Bug 1880373

Summary: The RSA-PSK key-exchange is disabled by default and unsupported by crypto-policies
Product: [Fedora] Fedora Reporter: Björn 'besser82' Esser <besser82>
Component: crypto-policiesAssignee: Red Hat Crypto Team <crypto-team>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: crypto-team, lef, nmavrogi, tmraz
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: crypto-policies-20200918-1.git85dccc5.fc33 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-25 17:02:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Björn 'besser82' Esser 2020-09-18 11:22:31 UTC 
Description of problem:

  Disables RSA-PSK key-exchange in OpenSSL, while DHE-PSK is enabled.

  Since both suites are to be considered equal in strength, there is
  no reason to have one of them disabled.


Version-Release number of selected component (if applicable):

  any


How reproducible:

  100%


Steps to Reproduce:

  1. $ openssl ciphers | grep 'RSA-PSK' ---> returns nothing
  2. $ openssl ciphers | grep 'DHE-PSK' ---> returns enabled ciphers


Actual results:

  RSA-PSK based ciphers are disabled.


Expected results:

  RSA-PSK based ciphers should be enabled, as there is no known
  reason to block them.


Additional info:

  RSA-PSK based ciphers have been introduced with OpenSSL 1.1 for TLSv1.3.

  TLSv3 used the following ciphers, which are RSK-PSK based (and thus are
  already white-listed explicitly):
  
  * TLS_AES_256_GCM_SHA384
  * TLS_CHACHA20_POLY1305_SHA256
  * TLS_AES_128_GCM_SHA256
  * TLS_AES_128_CCM_SHA256

  The following RSA-PSK based cipher are disabled for no reason:

  * RSA-PSK-AES256-GCM-SHA384
  * RSA-PSK-CHACHA20-POLY1305
  * RSA-PSK-AES128-GCM-SHA256
  * RSA-PSK-AES256-CBC-SHA
  * RSA-PSK-AES128-CBC-SHA256
  * RSA-PSK-AES128-CBC-SHA

  Enabling them by policy is as  easy as adding `kRSAPSK` to the
  `CipherString` in`opensslcnf.config`.

  This applies to any actively supported Fedora release, as well as
  to RHEL8.  Please consider backporting.
Comment 1 Björn 'besser82' Esser 2020-09-18 12:47:25 UTC 
See: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/79
Comment 2 Tomas Mraz 2020-09-18 13:47:01 UTC 
The reason to not enable RSA-PSK ciphersuites by default is that:
1. they are not used by default
2. they do not actually have an equivalent in TLS-1.3
3. special applications that need them, can enable them by using non-default cipher string
Comment 3 Tomas Mraz 2020-09-18 13:49:28 UTC 
That is I do not think there is any reason to not _support_ RSA-PSK for example via a subpolicy.
Comment 4 Fedora Update System 2020-09-23 15:58:42 UTC 
FEDORA-2020-bb31ea7e2b has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb31ea7e2b
Comment 5 Fedora Update System 2020-09-24 13:32:59 UTC 
FEDORA-2020-bb31ea7e2b has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-bb31ea7e2b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb31ea7e2b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2020-09-25 17:02:57 UTC 
FEDORA-2020-bb31ea7e2b has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.