Bug 1566597

Summary: Call SSL_CTX_set_ecdh_auto() in reds_init_ssl() to get ECDH/PFS
Product: Red Hat Enterprise Linux 7 Reporter: David Jaša <djasa>
Component: spiceAssignee: Default Assignee for SPICE Bugs <rh-spice-bugs>
Status: CLOSED ERRATA QA Contact: SPICE QE bug list <spice-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: cfergeau, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spice-0.14.0-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 08:07:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Jaša 2018-04-12 15:15:31 UTC 
Description of problem:
spice-server in RHEL as of now lacks ECDH support because openssl 1.0.2 in RHEL doesn't set up ECDH stuff by default and isn't likely to gain that support[1] (unlike more recent 1.1.0[2]). A single call of:
SSL_CTX_set_ecdh_auto(reds->ctx, 1) 
in the same section of code where server cert & key are set is enough to make ECDHE_* cipher suites and thus Perfect Forward Secrecy work without further configuration (unlike standard Diffie-Hellman that needs pre-generated keys).

Given that the ECDH stuff is set automatically from openssl 1.1.0 (also [2]), this change is necessary just in el7, not in upstream (openssl 1.1.0 is almost two years old so regular distributions have had enough time to pick it and gain ECDH/PFS support automatically).

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1565165
[2] https://git.openssl.org/?p=openssl.git;a=blob;f=CHANGES;h=7199f3d1961738a6e8709ba1c8de277b62c0304e;hb=refs/heads/OpenSSL_1_1_0-stable#l871

Version-Release number of selected component (if applicable):
RHEL 7.5 / spice-server-0.14.0-2.el7

How reproducible:
always

Steps to Reproduce:
1. server:
/usr/libexec/qemu-kvm -monitor stdio -vga qxl -spice tls-port=5800,password=123,x509-dir=/etc/pki/libvirt-spice,tls-ciphers=$(openssl ciphers 'ECDHE:!eNULL:!aNULL')
2. client: remote-viewer [--spice-ca-file FILE] spice://HOST_OR_IP/?tls-port=5800
3.

Actual results:
no cipher overlap (shown in server output)

Expected results:
connection succeeds

Additional info:
Test case alternative: 
step 1: don't change default cipher suites on qemu CLI
step 3: run Wireshark (with capture filter: 'tcp port 5800' and then if you don't see TLS-marked packets, right-click one, choose Decode as → SSL, look into Server Hello message)

actual result: cipher suite without ECDH is used
expected result: cihper suite with ECDH is used
Comment 1 Christophe Fergeau 2018-06-20 16:15:06 UTC 
I sent https://lists.freedesktop.org/archives/spice-devel/2018-June/044184.html upstream which is implementing your suggestion.
NB: for cipher-related testing, I find https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html very useful.
Comment 5 errata-xmlrpc 2018-10-30 08:07:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3068