-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop mbedTLS and migrate to OpenSSL #48799
Comments
Uhm, I don't think Julia itself does. Some packages in the ecosystem do.
Isn't OpenSSL plagued by security vulnerabilities? Last October all stable versions were withdrawn because of high security vulnerabilities, and the fix came only three weeks afterwards: https://www.openssl.org/news/newslog.html. Pinging some people who may have opinions: @mkitti @eschnett @quinnj |
Also cc: @StefanKarpinski @staticfloat |
I have significantly soured on mbedTLS in that they have no commitment to maintain the binary interface between minor releases. With OpenSSL moving to semantic versioning with the version 3 release. I think we should seriously consider using OpenSSL v3 instead of mbedTLS. We need to finish moving the ecosystem to OpenSSL v3 first though. In a similar vein, we should also consider libssh instead of libssh2. |
xref: #43677 (comment) Here is an excerpt from the mbedtls release notes:
|
My 20 cents: OpenSSL has had hiccups in the past, but it seems to me much more stable and backward compatible that mbedTLS. It's also used more widely: at Homebrew, we have more than 10% of our software that depends directly on OpenSSL (and the majority of the packages have some indirect dependence on it). |
mbedTLS long term supporthttps://github.com/Mbed-TLS/mbedtls/blob/development/BRANCHES.md
mbedTLS Summary
OpenSSL long term supporthttps://www.openssl.org/policies/releasestrat.html
OpenSSL Summary
|
A major problem we had was not sticking with their LTS versions. I believe 2.28 is an LTS version. |
Yes, but the problem is that "long term" for mbedtls is less than 2 years from now. Will we release another Julia LTS by then? |
I imagine we most likely will. Just a personal view. |
GMT doesn't run on some linuxes because external binaries may depend on OpenSSL |
I'm not sure if this will solve GMT's issues regarding conflicts with system libraries. You might have to contend with multiple versions of OpenSSL libraries then. The only ones who can really solve that issue are the system package managers. The alternative is to create our own "system" (e.g. the BinaryBuilder JLLs, containers, or conda-forge). |
That problem is occurring with binaries built with Conda. |
Right. So conda (probably conda-forge) would need to figure out how to build julia with libraries configured to fit in the conda-forge ecosystem. |
In conda-forge, I think they might build with curl, libgit2, and libssh2 that uses OpenSSL v3, so maybe that works with GMT? I happen to be one of the contributors to the julia-feedstock. https://github.com/conda-forge/julia-feedstock/blob/main/recipe/meta.yaml https://github.com/conda-forge/julia-feedstock/blob/main/recipe/build.sh#L49 |
Apparently mbedtls is really slowing down connections. https://discourse.julialang.org/t/http-jl-async-is-slow-compared-to-python-aiohttp/96736/45?u=mkitti |
That means we can't use that LTS for 1.10, assuming 1.10 will become LTS, nor can we use any non-LTS mbedlts I believe. Does anyone know what might become the next LTS for it? Strictly speaking we can use any TLS in 1.10, we just promise to upgrade in our minor LTS Julia versions. Is that possible and keeping compatibility?
That seems better, we might not want to promise longer support for our Julia (next) LTS. We have actually never promised any time-frame that I know of, just "long". I'm agnostic what would be the replacement. I'm not opposed to OpenSSL since it seems good, and is already installed on most Linux distros. I think we should actually support none, use what's already installed on your platform, or only use ours as a fallback if newer. Is the plan to e.g. use OpenSSL also on Windows? Do we already use mbedlts there, or what Windows provides? Some argument could be made (for e.g. Windows) that it's less secure, broken by CIA or NSA, and not to be trusted... While I'm not too paranoid, proposing trusting them, maybe an ENV var should allow insisting on our bundled TLS...
I feel a bit responsible since I suggested mbedTLS in the beginning. It seemed good, now things may have changed and OpenSSL or BoringSSL (and also HTTP/3) better, but I would prefer none of it, also Downloads excised, in Julia to reduce maintenance burden... Pkg is on its way out of the sysimage, and hopefully out of the new juliax eventually, and Downloads. Can we get away with all of this gone, and just in an upgradable (stdlib) library and/or rely on the system TLS only? Are there any platforms with no TLS/SSL?! Who are we helping including, not @Seelengrab or other for (not, yet, supported) embedded? |
Uuuhh I'm not aware of either mbedTLS or OpenSSL being available in particular for embedded. They'd have to be written with that in mind anyway. I think most of that would happen in userspace anyway, so should not be special to embedded. No need to consider my esoteric usecases here. |
|
Of all goes well mbedtls_jll will be an upgradeable stdlib for 1.11. #51399 moves it out of the sysimg. |
Good point, I hadn't made that connection! It being available in theory and being able to use it through Julia on a microcontroller are still two very different things though :) So there's no need to consider my niche for a decision on what the core runtime should use.
