Bug 1076390 - System-wide crypto policy
Summary: System-wide crypto policy
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jaroslav Reznik
QA Contact:
URL: http://fedoraproject.org//wiki/Change...
Whiteboard: ChangeAcceptedF21
Depends On: 1108591 1108597 1109112 1109115 1109119 1127577
Blocks: 1107633
TreeView+ depends on / blocked
 
Reported: 2014-03-14 10:00 UTC by Jaroslav Reznik
Modified: 2016-03-29 11:01 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
<title>Crypto Policy</title> <para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para> <para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para> <para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
Clone Of:
: 1107633 (view as bug list)
Environment:
Last Closed: 2014-12-08 15:22:33 UTC
Type: ---
Embargoed:
sparks: fedora_requires_release_note+


Attachments (Terms of Use)
Proposed Release Notes and Security Guide entry (1.69 KB, patch)
2014-03-24 18:40 UTC, Eric Christensen
sparks: review? (jreznik)
Details | Diff

Description Jaroslav Reznik 2014-03-14 10:00:22 UTC
This is a tracking bug for Change: System-wide crypto policy
For more details, see: http://fedoraproject.org//wiki/Changes/CryptoPolicy

Unify the crypto policies used by different applications and libraries. That is allow
setting a consistent security level for crypto on all applications in a Fedora system. The implementation approach will be to initially modify SSL libraries to respect the policy and gradually adding more libraries and applications.

Comment 1 Eric Christensen 2014-03-24 17:40:11 UTC
I wrote up something about this already (but can't find it) that can be used in the Release Notes and Security Guide.  As soon as I can lay my hands on it, again, I'll post it for review.

Comment 2 Eric Christensen 2014-03-24 18:40:25 UTC
Created attachment 878145 [details]
Proposed Release Notes and Security Guide entry

This is the text I'd like to use for the Release Notes and Security Guide if it looks good to the feature owner.

Comment 3 Nikos Mavrogiannopoulos 2014-03-25 09:45:07 UTC
Let's not update the release notes and manual yet, as the details are not yet fixed. I expect these to be fixed by the end of next month.

Comment 4 Nikos Mavrogiannopoulos 2014-06-03 11:26:05 UTC
I've updated the proposed text for the release notes.

<title>Crypto Policy</title>

<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems.  Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>

<para>The available options are: (1) LEGACY, which ensures compatibility with legacy systems - 64-bit security, (2) DEFAULT, a reasonable default for today's standards - 80-bit security, and (3) FUTURE, a conservative level that is believed to withstand any near-term future attacks -128-bit security.
These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>

<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>

Comment 5 Eric Christensen 2014-06-03 15:58:18 UTC
(In reply to Nikos Mavrogiannopoulos from comment #4)

Awesome, thanks!  I've added it to the Security Beat (https://fedoraproject.org/wiki/Documentation_Security_Beat) and it should be in the Release Notes for F21.

Comment 6 Joe Orton 2014-06-20 08:15:57 UTC
Is there a man page or something shipped in the distro which we can reference for this?   When changing the mod_ssl configuration I want to explain why we don't specify a default and how users determine what policy is used.

Comment 7 Nikos Mavrogiannopoulos 2014-06-20 09:38:13 UTC
There is update-crypto-policies(8) included on the respective package. Let me know if there something that can be improved.

https://git.fedorahosted.org/cgit/crypto-profiles.git/tree/update-crypto-policies.8.txt

Comment 8 Eric Christensen 2014-06-27 13:33:23 UTC
(In reply to Nikos Mavrogiannopoulos from comment #4)

I've added that text to the Security Guide for the F21 release.

Comment 9 Jaroslav Reznik 2014-07-04 10:43:45 UTC
This message is a reminder that Fedora 21 Accepted Changes Freeze Deadline is on 2014-07-08 [1].

At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Freeze.

This bug should be set to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon. 

In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you.

[1] https://fedoraproject.org/wiki/Releases/21/Schedule

Comment 10 Gwyn Ciesla 2014-07-07 12:23:28 UTC
I see this uses OPENSSL but am unsure from the wiki page exactly how to implement this.  If you could guide me I'm more than willing to implement.

Comment 11 Gwyn Ciesla 2014-07-07 12:24:00 UTC
Ignore previous, wrong BZ, apologies.

Comment 12 Nikos Mavrogiannopoulos 2014-10-01 13:36:34 UTC
The project is substantially testable as of Fedora 21 Alpha TC4.

Comment 13 Nikos Mavrogiannopoulos 2014-10-01 14:16:08 UTC
Adding this dependency for completeness:
https://fedorahosted.org/fpc/ticket/452

Comment 14 Michael Catanzaro 2014-10-19 15:01:55 UTC
glib-networking still uses a custom priority string [1] impacting the entire GNOME stack. We're going to override it in WebKit using our own custom priority string [2]. Suggestions welcome, but I guess the solution is Fedora patches?

[1] https://git.gnome.org/browse/glib-networking/tree/tls/gnutls/gtlsconnection-gnutls.c#n201
[2] https://bugs.webkit.org/show_bug.cgi?id=137859

Comment 15 Nikos Mavrogiannopoulos 2014-10-20 09:28:50 UTC
The plan for Fedora 21 is to convert few packages only and test the results of using a globally set priority string. If that goes well the plan for 22 is to convert as many as possible packages (including glib-networking) to that global settings. There is nothing wrong with filling a bug similar to #1108597 for glib-networking though,, but instructions are limited on the bug report and
the RPM guidelines at https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
are not yet approved.

Comment 16 Loganaden Velvindron 2016-03-26 15:37:24 UTC
What about patches to deprecate SSLv2 and SSLv3 ?

Comment 17 Nikos Mavrogiannopoulos 2016-03-29 11:01:48 UTC
(In reply to Loganaden Velvindron from comment #16)
> What about patches to deprecate SSLv2 and SSLv3 ?

The point of this change is to make such settings configurable so that we don't need any patches to disable algorithms. For application/library-specific patches please contact the maintainers directly.


Note You need to log in before you can comment on or make changes to this bug.