Background
I'm upgrading my C++ application form using OpenSSL 1.1.11t to use OpenSSL 3.0.12. I resolved almost all problems (legacy mode), but one last problem remains
Problem
One of OpenSSL changes is change which algorithms are treated as not safe anymore. For example one of the servers is using CA certificate which is RSA 20248 with Sha-1 fingerprint. This server was working with OpenSSL 1.1.11t, after my upgrade to OpenSSL 3.0.12 in logs I can see following error:
024-03-22 20:01:09 00ac8 Error: Cannot start MyServer. Certificate is invalid: ca md too weak (SSL routines) [asio.ssl:167772558]
Based on OpenSSL documentation problem is Sha-1 fingerprint:
/docs/man3.0/man3/SSL_CTX_set_security_callback.html
Level 1
The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Note that signatures using SHA1 and MD5 are also forbidden at this level as they have less than 80 security bits.
Documentation for OpenSSL 1.1 has similar statement it just part which I made bold above.
I'm using default setting, so security level is set to 1. Still version with OpenSSL 1.1 works and version with OpenSSL 3.0.12 fails (ca md too weak).
I do not want to set security level to 0. This will enable not only sha-1, but also even much older more problematic algorithms.
Question
How can I restore 1.1 behavior? How can I change configuration of OpenSSL, so server is not stopped in case this problem appears. Instead I'd like to file just a waring.
Aim is prevent this error from stopping server and just file warning which encourage server maintainer to update his certificates. I'd like to give server maintainer some time to patch their configuration.
My first attempts
There is an API which looks promising:
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
int (*cb)(SSL *s, SSL_CTX *ctx, int op,
int bits, int nid,
void *other, void *ex));
Great this should give me proper solution which will restore only required functionality and give some option to file proper warnings.
Problem is that documentation is poor:
/docs/man3.0/man3/SSL_CTX_set_security_callback.html
SSL_CTX_set_security_callback(), SSL_set_security_callback(), SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set the security callback associated with ctx or s. If not set a default security callback is used. The meaning of the parameters and the behaviour of the default callbacks is described below.
/docs/man3.0/man3/SSL_CTX_set_security_callback.html
APPLICATION DEFINED SECURITY CALLBACKS
Documentation to be provided.
So I try to fallback to OpenSsl code. I've found implementation of default callback: ssl_security_default_callback. Looks great, but then I've checked how it is implemented in OpenSsl 1.1 and the only difference I can see is just line numbers (so nothing just some code was added above).
My plan was to copy to my code implementation of ssl_security_default_callback form OpenSsl 1.1 to have exact behavior of it and use it as fallback mechanism in my callback.
Since I do not see a difference this plan will fail.
Where actual difference is hiding? What is the code which causing different behavior between 1.1 and 3.0?