Description of problem: In the description of the FUTURE profile in the crypto policy system wide change (https://fedoraproject.org/wiki/Changes/CryptoPolicy), as well as in the FUTURE.pl source file (https://gitlab.com/nmav/fedora-crypto-policies/blob/master/back-ends/profiles/FUTURE.pl#L15), it says that only protocols TLS1.2+ are allowed. However it seems that is not true for OpenSSL. TLS1.1 works just fine with FUTURE applied. Version-Release number of selected component (if applicable): crypto-policies-20160921-4.gitf3018dd.fc25.noarch Steps to Reproduce: 1. On server run: # openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem # echo FUTURE > /etc/crypto-policies/config # update-crypto-policies # openssl s_server -key key.pem -cert cert.pem -accept 8000 -cipher 'PROFILE=SYSTEM' 2. On client run: # openssl s_client -connect server:8000 -tls1_1 Actual results: The client connects. Expected results: The client should not connect.
This is unfortunately a known issue that we are trying to address. Currently the openssl library doesn't provide any knobs for us to use to disable the protocol for multiple applications.
I thought so. Could you document it as a known issue until it's fixed? I didn't see any note about it anywhere.
re-titled for clarity. In short what we need from openssl to provide the strong system-wide defaults are: * Be able to configure protocol version system-wide * Be able to configure limits on RSA/FFDHE algorithms * Be able to configure allowed curves for key exchange
It seems openssl tool even does not honor DEFAULT cipher list by default (openssl-1.1.0g-2.fc28.x86_64). As expected, this fails to connect because DEFAULT does not contain DES-CBC3-SHA required by the server: $ openssl s_client -connect www.halstead.com:443 -cipher DEFAULT But this surprisingly connects: $ openssl s_client -connect www.halstead.com:443 In my opinion these two commands should behave identically.
No, if you explicitly specify DEFAULT, it uses the built-in library default and does not apply crypto policies.
(In reply to Tomas Mraz from comment #5) > No, if you explicitly specify DEFAULT, it uses the built-in library default > and does not apply crypto policies. Right. 3DES-CBC will be removed from the crypto policies on F28 https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
Ok. OpenSSL's DEFAULT and crypto-policy's DEFAULT are two different defaults. I understand. Is DES-CBC3 and 3DES-CBC the same ciphersuite? I don't think. DES has already been excluded from crypto-policy's DEFAULT, yet: $ openssl ciphers | tr ':' "\n" |grep '^DES-CBC3-SHA$' DES-CBC3-SHA and the openssl s_client without explic -cipher arguemnt succeeds. Why?
(In reply to Petr Pisar from comment #7) > Ok. OpenSSL's DEFAULT and crypto-policy's DEFAULT are two different > defaults. I understand. > > Is DES-CBC3 and 3DES-CBC the same ciphersuite? Yes. DES-CBC3 it's openssl's way of saying 3DES-CBC.
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.