Bug 1335915

Summary: Disable the MD5 as a signing algorithm in NSS library
Product: Red Hat Enterprise Linux 6 Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: nssAssignee: Daiki Ueno <dueno>
Status: CLOSED ERRATA QA Contact: Hubert Kario <hkario>
Severity: unspecified Docs Contact: Mirek Jahoda <mjahoda>
Priority: unspecified    
Version: 6.9CC: dueno, hkario, kengert, qe-baseos-security, rrelyea, szidek, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.27.1-1.el6 Doc Type: Deprecated Functionality
Doc Text:
MD5 as the signing algorithm disabled This change prevents the Network Security Services (NSS) library from using MD5 as the signing algorithm in *TLS*. This change ensures that programs using *NSS* are not vulnerable to attacks such as the SLOTH attack. A system administrator can enable MD5 support by modifying the `/etc/pki/nss-legacy/nss-rhel6.config` policy configuration file to: library= name=Policy NSS=flags=policyOnly,moduleDB config="allow=MD5" Note that an empty line is required at the end of the file.
 Story Points: ---
Clone Of: 1335914
: 1335919 1335920 (view as bug list) Environment:
Last Closed: 2017-03-21 10:26:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1335911, 1343211, 1397979    

Description Nikos Mavrogiannopoulos 2016-05-13 14:23:47 UTC 
RHEL includes several cryptographic components who's security doesn't remain constant over time. Algorithms such as (cryptographic) hashing and encryption typically have a lifetime after which they are considered either too risky to use or plain insecure. That would mean we need to phase out such algorithms from the default settings, or completely disable if they could cause irreparable issue. 

This bug is about disabling the MD5 algorithm from the NSS library, while at the same hand providing a configuration method for MD5 to be allowed when needed.

For future extensibility in RHEL-7 it is recommended for any introduced configuration method to be re-usable for future algorithm or parameter deprecation (e.g., SHA1 or less than 1024-bit RSA/DH parameters), and ideally part of upstream.
Comment 4 Kai Engert (:kaie) (inactive account) 2016-09-30 09:50:52 UTC 
Hubert, do you know the syntax of the NSS_HASH_ALG_SUPPORT variable? If not, I can try to find old emails, where this had been discussed.
Comment 6 Kai Engert (:kaie) (inactive account) 2016-10-10 17:41:56 UTC 
Another clarification question:

Is this about "disable active signing of certificates with algorithms that involve a MD5 hash" ?

Or, is this about "reject any signatures that involve a MD5 hash"?

Or is it about both?


Also, how will we test?

Hubert, do you expect Daiki to test that this works locally, before submitting a build to QE? If yes, do you possibly already have commands that could be used to test it?
Comment 10 Hubert Kario 2016-11-15 15:33:10 UTC 
(In reply to Kai Engert (:kaie) from comment #4)
> Hubert, do you know the syntax of the NSS_HASH_ALG_SUPPORT variable? If not,
> I can try to find old emails, where this had been discussed.

sorry, didn't notice this question before

the syntax is "NSS_HASH_ALG_SUPPORT=+MD5" for allowing support, "NSS_HASH_ALG_SUPPORT=-MD5" explicitly disabling support and "NSS_HASH_ALG_SUPPORT=" for using the default
Comment 17 Hubert Kario 2016-11-23 18:37:22 UTC 
Issue with NSS requiring an empty line at the end of policy file before it is recognised is tracked in bug 1397979.
Comment 22 errata-xmlrpc 2017-03-21 10:26:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2017-0671.html