This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 1076390 - System-wide crypto policy
System-wide crypto policy
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Changes Tracking (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jaroslav Reznik
http://fedoraproject.org//wiki/Change...
ChangeAcceptedF21
: Documentation, ReleaseNotes
Depends On: 1108591 1108597 1109112 1109115 1109119 1127577
Blocks: 1107633
  Show dependency treegraph
 
Reported: 2014-03-14 06:00 EDT by Jaroslav Reznik
Modified: 2016-03-29 07:01 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
<title>Crypto Policy</title> <para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para> <para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para> <para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
Story Points: ---
Clone Of:
: 1107633 (view as bug list)
Environment:
Last Closed: 2014-12-08 10:22:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
sparks: fedora_requires_release_note+


Attachments (Terms of Use)
Proposed Release Notes and Security Guide entry (1.69 KB, patch)
2014-03-24 14:40 EDT, Eric Christensen
sparks: review? (jreznik)
Details | Diff

  None (edit)
Description Jaroslav Reznik 2014-03-14 06:00:22 EDT
This is a tracking bug for Change: System-wide crypto policy
For more details, see: http://fedoraproject.org//wiki/Changes/CryptoPolicy

Unify the crypto policies used by different applications and libraries. That is allow
setting a consistent security level for crypto on all applications in a Fedora system. The implementation approach will be to initially modify SSL libraries to respect the policy and gradually adding more libraries and applications.
Comment 1 Eric Christensen 2014-03-24 13:40:11 EDT
I wrote up something about this already (but can't find it) that can be used in the Release Notes and Security Guide.  As soon as I can lay my hands on it, again, I'll post it for review.
Comment 2 Eric Christensen 2014-03-24 14:40:25 EDT
Created attachment 878145 [details]
Proposed Release Notes and Security Guide entry

This is the text I'd like to use for the Release Notes and Security Guide if it looks good to the feature owner.
Comment 3 Nikos Mavrogiannopoulos 2014-03-25 05:45:07 EDT
Let's not update the release notes and manual yet, as the details are not yet fixed. I expect these to be fixed by the end of next month.
Comment 4 Nikos Mavrogiannopoulos 2014-06-03 07:26:05 EDT
I've updated the proposed text for the release notes.

<title>Crypto Policy</title>

<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems.  Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>

<para>The available options are: (1) LEGACY, which ensures compatibility with legacy systems - 64-bit security, (2) DEFAULT, a reasonable default for today's standards - 80-bit security, and (3) FUTURE, a conservative level that is believed to withstand any near-term future attacks -128-bit security.
These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>

<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
Comment 5 Eric Christensen 2014-06-03 11:58:18 EDT
(In reply to Nikos Mavrogiannopoulos from comment #4)

Awesome, thanks!  I've added it to the Security Beat (https://fedoraproject.org/wiki/Documentation_Security_Beat) and it should be in the Release Notes for F21.
Comment 6 Joe Orton 2014-06-20 04:15:57 EDT
Is there a man page or something shipped in the distro which we can reference for this?   When changing the mod_ssl configuration I want to explain why we don't specify a default and how users determine what policy is used.
Comment 7 Nikos Mavrogiannopoulos 2014-06-20 05:38:13 EDT
There is update-crypto-policies(8) included on the respective package. Let me know if there something that can be improved.

https://git.fedorahosted.org/cgit/crypto-profiles.git/tree/update-crypto-policies.8.txt
Comment 8 Eric Christensen 2014-06-27 09:33:23 EDT
(In reply to Nikos Mavrogiannopoulos from comment #4)

I've added that text to the Security Guide for the F21 release.
Comment 9 Jaroslav Reznik 2014-07-04 06:43:45 EDT
This message is a reminder that Fedora 21 Accepted Changes Freeze Deadline is on 2014-07-08 [1].

At this point, all accepted Changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be so enabled at Change Freeze.

This bug should be set to the MODIFIED state to indicate that it achieved completeness. Status will be provided to FESCo right after the deadline. If, for any reasons, your Change is not in required state, let me know and we will try to find solution. For Changes you decide to cancel/move to the next release, please use the NEW status and set needinfo on me and it will be acted upon. 

In case of any questions, don't hesitate to ask Wrangler (jreznik). Thank you.

[1] https://fedoraproject.org/wiki/Releases/21/Schedule
Comment 10 Jon Ciesla 2014-07-07 08:23:28 EDT
I see this uses OPENSSL but am unsure from the wiki page exactly how to implement this.  If you could guide me I'm more than willing to implement.
Comment 11 Jon Ciesla 2014-07-07 08:24:00 EDT
Ignore previous, wrong BZ, apologies.
Comment 12 Nikos Mavrogiannopoulos 2014-10-01 09:36:34 EDT
The project is substantially testable as of Fedora 21 Alpha TC4.
Comment 13 Nikos Mavrogiannopoulos 2014-10-01 10:16:08 EDT
Adding this dependency for completeness:
https://fedorahosted.org/fpc/ticket/452
Comment 14 Michael Catanzaro 2014-10-19 11:01:55 EDT
glib-networking still uses a custom priority string [1] impacting the entire GNOME stack. We're going to override it in WebKit using our own custom priority string [2]. Suggestions welcome, but I guess the solution is Fedora patches?

[1] https://git.gnome.org/browse/glib-networking/tree/tls/gnutls/gtlsconnection-gnutls.c#n201
[2] https://bugs.webkit.org/show_bug.cgi?id=137859
Comment 15 Nikos Mavrogiannopoulos 2014-10-20 05:28:50 EDT
The plan for Fedora 21 is to convert few packages only and test the results of using a globally set priority string. If that goes well the plan for 22 is to convert as many as possible packages (including glib-networking) to that global settings. There is nothing wrong with filling a bug similar to #1108597 for glib-networking though,, but instructions are limited on the bug report and
the RPM guidelines at https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
are not yet approved.
Comment 16 Loganaden Velvindron 2016-03-26 11:37:24 EDT
What about patches to deprecate SSLv2 and SSLv3 ?
Comment 17 Nikos Mavrogiannopoulos 2016-03-29 07:01:48 EDT
(In reply to Loganaden Velvindron from comment #16)
> What about patches to deprecate SSLv2 and SSLv3 ?

The point of this change is to make such settings configurable so that we don't need any patches to disable algorithms. For application/library-specific patches please contact the maintainers directly.

Note You need to log in before you can comment on or make changes to this bug.