Bug 1578389

Summary: Unsupported RSA_ ciphers should be removed from the default ciphers list
Product: Red Hat Enterprise Linux 7 Reporter: Asha Akkiangady <aakkiang>
Component: pki-coreAssignee: Christina Fu <cfu>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: high Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.5CC: akahat, cfu, cpelland, lmiksik, mharmsen, msauton
Target Milestone: rcKeywords: TestCaseProvided, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pki-core-10.5.16-2.el7 Doc Type: Bug Fix
Doc Text:
.TLS_RSA_* ciphers are now disabled by default in Certificate System Previously, by default, TLS_RSA_* ciphers were enabled in Certificate System. However, in environments with certain hardware security modules (HSM) in Federal Information Processing Standard (FIPS) mode, these ciphers are not supported. As a consequence, the SSL handshake failed and the connection was not established. This update disables TLS_RSA_* ciphers by default. As a result, connections work with those HSMs in FIPS mode.
 Story Points: ---
Clone Of:
: 1632120 (view as bug list) Environment:
Last Closed: 2019-08-06 13:07:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1632120    

Description Asha Akkiangady 2018-05-15 13:17:18 UTC 
Description of problem:
When RHCS server is running in FIPS mode with a HSM, the TLS negotiation with RSA_ ciphers is failing with an error BAD_RECORD_MAC. RHCS team decided to document those RSA_ ciphers as unsupported. The unsupported RSA_ ciphers should be removed from the default ciphers list.

Version-Release number of selected component (if applicable):
pki-server-10.5.1-11.el7.noarch
pki-ca-10.5.1-11.el7.noarch

How reproducible:


Steps to Reproduce:
The TLS negotiation when contacting the RHCS server is failing with an error “BAD_RECORD_MAC” for the following RSA_ ciphers.
 TLS_RSA_WITH_AES_128_CBC_SHA
 TLS_RSA_WITH_AES_256_CBC_SHA
 TLS_RSA_WITH_AES_128_CBC_SHA256
 TLS_RSA_WITH_AES_256_CBC_SHA256

After the investigation of the issue, the team decision is:
"We can basically say we don't support  RSA_ algorithms in FIPS mode with a HSM.
   - This may be fine because the RSA_ algorithms are deprecated in TLS 1.3 anyway (and currently not preferred in TLS 1.2)."

The above 4 ciphers should be removed from default supported sslRangeCiphers in server.xml.



Actual results:


Expected results:


Additional info:
Comment 4 Christina Fu 2018-08-29 00:49:00 UTC 
In addition, this bug will cover:
* removal of obsolete algorithms from default profiles
* adjustment / addition of profiles that conform to KU / EKU consistency in RFC 5280.
Comment 5 Christina Fu 2018-08-30 22:08:38 UTC 
moved from https://bugzilla.redhat.com/show_bug.cgi?id=1554055#c7
will also address the following issue reported by Alexander Bokovoy (abokovoy) in this bug:
CA's CS.cfg contains the following:
ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withEC,SHA512withEC
which is missing
SHA384withRSA
Comment 6 Christina Fu 2018-08-31 16:21:24 UTC 
Please ignore comments #4 and #5.  They are taken care of in https://bugzilla.redhat.com/show_bug.cgi?id=1554055
Comment 7 Christina Fu 2018-09-01 01:18:40 UTC 
https://review.gerrithub.io/c/dogtagpki/pki/+/424287

commit 04ddc823762b5400f22409bbaceac1a8344708ca (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, ticket-3028-disable-TLS_RSA-ciphers)
Author: Christina Fu <cfu>
Date:   Fri Aug 31 17:08:30 2018 -0700

    Ticket3027 Disable TLS_RSA_* ciphers for HSM in FIPS mode
    
    This patch disables the TLS_RSA_* ciphers by default because they do not work
    with HSMs in FIPS mode.
    ciphers.info is also updated to reflect the changes.
    
    fixes https://pagure.io/dogtagpki/issue/3027
    
    Change-Id: Id720b8697976bb344d6dd8e4471a1bb5403af172
Comment 8 Christina Fu 2018-09-01 01:25:20 UTC 
Test procedure:
setup with one of the HSMs, enable FIPS mode.
Should be able to create an RSA CA and EC CA and other subsystems.

If want to see how the fix was working, could enable one of those TLS_RSA_* ciphers and disable others and see that it doesn't work.
Comment 9 Christina Fu 2018-09-07 21:53:10 UTC 
submitted again due to reversion caused by another bug. info:
https://bugzilla.redhat.com/show_bug.cgi?id=1554055#c13

commit 908514da63dd9364df0f17810d9d41bfb5c596d5 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, ladycfu/ticket-3028-disable-TLS_RSA-ciphers, ticket-3028-disable-TLS_RSA-ciphers)
Author: Christina Fu <cfu>
Date:   Fri Aug 31 17:08:30 2018 -0700

    Ticket3027 Disable TLS_RSA_* ciphers for HSM in FIPS mode
    
    This patch disables the TLS_RSA_* ciphers by default because they do not work
    with HSMs in FIPS mode.
    ciphers.info is also updated to reflect the changes.
    
    fixes https://pagure.io/dogtagpki/issue/3027
    
    Change-Id: Id720b8697976bb344d6dd8e4471a1bb5403af172
Comment 10 Christina Fu 2018-09-07 22:34:46 UTC 
just FYI:
The patch re-submitted is exactly the same as what was submitted in comment #7.
Comment 13 Amol K 2019-06-17 10:22:00 UTC 
I tested this BZ on 10.5.16-2.el7 version.

I enabled TLS_RSA_* algorithms and as expected they are not working.


Marking this Bugzilla as verified.
Comment 15 errata-xmlrpc 2019-08-06 13:07:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2228