Nice, so that should alleviate worries about shipping an outdated version! One thing that remains (from what I can tell) are the performance problems reported on discourse - has someone investigated/pinged the mbedTLS people what could be the issue? Or is this expected behavior? |
Yeah, my understanding is that OpenSSL (and other commercially used TLS libraries: boringSSL, aws crt's tls library, libressl, etc.) have custom assembly kernels for certain performance hotspots that mbedtls doesn't have and is thus slower, yet easier to use/port to a wider variety of platforms. |
The problem is that there is a mismatch in objectives. Julia is not currently targeting the embedded case, yet mbedTLS is the default. How could we produce an alternate build of Julia that depends on OpenSSL? Should we start with alternate dependencies that build against OpenSSL? |
Since there is a jll already one would need to see the uses of mbedtls and switch them to openssl. |
The packages currently using mbedTLS are:
Of these, I assume that only the last four are important for Julia itself. Many of the others are only using mbedTLS to stay transitively consistent. |
I'm moderately sure most of them link to mbedtls only because of libcurl (libcurl config file will have |
libssh2 and libgit2 need a crypto/tls backend, not just through curl (actually, I'm not sure they link to curl at all). Edit: I've checked, and indeed, they don't need curl but they need crypto/tls. In Homebrew, we've been building them against openssl forever, and have no issue. We also build julia against our homebrew openssl-based libgit2 and libssh2 and have never had issues with it. |
That's why I said "most of them", not "all of them" 🙂 |
FYI: There are 35 direct dependants of MbedTLS (as apposed to its JLL), such as AWS*. Don't we need to worry about them too? Or neither, since both will just continue to work? Only MbedTLS is in the general registry currently, not the JLL since it's a stdlib (I think upgradable stdlibs may be there). For Project.toml files it doesn't matter packages are there(?), i.e. their origin. |
The MbedTLS JLL will likely need to remain an "upgradable" standard library at minimum similar to DelimitedFiles.jl. |
How about dropping mbedtls[_jll] (and CURL) and have no replacement? It's already out of the sysimage, so where is it actually used? I believe (only by the deprecated) Downloads.jl (indirectly by CURL) which is already an upgradable stdlib, bundled with, could be unbundled in 2.0. A lot of programs need to download, yes, but not nearly all, and some need to upload too that I think it doesn't support anyway. Such functionality should be only in a package? Then less of a security risk for Julia, i.e. reasons to upgrade it, and maintain LTS. [It will be easier to upgrade for security, if you only need to upgrade a package, and ideally that package should auto-update itself. Pkg will depend on it.] It's used by Pkg indirectly, i.e. for git I believe, but both are implementation details, so could change in a minor release. Note, we would still bundle it, it would just not be part of any official API. If we do it this way, it would be good to lose it in 1.10 already (i.e. not promise it for LTS). |
The question is whether libcurl and libgit2 (if we still use it) is configured to use mbedtls or openssl. |
The conda-forge build (which I try to maintain) does use libcurl and libgit2 that depends on OpenSSL on Linux. I'm not completely sure if that is fully functional. |
The JLLs for |
FYI: the current mbedTLS version in use by Julia will end support at the end of the current year. |
The note in BRANCHES.md says
As far as I can tell, they have not yet declared another branch to be LTS. |
They have not, but it seems risky to wait for them to deprecate the current branch |
As of one week ago, mbedtls-3.6 is now designated LTS branch: https://github.com/Mbed-TLS/mbedtls/blob/development/BRANCHES.md There is no release on the 3.6 branch, however :) |
Did we already drop MbedTLS as of recent PR? And then just close this issue? That said there is now Mbed TLS 3.6.0 LTS in case preferred... at: I'm not sure the number of improvements make us reconsider dropping MbedTLS (is it speed-critical at all for what Julia/libssh2 itself needs?), such as TLS1.3 support and:
|
Have you considered using wolfssl? It is vastly superior to both openSSL and mbedTLS in every way: size, speed, flexibility. Plus certified: NIST, DO-178, etc. It's a serious, commercial-grade library with solid TLS 1.3, post quantum, SM (ShangMi; essential for business in China), and more. I have a brief comparison in espressif/esp-idf#13966 If there's already OpenSSL support, then wolfSSL has a compatibility layer. See also https://www.wolfssl.com/docs/wolfssl-openssl/ There are wolfcrypt wrappers for many languages. Would be great to see one for Julia! |
There has already been an issue that proposed migration to BoringSSL (#45856), which is not what I propose here.
From a security perspective, this seems great (fewer updates to manage, and track record shows mbedTLS is frequently behind in Julia).
Are there any downsides to migrating to OpenSSL and removing mbedTLS?
If not, and the idea has support, I volunteer to handle the migration PRs in Yggdrasil and julia.
The text was updated successfully, but these errors were encountered: