1539125 – restrict default cipher suite to those ciphers permitted in fips mode

Bug 1539125 - restrict default cipher suite to those ciphers permitted in fips mode

Summary: restrict default cipher suite to those ciphers permitted in fips mode

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	pki-core
Sub Component:
Version:	7.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Matthew Harmsen
QA Contact:	Asha Akkiangady
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-01-26 18:13 UTC by Matthew Harmsen
Modified:	2020-10-04 21:37 UTC (History)
CC List:	3 users (show)
Fixed In Version:	pki-core-10.5.1-7.el7
Doc Type:	Bug Fix
Doc Text:	Certificate System now uses strong ciphers by default With this update, the list of enabled ciphers has been changed. By default, only strong ciphers, which are compliant with the Federal Information Processing Standard (FIPS), are enabled in Certificate System. RSA ciphers enabled by default: * TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA Note that the TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA ciphers need to be enabled to enable the pkispawn utility to connect to the LDAP server during the installation and configuration. ECC ciphers enabled by default: * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 In addition, the default ranges of the "sslVersionRangeStream" and "sslVersionRangeDatagram" parameters in the `/var/lib/pki/<instance_name>/conf/server.xml` file now use only TLS 1.1 and TLS 1.2 ciphers.
Clone Of:
Environment:
Last Closed:	2018-04-10 17:04:05 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	dogtagpki pki issues 2975	0	None	None	None	2020-10-04 21:37:38 UTC
Red Hat Product Errata	RHBA-2018:0925	0	None	None	None	2018-04-10 17:04:27 UTC

Description Matthew Harmsen 2018-01-26 18:13:56 UTC

Currently, we need to use a two step install and manually modify the cipher set when installing on a machine in FIPS mode.

+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256
Turn off the rest by adding the minus signs (-). For example:
-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_
ECDSA_WITH_3DES_EDE_CBC_SHA

Why not just use FIPS cipher suites by default to begin with?

Comment 3 Matthew Harmsen 2018-02-01 03:59:53 UTC

* master:
```
commit 8f3700681ea2cbcc3dbe0c768dca177051e9a243
Author: Matthew Harmsen <mharmsen>
Date:   Wed Jan 31 17:01:55 2018 -0700

    Enable FIPS ciphers as the new default cipher suites
    
    https://pagure.io/dogtagpki/issue/2855
    
    Change-Id: I968cd0e08f69401cb30ecdbdc86eb1f5049a5f37
```

* DOGTAG_10_5_BRANCH:
```
commit 427edd6d16d7d74bb98bb0cda7c0bf67a4463bb9
Author: Matthew Harmsen <mharmsen>
Date:   Wed Jan 31 17:01:55 2018 -0700

    Enable FIPS ciphers as the new default cipher suites
    
    https://pagure.io/dogtagpki/issue/2855
    
    Change-Id: I968cd0e08f69401cb30ecdbdc86eb1f5049a5f37
    (cherry picked from commit 8f3700681ea2cbcc3dbe0c768dca177051e9a243)
```

Comment 4 Matthew Harmsen 2018-02-01 04:37:10 UTC

The external Wiki has been updated to reflect these changes:
* http://pki.fedoraproject.org/wiki/SSL

Comment 5 Matthew Harmsen 2018-02-01 04:40:55 UTC

Sample Test Procedure to create an RHCS CA RSA Server in FIPS mode:

    Enabling FIPS status:
    
         (1) yum install dracut-fips
         (2) reboot
         (3) press 'e' on the grub config menu to 'edit' the selected kernel
         (4) add "fips=1" to the end of the boot line, or when multiple
             disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
         (5) Ctrl-x to boot with fips mode enabled
    
    # sysctl crypto.fips_enabled
    crypto.fips_enabled = 1
    
    # script -c "pkispawn -s CA -f /root/pki/ca.cfg -vvv" typescript.ca-rsa-fips
    
        where 'ca.cfg' contains:
    
            [DEFAULT]
            pki_admin_password=<password>
            pki_client_pkcs12_password=<password>
            pki_ds_password=<password>
            
            # Optionally keep client databases
            pki_client_database_purge=False
    
    # pki cert-find
    
    Check '<instance>/conf/server.xml':
    
               sslVersionRangeStream="tls1_1:tls1_2"
    
               sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
                                -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                                -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
                                +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,
                                -TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA"
    
        The following default ciphers should be enabled for RSA servers:
    
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA,
            +TLS_RSA_WITH_AES_256_CBC_SHA

Comment 6 Matthew Harmsen 2018-02-01 04:42:15 UTC

Sample Test Procedure to create an RHCS CA ECC Server in FIPS mode:


    Enabling FIPS status:
    
        (1) yum install dracut-fips
        (2) reboot
        (3) press 'e' on the grub config menu to 'edit' the selected kernel
        (4) add "fips=1" to the end of the boot line, or when multiple
            disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
        (5) Ctrl-x to boot with fips mode enabled
    
    # sysctl crypto.fips_enabled
    crypto.fips_enabled = 1
    
    # script -c "pkispawn -s CA -f /root/pki/ca_ecc.cfg -vvv" typescript.ca-ecc-fips
    
        where 'ca_ecc.cfg' contains:
    
            [DEFAULT]
            pki_admin_password=<password>
            pki_client_pkcs12_password=<password>
            pki_ds_password=<password>
            
            # Override default RSA Admin parameters with ECC parameters
            pki_admin_key_algorithm=SHA256withEC
            pki_admin_key_size=nistp256
            pki_admin_key_type=ecc
            
            # Override default RSA SSL Server parameters with ECC parameters
            pki_sslserver_key_algorithm=SHA256withEC
            pki_sslserver_key_size=nistp256
            pki_sslserver_key_type=ecc
            
            # Override default RSA Subsystem parameters with ECC parameters
            pki_subsystem_key_algorithm=SHA256withEC
            pki_subsystem_key_size=nistp256
            pki_subsystem_key_type=ecc
            
            # Optionally keep client databases
            pki_client_database_purge=False
            
            [CA]
            # Override default RSA CA Signing parameters with ECC parameters
            pki_ca_signing_key_algorithm=SHA256withEC
            pki_ca_signing_key_size=nistp256
            pki_ca_signing_key_type=ecc
            pki_ca_signing_signing_algorithm=SHA256withEC
            
            # Override default RSA CA OCSP Signing parameters with ECC parameters
            pki_ocsp_signing_key_algorithm=SHA256withEC
            pki_ocsp_signing_key_size=nistp256
            pki_ocsp_signing_key_type=ecc
            pki_ocsp_signing_signing_algorithm=SHA256withEC
    
    # pki cert-find
    
    Check '<instance>/conf/server.xml':
    
               sslVersionRangeStream="tls1_1:tls1_2"
    
               sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
                                -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                                -TLS_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                                -TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
                                -TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                                -TLS_DHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                                -TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                                +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    
        The following default ciphers should be enabled for ECC servers:
    
            +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
            +TLS_RSA_WITH_AES_256_CBC_SHA,
            +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
            +TLS_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
            +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

Comment 8 Amol K 2018-02-12 15:36:52 UTC

I tested this Bugzilla on the version 10.5.1-7.el7.

I'm able to see the mentioned algorithms are enabled by default in the server.xml file with fips enabled system for RSA.

And for ECC all the mentioned algorithms are enabled by default in the fips enabled system.

Verifying this bug.

Comment 12 errata-xmlrpc 2018-04-10 17:04:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0925

Note You need to log in before you can comment on or make changes to this bug.