Bug 1618371

Summary: mod_ssl does not honor minimum TLS protocol defined in system crypto policy
Product: [Fedora] Fedora Reporter: Rob Crittenden <rcritten>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 29CC: anon.amish, jkaluza, jorton, luhliari, pahan, rcritten, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: httpd-2.4.34-7.fc29 httpd-2.4.34-8.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-02 19:28:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1638738    
Attachments:
Description Flags
Proposed patch none

Description Rob Crittenden 2018-08-16 13:47:58 UTC 
Description of problem:

System-wide crypto policy can define the minimum supported TLS version in /etc/crypto-policies/back-ends/opensslcnf.config. 

mod_ssl defaults to SSL_PROTOCOL_DEFAULT, a compile-time value, if SSLProtocol is not set in configuration.

Version-Release number of selected component (if applicable):

mod_ssl-2.4.34-3.fc29.x86_64

How reproducible:

Every time

Steps to Reproduce:
1. comment out SSLProtocol in /etc/httpd/conf.d/ssl.conf
2. set MinProtocol to TLSv1.2 in /etc/crypto-policies/back-ends/opensslcnf.config
3. restart httpd
4. openssl s_client-connect `hostname`:443 -tls1

Actual results:

New, TLSv1.0, Cipher is <something>

Expected results:

140541271521088:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:ssl/record/rec_layer_s3.c:1523:SSL alert number 70
Comment 1 Rob Crittenden 2018-08-21 14:22:38 UTC 
Created attachment 1477558 [details]
Proposed patch
Comment 2 Rob Crittenden 2018-09-05 12:19:17 UTC 
Would it be better to submit this to upstream Apache? It seems rather Fedora-specific.
Comment 3 Luboš Uhliarik 2018-09-05 15:28:35 UTC 
Hi Rob,

for me, it seems like it should be fixed upstream, if httpd want use openssl's configuration instead of build-in compile-time constant. We definitely don't wanna maintain downstream patches, if it is not necessary.

Do you want to report it to upstream by yourself, or I should take care of it?
Comment 4 Rob Crittenden 2018-09-05 19:07:27 UTC 
I'm not at all familiar with submitting to the Apache upstream so if you can do it I'd very much appreciate it.
Comment 5 Rob Crittenden 2018-09-12 15:00:54 UTC 
If you have filed the upstream bug can you point a link to it here?

It occurred to me that this may not be applicable upstream if there isn't a common way to handle systemwide defaults like there is in Fedora. This is similar to the cipher default patch carried by Fedora, httpd-2.4.33-sslciphdefault.patch
Comment 6 Joe Orton 2018-09-12 15:05:01 UTC 
I think probably we should patch this downstream.  I'll look at this once I've finished going through other TLSv1.3 issues - probably not till next week Rob sorry.
Comment 7 Joe Orton 2018-09-21 12:07:48 UTC 
Commit: http://pkgs.fedoraproject.org/rpms/httpd/c/86433978a1e5820ebe5ece19a64cebf77053910b
Comment 8 Joe Orton 2018-09-21 12:11:39 UTC 
It doesn't seem reasonable to push this upstream since AFAICT the desired behaviour is Fedora-specific and tied to the "system-cipherlist" patch in OpenSSL.

Thanks for the report & patch, Rob.  I pushed this with one minor change to add TRACE3 logging for the special case here.

Next up is bug 1623165 but I think we can/should now comment-out SSLProtocol in the default ssl.conf too.
Comment 9 Tomas Mraz 2018-09-21 12:17:42 UTC 
Actually it is not tied to system-cipherlist patch at all. The minimum protocol version is set up in the default openssl config file. Which is modified from what upstream ships but it is just the openssl config file modification and nothing else.
Comment 10 Joe Orton 2018-09-21 12:22:49 UTC 
Tomas, I'm only testing on F28 but from strace I don't see httpd reading any  OpenSSL config other than /etc/crypto-policies/back-ends/openssl.config - is there any other way the default protocol selection is configurable in OpenSSL?
Comment 11 Joe Orton 2018-09-21 12:47:20 UTC 
Package: httpd-2.4.34-7.fc29
Comment 12 Tomas Mraz 2018-09-21 12:49:08 UTC 
This is openssl-1.1.1 feature so F29 and newer only.
Comment 13 Fedora Update System 2018-09-26 11:44:11 UTC 
httpd-2.4.34-8.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7f2a17fb92
Comment 14 Fedora Update System 2018-10-02 19:28:51 UTC 
httpd-2.4.34-8.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.