LibreOffice Online - TLS crypto & iPad

Lionel Élie Mamane <lionel -AT- mamane.lu>

Tue, 21 Jul 2020 07:23:56 +0200

Hi, Anybody can explain to me why (at least on an iPad) when using LibreOffice Online, the browser makes HTTPS connections with _different_ sets of supported crypto to the loolwsd daemon? Why don't they all feature the same set of crypto support, and how I can address that? In exchange for the explanation, I'll at least try to make a patch that addresses that (at least by widening the crypto support where it is more limited, if it is not possible to equalise it everywhere). Long version: When using LibreOffice Online (very exactly, Collabora Office Development Edition) on an iPad, be it through the Safari browser or in the Nextcloud app, it makes multiple HTTP/TLS/TCP connections to the loolwsd daemon. So far, so good. But some of these connections have wider crypto (ciphers and elliptic curves groups) support than others. Which was very surprising to me. And which I discovered because my loolwsd is patched to tighten crypto support to "I want PFS (perfect forward secrecy), and I want elliptic curves recommended by https://safecurves.cr.yp.to/";, which excludes the NIST (NSA chosen) curves, so some connections are actually refused by my server. The user-visible behaviour is that the UI loads (menus, etc) but the actual document stays blank. Some of the connections support only TLSv1.2, a set of 22 cipher suites and secp256r1, secp384r1 and secp521r1 (which are then refused by my server). Others additionally support TLSv1.3, a set of 26 cipher suites (among which TLS_AES_*_GCM_SHA* and TLS_CHACHA20_POLY1305_SHA256) and the x25519 curve, and successfully connect to my server. I looked a bit in the source code, and I found in loleaflet what looks like a pure Javascript implementation of ECDH (supporting only the NIST/NSA curves...), which suggests that some connections are made with the whole TLS layer implemented in Javascript (instead of using the platform TLS libraries and the browser's native support for TLS?), and others through the browser / platform native support of TLS? But what I don't understand is: - Why this difference, why not use the native TLS for everything? - If some connections use a Javascript implementation of TLS, why does it give a different result on an iPad than on a GNU/Linux or Microsoft Windows machine? If it is all Javascript, they should all give the same result on all platforms! Why does LibreOffice online work from these other OSes with the same server? Thanks in advance, Lionel

Context

LibreOffice Online - TLS crypto & iPad · Lionel Élie Mamane

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.