Python Language Summit 2016: The Future Of The SSL Module

Transcript

1. The Future Of The SSL Module Python Language Summit 2016

   Cory Benfield <[email protected]> Christian Heimes <[email protected]>

2. Cory Benfield ❏ hyper (HTTP/2 for Python) ❏ PyOpenSSL ❏

   requests ❏ urllib3 ❏ Employed by Hewlett Packard Enterprise to work on HTTP and HTTP/2 in Python

3. Christian Heimes ❏ Python core contributor ❏ co-maintainer of Python’s

   ssl module ❏ employed by Red Hat to work on Identity Management and Public Key Infrastructure

4. Introduction

5. What is the SSL module ❏ provides TLS/SSL support for

   Python ❏ basic TLS server and client support ❏ no S/MIME or code signing ❏ uses OpenSSL internally ❏ vital for PIP to download packages for PyPI

6. Alternative packages ❏ PyOpenSSL (OpenSSL, based on PyCA cryptography) ❏

   python-nss (Mozilla NSS, heavily used in Red Hat) ❏ python-gnutls (GnuTLS) ❏ QSslSocket (pyqt) ❏ javax.net.ssl (Jython) ❏ System.Security.Cryptography (IronPython) ❏ ...

7. SSL module is in a dire state

8. SSL module is in a bad state ❏ “naturally grown”

   over many years ❏ complicated ❏ _ssl._SSLSocket is wrapped by ssl.SSLObject, which is wrapped again by ssl.SSLSocket, which is a subclass of socket.socket. ❏ insane, footgunny legacy API ❏ SSLSocket.getpeercert() returns empty dict for CERT_NONE ❏ SSLContext() defaults to no verification, must use custom factory ❏ stdlib modules accept context or cert/key/verify args

9. Lack of features ❏ no validation callback ❏ no access

   to cert chain ❏ private keys can only be loaded from a file ❏ no memory buffer ❏ no PKCS#11 engine ❏ incomprehensible error messages when cert validation failed ❏ no SPKI hash for cert pinning (HPKP) ❏ no OCSP validation

10. and more ❏ no general-purpose API ❏ really a wrapper

    around OpenSSL ❏ written in C ❏ PyPy, Jython and IronPython have to roll their own implementation ❏ additional work ❏ additional bugs ❏ stuck to OpenSSL 0.9.8 features ❏ stuck to custom host name verification code

11. Recently it got a bit better

12. Improvements ❏ PEP 466 -- Network Security Enhancements for Python

    2.7. x ❏ PEP 476 -- Enabling certificate verification ❏ backports to Python 2.7 ❏ ssl.create_default_context() Thanks to Alex, Antoine, Donald, Nick and whoever contributed to the cause!

13. The Future

14. Standardize context and ABCs for TLS ❏ deprecated cert/key/verification args

    ❏ push 3rd party libraries to use context argument ❏ ABC ❏ context.wrap_socket(socket, hostname) → SSLSocket ❏ SSLSocket ❏ SSL-specific exceptions ❏ creation and configuration of context object is not standardized

15. Add some new features ❏ SSLContext.set_verify_call() ❏ def verify(verifycontext, ok)

    -> bool ❏ X509 type ❏ instead of getpeercert() dict ❏ VerifyContext type (X509_STORE_CTX) ❏ current subject, issuer, error ❏ PrivateKey type ❏ OCSP staple verification ❏ PyCapsule export of internal C API ❏ allow 3rd party to interact with internal C API and OpenSSL objects

16. Feature moratorium ❏ SSL module should provide basic features for

    stdlib and PIP ❏ some new and security-relevant features ❏ push users to 3rd party software for advanced use cases ❏ PyOpenSSL ❏ cryptography.tls ?

17. Go OpenSSL 1.1.0 ❏ OpenSSL 1.1.0 made struct opaque and

    has cleaner API ❏ provide 1.0.2 compatibility layer (implemented in #26470) ❏ deprecate OpenSSL 1.0.1 and 0.9.8 ❏ use OpenSSL to verify host names ❏ backward compatibility? ❏ OSX? ❏ LibreSSL?

18. Root CA certificates (trust anchors) ❏ requests comes with certifi

    ❏ Python must never ever ship its own root certificate bundle. Period. ❏ Trust the operating system and use its root store. ❏ OSX? ❏ Windows implementation is semi-broken. SChannel fetch unknown root certs from MS, Python doesn’t. ❏ Libraries should provide SSLContext argument so users can customize trust settings or use env var SSL_CERT_FILE.

19. Thank you