Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External Service easily misconfigured in an insecure way #4758

Closed
johnharris85 opened this issue Aug 3, 2022 · 12 comments
Closed

External Service easily misconfigured in an insecure way #4758

johnharris85 opened this issue Aug 3, 2022 · 12 comments
Labels
kind/design Design doc or related triage/pending This issue will be looked at on the next triage meeting

Comments

@johnharris85
Copy link
Contributor

Description

The below External Service policy is valid despite the fact that networking.tls.caCert is not set. When this is not set Envoy does not have a trusted_ca configured for the upstream TLS. In this situation Envoy does not verify server certificates so communication to the external service is not secure.

type: ExternalService
mesh: default
name: 'some-name'
tags:
  kuma.io/service: 'some-name'
  kuma.io/protocol: http
networking:
  address: 'example.com:443'
  tls:
    enabled: true
    allowRenegotiation: false

Many people might assume that by default a system CA bundle will be used to verify server certificates seeing as this is not a mandatory field.

If TLS is enabled for an External Service then caCert should be mandatory to avoid insecure misconfiguration.

ref: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/tls.proto#extensions-transport-sockets-tls-v3-upstreamtlscontext
@johnharris85 johnharris85 added triage/pending This issue will be looked at on the next triage meeting kind/feature New feature labels Aug 3, 2022
@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it kind/design Design doc or related and removed triage/pending This issue will be looked at on the next triage meeting kind/feature New feature labels Aug 8, 2022
@johngmyers
Copy link

Alternatively, it could configure a default bundle of public CAs.

@lahabana lahabana added triage/pending This issue will be looked at on the next triage meeting and removed triage/accepted The issue was reviewed and is complete enough to start working on it labels Oct 5, 2022
@jakubdyszkiewicz jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Oct 10, 2022
@jakubdyszkiewicz
Copy link
Contributor

Triage: it does not have to be a breaking change. We can introduce a new field like verifyWithSystemBundle: true and document that you need to set this to verify cert against the builtin CA bundle in the system

@lahabana
Copy link
Contributor

Though that would still make the default setup insecure by default no?

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jan 23, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@slonka slonka added triage/pending This issue will be looked at on the next triage meeting and removed triage/stale Inactive for some time. It will be triaged again triage/pending This issue will be looked at on the next triage meeting labels Jan 23, 2023
@lahabana lahabana mentioned this issue Mar 22, 2023
Closed
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Apr 24, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Apr 24, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jul 24, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jul 24, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Oct 23, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Nov 2, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Feb 1, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 1, 2024

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@slonka slonka removed the triage/stale Inactive for some time. It will be triaged again label Feb 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 8, 2024

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label May 8, 2024
@bartsmykla bartsmykla removed the triage/stale Inactive for some time. It will be triaged again label May 14, 2024
@slonka slonka mentioned this issue May 14, 2024
Merged
5 tasks
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Aug 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana
Copy link
Contributor

@slonka do we agree that's no longer the case with MeshExternalService?

@lukidzi lukidzi added triage/pending This issue will be looked at on the next triage meeting and removed triage/stale Inactive for some time. It will be triaged again triage/accepted The issue was reviewed and is complete enough to start working on it labels Aug 19, 2024
@lukidzi
Copy link
Contributor

lukidzi commented Aug 19, 2024

Triage: fixed in MeshExternalService

@lukidzi lukidzi closed this as completed Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/design Design doc or related triage/pending This issue will be looked at on the next triage meeting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@lahabana @johnharris85 @johngmyers @slonka @jakubdyszkiewicz @bartsmykla @lukidzi