Bug 1946522

Summary: DTLS1.0 connections are allowed in DEFAULT crypto-policy in openssl [rhel-8]
Product: Red Hat Enterprise Linux 8 Reporter: Hubert Kario <hkario>
Component: crypto-policiesAssignee: Alexander Sosedkin <asosedki>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.3CC: asosedki, cheimes, dbelyavs, omoris, pvrabec, qe-baseos-security, sahana
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20210617-1.gitc776d3e.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1934600 Environment:
Last Closed: 2021-11-09 19:51:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1934600    
Bug Blocks:    

Description Hubert Kario 2021-04-06 10:41:36 UTC 
+++ This bug was initially created as a clone of Bug #1934600 +++

Description of problem:
OpenSSL will allow DTLSv1.0 connections when system is configured with DEFAULT policy. This is in contrast to TLS, where in DEFAULT policy TLS 1.2 is the oldest version supported

Version-Release number of selected component (if applicable):
openssl-1.1.1g-12.el8_3.x86_64

How reproducible:
always

Steps to Reproduce:
1. openssl req -x509 -newkey rsa:2048 -keyout /tmp/key.pem -out /tmp/cert.pem -days 365 -nodes -subj "/CN=localhost"
2. openssl s_server -dtls -key /tmp/key.pem -cert /tmp/cert.pem
3. (separate terminal) openssl s_client -dtls1 -cipher DEFAULT@SECLEVEL=0 -CAfile /tmp/cert.pem

Actual results:
---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1730 bytes and written 451 bytes
Verification: OK
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : DTLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 481A64028477AD9DD40EA9FA483E4B10F0398AFCE30260CE8C34C222F842D68C
    Session-ID-ctx: 
    Master-Key: 29BC1F446B16AEB23BF447AB9879919E47353C7B11F0CDF760F906325A45877D9F79BEF5F10B809C86FC8833695E17E8
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 98 8d 66 52 25 91 71 2f-2a 96 a6 2e ec 3f 36 cf   ..fR%.q/*....?6.
    0010 - fe bd f2 7d 0c 98 9d 14-b1 f0 e1 20 c8 ee 06 ea   ...}....... ....
    0020 - 60 95 5b c1 b0 f1 d4 b3-7a 9f d2 a5 53 30 a7 b1   `.[.....z...S0..
    0030 - b1 e5 87 a7 b4 cb 94 13-d3 64 7d d2 cc 8a 17 56   .........d}....V
    0040 - 84 f9 13 b1 e3 ec 16 01-f8 40 95 8d fa 39 13 69   .........@...9.i
    0050 - ab fd 4d bb 87 b7 8e 3e-2b 1e d2 c5 8f 6d 63 15   ..M....>+....mc.
    0060 - d3 ca 65 25 f4 b6 9d ac-b8 d2 2c 9f 6e f3 b0 51   ..e%......,.n..Q
    0070 - f7 ad c5 66 dc 67 26 1d-ff de 29 4a 76 67 5f a3   ...f.g&...)Jvg_.
    0080 - ec b0 68 0a 60 fc 1c c8-7c a8 ff aa 3d 09 5e 8b   ..h.`...|...=.^.
    0090 - 93 d3 7c b1 30 12 55 7e-fe 44 95 46 fe 97 43 89   ..|.0.U~.D.F..C.

    Start Time: 1614782654
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

Expected results:
connection failure

Additional info:
Comment 10 errata-xmlrpc 2021-11-09 19:51:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4460