Bug 1554727

Summary:	Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z]
Product:	Red Hat Enterprise Linux 7	Reporter:	Oneata Mircea Teodor <toneata>
Component:	pki-core	Assignee:	Matthew Harmsen <mharmsen>
Status:	CLOSED ERRATA	QA Contact:	Asha Akkiangady <aakkiang>
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	7.6	CC:	cfu, edewata, jmagne, mharmsen, msauton, rpattath
Target Milestone:	rc	Keywords:	TestCaseProvided, ZStream
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	pki-core-10.5.1-10.el7	Doc Type:	No Doc Update
Doc Text:	Additional FIPS ciphers as previously documented for https://bugzilla.redhat.com/show_bug.cgi?id=1539125 - restrict default cipher suite to those ciphers permitted in fips mode	Story Points:	---
Clone Of:	1550786	Environment:
Last Closed:	2018-06-26 16:47:58 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1550786
Bug Blocks:

Description Oneata Mircea Teodor 2018-03-13 08:57:39 UTC

This bug has been copied from bug #1550786 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 2 Matthew Harmsen 2018-03-14 00:13:48 UTC

commit 7fb0bd0750577bd8c804899ab625799d1fd9ac99 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH)
Author: Matthew Harmsen <mharmsen>
Date:   Mon Mar 5 18:33:51 2018 -0700

    Permit additional FIPS ciphers to be enabled by default for RSA . . .
    
    It was determined that the following additional FIPS ciphers should be
    enabled by default for RSA:
    
        * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    
    Reference: dogtagpki Pagure Issue #2855 - restrict default cipher suite to
               those ciphers permitted in fips mode
    
    Fixes: https://pagure.io/dogtagpki/issue/2952
    Change-Id: I0947e8581beb3140e4c07800dd2c6bc9d90a6cd8
    (cherry picked from commit 7809f40bcd49ad11f0a314cd45979cfdcb55686f)

Comment 3 Matthew Harmsen 2018-03-14 01:53:53 UTC

Sample Test Procedure to create an RHCS CA RSA Server in FIPS mode:

    Install the latest NSS (e. g. - >= nss-3.34.0-4):

    # rpm -q nss
     nss-3.34.0-4.el7.x86_64

    Enabling FIPS status:
    
         (1) yum install dracut-fips
         (2) reboot
         (3) press 'e' on the grub config menu to 'edit' the selected kernel
         (4) add "fips=1" to the end of the boot line, or when multiple
             disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
         (5) Ctrl-x to boot with fips mode enabled
    
    # sysctl crypto.fips_enabled
    crypto.fips_enabled = 1
    
    # script -c "pkispawn -s CA -f /root/pki/ca.cfg -vvv" typescript.ca-rsa-fips
    
        where 'ca.cfg' contains:
    
            [DEFAULT]
            pki_admin_password=<password>
            pki_client_pkcs12_password=<password>
            pki_ds_password=<password>
    
    # pki cert-find
    
    Check '<instance>/conf/server.xml':
        
               sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
                                -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                                -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
                                +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,
                                -TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" 

        The following default ciphers should be enabled for RSA servers:

            +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA,
            +TLS_RSA_WITH_AES_256_CBC_SHA

Comment 5 Roshni 2018-04-04 18:22:35 UTC

(In reply to Matthew Harmsen from comment #3)
> Sample Test Procedure to create an RHCS CA RSA Server in FIPS mode:
> 
>     Install the latest NSS (e. g. - >= nss-3.34.0-4):
> 
>     # rpm -q nss
>      nss-3.34.0-4.el7.x86_64
> 
>     Enabling FIPS status:
>     
>          (1) yum install dracut-fips
>          (2) reboot
>          (3) press 'e' on the grub config menu to 'edit' the selected kernel
>          (4) add "fips=1" to the end of the boot line, or when multiple
>              disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
>          (5) Ctrl-x to boot with fips mode enabled
>     
>     # sysctl crypto.fips_enabled
>     crypto.fips_enabled = 1
>     
>     # script -c "pkispawn -s CA -f /root/pki/ca.cfg -vvv"
> typescript.ca-rsa-fips
>     
>         where 'ca.cfg' contains:
>     
>             [DEFAULT]
>             pki_admin_password=<password>
>             pki_client_pkcs12_password=<password>
>             pki_ds_password=<password>
>     
>     # pki cert-find
>     
>     Check '<instance>/conf/server.xml':
>         
>               
> sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>                                
> -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>                                
> -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>                                
> -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>                                
> +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
>                                
> +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>                                
> -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,
> +TLS_RSA_WITH_AES_256_CBC_SHA256,
>                                
> -TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> +TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" 
> 
>         The following default ciphers should be enabled for RSA servers:
> 
>             +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>             +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>             +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>             +TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>             +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
>             +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
>             +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
>             +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>             +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
>             +TLS_RSA_WITH_AES_128_CBC_SHA256,
>             +TLS_RSA_WITH_AES_256_CBC_SHA256,
>             +TLS_RSA_WITH_AES_128_CBC_SHA,
>             +TLS_RSA_WITH_AES_256_CBC_SHA

From the above list the following were not enabled by default for an RSA CA server:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Snippet from server.xml

<Connector name="Secure" port="8443" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" connectionTimeout="3000000" keepAliveTimeout="300000" acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://nocp1.idm.lab.eng.rdu2.redhat.com:8080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" ocspMaxCacheEntryDuration="120" ocspTimeout="10" strictCiphers="true" clientAuth="want" sslVersionRangeStream="tls1_1:tls1_2" sslVersionRangeDatagram="tls1_1:tls1_2" sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" serverCertNickFile="/var/lib/pki/pki-ca-Apr3/conf/serverCertNick.conf" passwordFile="/var/lib/pki/pki-ca-Apr3/ca/conf/CS.cfg" passwordClass="com.netscape.cms.tomcat.NuxwdogPasswordStore" certdbDir="/var/lib/pki/pki-ca-Apr3/alias"/>

Comment 8 Roshni 2018-04-09 17:02:15 UTC

[root@auto-hv-01-guest06 ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.5.1
Release     : 10.el7
Architecture: noarch
Install Date: Mon 09 Apr 2018 09:39:10 AM EDT
Group       : System Environment/Daemons
Size        : 2449044
License     : GPLv2
Signature   : RSA/SHA256, Sun 25 Mar 2018 09:31:41 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-10.el7.src.rpm
Build Date  : Sun 25 Mar 2018 02:56:04 AM EDT
Build Host  : ppc-016.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    +TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    +TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    +TLS_RSA_WITH_AES_128_CBC_SHA256
    +TLS_RSA_WITH_AES_256_CBC_SHA256
    +TLS_RSA_WITH_AES_128_CBC_SHA
    +TLS_RSA_WITH_AES_256_CBC_SHA

All of the above mentioned ciphers are enabled for all pki subsystem instances by default.

Comment 10 errata-xmlrpc 2018-06-26 16:47:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1979