LibreOffice Online - TLS crypto & iPad

Lionel Élie Mamane lionel at mamane.lu
Tue Jul 21 05:23:56 UTC 2020 

Hi,

Anybody can explain to me why (at least on an iPad) when using
LibreOffice Online, the browser makes HTTPS connections with
_different_ sets of supported crypto to the loolwsd daemon? Why don't
they all feature the same set of crypto support, and how I can address
that?

In exchange for the explanation, I'll at least try to make a patch
that addresses that (at least by widening the crypto support where it
is more limited, if it is not possible to equalise it everywhere).

Long version:

When using LibreOffice Online (very exactly, Collabora Office
Development Edition) on an iPad, be it through the Safari browser or
in the Nextcloud app, it makes multiple HTTP/TLS/TCP connections to
the loolwsd daemon.

So far, so good. But some of these connections have wider crypto
(ciphers and elliptic curves groups) support than others. Which was
very surprising to me. And which I discovered because my loolwsd is
patched to tighten crypto support to "I want PFS (perfect forward
secrecy), and I want elliptic curves recommended by
https://safecurves.cr.yp.to/", which excludes the NIST (NSA chosen)
curves, so some connections are actually refused by my server. The
user-visible behaviour is that the UI loads (menus, etc) but the
actual document stays blank.

Some of the connections support only TLSv1.2, a set of 22 cipher
suites and secp256r1, secp384r1 and secp521r1 (which are then refused
by my server). Others additionally support TLSv1.3, a set of 26 cipher
suites (among which TLS_AES_*_GCM_SHA* and
TLS_CHACHA20_POLY1305_SHA256) and the x25519 curve, and successfully
connect to my server.

I looked a bit in the source code, and I found in loleaflet what looks
like a pure Javascript implementation of ECDH (supporting only the
NIST/NSA curves...), which suggests that some connections are made
with the whole TLS layer implemented in Javascript (instead of using
the platform TLS libraries and the browser's native support for TLS?),
and others through the browser / platform native support of TLS?

But what I don't understand is:

 - Why this difference, why not use the native TLS for everything?

 - If some connections use a Javascript implementation of TLS, why
   does it give a different result on an iPad than on a GNU/Linux or
   Microsoft Windows machine? If it is all Javascript, they should all
   give the same result on all platforms! Why does LibreOffice online
   work from these other OSes with the same server?

Thanks in advance,

Lionel

More information about the LibreOffice mailing list