntries() [E] LDAP Connect error, our.ldap.server:LDAP Result Code 200 "Network Error": remote error: tls: handshake failure
2024/06/03 11:18:01 .../ldap/source_sync.go:55:Sync() [E] SyncExternalUsers LDAP source failure [ourldapserver], skipped

Gitea Version

1.22.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.39.3

Operating System

RHEL 8.9

How are you running Gitea?

running gitea from downloads: gitea-1.22.0-linux-amd64

Database

PostgreSQL
@techknowlogick
Copy link
Member

Are you using a self-signed certificate, and which LDAP server are you using?

@silverwind
Copy link
Member

Could be a TLS cipher issue. Check if your LDAP server supports TLS 1.2 or higher with tools like https://github.com/drwetter/testssl.sh. golang since v1.22 requires TLS 1.2 or higher by default.

@yp05327 yp05327 added the issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail label Jun 4, 2024
@vworldat
Copy link

vworldat commented Jun 4, 2024
edited
Loading

Same here. Self-signed certificate with "skip TLS verification" selected.

Used testssl.sh to check protocols:

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    not offered and downgraded to a weaker protocol
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing cipher categories 

 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         not offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            offered
 Strong encryption (AEAD ciphers) with no FS       offered (OK)
 Forward Secrecy strong encryption (AEAD ciphers)  not offered

 Testing server's cipher preferences 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
[..]

TLSv1.2 (no server order, thus listed by strength)
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA

OS is Debian 12 bookworm. Gitea running using amd64 binary.

@xoxys
Copy link
Contributor

xoxys commented Jun 4, 2024

Same here. I'm using an OpenLDAP proxy. TLS1.2 is supported:

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    not offered and downgraded to a weaker protocol
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing cipher categories 

 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            offered
 Strong encryption (AEAD ciphers) with no FS       offered (OK)
 Forward Secrecy strong encryption (AEAD ciphers)  not offered

 Testing server's cipher preferences 
 TLSv1.2 (no server order, thus listed by strength)
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA

@silverwind
Copy link
Member

silverwind commented Jun 4, 2024
edited
Loading

Actually it's likely not TLS-version related as per https://tip.golang.org/doc/go1.22#minor_library_changes:

By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with config.MinimumVersion, matching the behavior of crypto/tls clients. This change can be reverted with the tls10server=1 GODEBUG setting.

So the TLS client has not changed it's requirement in go 1.22/gitea 1.22, only the server has.

@JoelKle
Copy link

JoelKle commented Jun 4, 2024
edited
Loading

I've captured the LDAP traffic between Gitea and our LDAP server with tcpdump and analysed it with Wireshark.
Since v1.22.0 it looks like Gitea are no longer offering TLS_RSA Cipher Suites in the TLS Client Hello

Our LDAP server only supports TLS_RSA ciphers related to the test result of testssl.sh.
@vworldat @xoxys Looks like this is the same for your LDAP server.

Why this happened requires further analysis.

Compare the following TLS Client Hello Output between Gitea v1.22.0 and v1.21.11

# gitea-1.22.0-linux-amd64
# LDAP TLS Client Hello

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 256
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 252
            Version: TLS 1.2 (0x0303)
            Cipher Suites Length: 28
            Cipher Suites (14 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
                Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)

# gitea-1.21.11-linux-amd64
# LDAP TLS Client Hello

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 266
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 262
            Version: TLS 1.2 (0x0303)
            Cipher Suites Length: 38
            Cipher Suites (19 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
                Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)

@JoelKle
Copy link

JoelKle commented Jun 4, 2024
edited
Loading

The situation seems clear to me:

By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting.

https://tip.golang.org/doc/go1.22#minor_library_changes
golang/go#63413

Exporting the required env var GODEBUG="tlsrsakex=1" solved our problem :)

export GODEBUG="tlsrsakex=1"
./gitea web

https://docs.gitea.com/administration/environment-variables

@adamoutler
Copy link

Same issue. Workaround for me was to disable encryption and change the port from 636 to 389 or from 3289 to 3268. I use Global Directory LDAP 3268 because it's faster, but I tested with port 389 and it works as well.
image

@JoelKle
Copy link

JoelKle commented Jun 4, 2024

@adamoutler
Could you test it again with port 636, enabled encryption and GODEBUG="tlsrsakex=1"
as mentioned in: #31228 (comment)
?

@adamoutler
Copy link

adamoutler commented Jun 4, 2024
edited
Loading

@adamoutler Could you test it again with port 636, enabled encryption and GODEBUG="tlsrsakex=1" as mentioned in: #31228 (comment) ?

I'm sorry, but I'm using a docker container setup and I'd need to adjust code to do this. I assume it will be fixed soon enough.

@silverwind silverwind added reviewed/wontfix The problem described in this issue/fixed in this pull request is not a problem we will fix and removed issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail labels Jun 4, 2024
@silverwind
Copy link
Member

silverwind commented Jun 4, 2024
edited
Loading

Ok, I'm closing and pinning this since it's working as intended.

People affected should look into upgrading their LDAP server to support modern ciphers and if that's not possible you can workaround preferably with GODEBUG="tlsrsakex=1" or worse, by switching to unencrypted. That flag will surely go away in a future golang version, so it won't last forever.

@silverwind silverwind closed this as not planned Won't fix, can't repro, duplicate, stale Jun 4, 2024
@silverwind silverwind pinned this issue Jun 4, 2024
@xoxys
Copy link
Contributor

xoxys commented Jun 4, 2024
edited
Loading

Working OpenLDAP/slapd config:

TLSCipherSuite          HIGH:MEDIUM:-SSLv2:-SSLv3
TLSProtocolMin          3.1
TLSECName               secp521r1

To enable ECDHE ciphers TLSECName is required.

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    not offered and downgraded to a weaker protocol
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing cipher categories 

 NULL ciphers (no encryption)                      not offered (OK)
 Anonymous NULL Ciphers (no authentication)        not offered (OK)
 Export ciphers (w/o ADH+NULL)                     not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export)      not offered (OK)
 Triple DES Ciphers / IDEA                         not offered
 Obsoleted CBC ciphers (AES, ARIA etc.)            offered
 Strong encryption (AEAD ciphers) with no FS       offered (OK)
 Forward Secrecy strong encryption (AEAD ciphers)  offered (OK)


 Testing server's cipher preferences 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
[...]
TLSv1.2 (no server order, thus listed by strength)
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 521   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 521   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 521   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 521   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256

@wy65701436 wy65701436 mentioned this issue Jul 8, 2024
Open
@vaz-ar vaz-ar mentioned this issue Jul 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
reviewed/wontfix The problem described in this issue/fixed in this pull request is not a problem we will fix type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@silverwind @techknowlogick @adamoutler @vworldat @xoxys @swiedernix @yp05327 @JoelKle