Netgate will replace OpenSSL 1.1.1t with OpenSSL 3.0.12 in the pending release of pfSense Plus software, version 23.09. This is an essential move as the OpenSSL Project confirmed on September 11, 2023, that version 1.1.1t had reached its End of Life (EOL), and it will no longer receive security patches for vulnerabilities. FreeBSD has also moved to OpenSSL 3. An update to pfSense CE software will follow after the release of pfSense Plus version 23.09.
OpenSSL is a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. The OpenSSL toolkit is an essential component of Netgate’s pfSense Plus software, and of the FreeBSD operating system upon which it is built.
Moving to OpenSSL 3 is Complex
The OpenSSL Project made an unusual jump in numbering from version 1.1.1t to version 3.0.12 to highlight its significance. A major change in version 3.0.12 is implementation of the FIPS Object Module 2.0 in order to gain FIPS 140-3 compliance (FIPS is a U.S. Federal program for the testing and certification of cryptographic modules).
This new version includes major structural changes and modifies some application programming interface (API) and application binary interface (ABI) components. It also deprecates weak algorithms of various types.
Changing from OpenSSL 1.1 to OpenSSL 3 is not a simple upgrade. Netgate developers have incorporated these changes with as little impact on users as possible, but some things may still require manual adjustments, as outlined below.
Deprecated Encryption and Digest Algorithms in OpenVPN
OpenSSL 3 removes a large number of deprecated encryption and digest algorithms. This primarily affects OpenVPN.
Encryption algorithms removed from OpenVPN include: ARIA, Blowfish (e.g. BF-CBC, which was formerly an OpenVPN default), CAST5, DES, DESX, IDEA, RC2, RC5, SEED, and SM4. Hash algorithms removed from OpenVPN include MD4, MDC2, SM3, and Whirlpool.
Upon upgrade, tunnels using these deprecated algorithms will be adjusted so they use more secure default values when necessary.
Changes to Certificates
OpenSSL 3 no longer supports certificates signed with SHA1 or other older/weaker hashes. The minimum recommended hash strength is SHA256. The pfSense Plus upgrade process detects usage of weak certificates for the GUI, Captive Portal, and OpenVPN, and takes actions where possible:
- If the pfSense Plus GUI or a Captive Portal zone utilizes a weak CA or server certificate, a new self-signed certificate will be generated as a stopgap measure to allow the processes to start and let the user in to make any necessary corrections.
- If an OpenVPN instance is using a weak certificate, the instance is disabled as there is no viable general automated recovery method. OpenVPN peers using SHA1 certificates will fail, but such issues must be corrected on the peers. This may mean renewing or reissuing certificates, or re-exporting clients for peers if they are currently using weak certificates.
- Other consumers of certificates, such as add-on packages, may be similarly affected but cannot be automatically adjusted.
The best practice is to reconfigure all services using certificates with stronger algorithms, and to test these functions before performing an upgrade to ensure a smooth transition.
- The certificate manager in the GUI can still read and generate certificates using weak hashes, but warns against their use. Avoid creating any new entries using weak hashes. This support will eventually be removed.
- The certificate manager no longer supports importing PKCS#12 archive files which were encrypted with weak ciphers, such as RC2-40. Some operating systems still export using such weak ciphers by default, including macOS and Windows.
- IPsec does not require any adjustments. It still supports SHA1 certificates for the time being, and no additional algorithms have been deprecated or removed.
- Unbound does not require any adjustments. It still supports SHA1 certificates for the time being.
- Although the legacy provider for OpenSSL 3 is built and included, it does not help to work around the issues mentioned above.
This migration to OpenSSL 3 is essential, and the work done by Netgate in the upcoming version 23.09 to support it is complex. The changes have been incorporated with as little impact on users as possible, but some services may require reconfiguration using certificates with stronger algorithms.
Netgate HIGHLY recommends reviewing the release notes prior to installing this upgrade.
Where to Learn More
The pfSense Plus Release Notes for version 23.09 are available at: https://docs.netgate.com/pfsense/en/latest/releases/23-09.html
The OpenSSL Migration Guide, which details the changes in moving from OpenSSL 1.1.1 to OpenSSL 3, is available at: https://www.openssl.org/docs/man3.0/man7/migration_guide.html
The announcement about OpenSSL 1.1.1 is here: https://www.openssl.org/blog/blog/2023/09/11/eol-111/