1550786 – Permit additional FIPS ciphers to be enabled by default for RSA and ECC . . .

Bug 1550786 - Permit additional FIPS ciphers to be enabled by default for RSA and ECC . . .

Summary: Permit additional FIPS ciphers to be enabled by default for RSA and ECC . . .

Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	pki-core
Sub Component:
Version:	7.6
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Matthew Harmsen
QA Contact:	Asha Akkiangady
Docs Contact:	Marc Muehlfeld
URL:
Whiteboard:
Keywords:	TestCaseProvided, ZStream
Depends On:
Blocks:	1554055 1554056 1554058 1554727
TreeView+	depends on / blocked

Reported:	2018-03-02 02:23 UTC by Matthew Harmsen
Modified:	2019-05-13 22:01 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit) Certificate System now supports additional strong ciphers by default With this update, the following additional ciphers, which are compliant with the Federal Information Processing Standard (FIPS), are enabled by default in Certificate System: * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_RSA_WITH_AES_256_GCM_SHA384 For a full list of enabled ciphers, enter: # /usr/lib64/nss/unsupported-tools/listsuites \| grep -B1 --no-group-separator "Enabled" If you use a Hardware Security Module (HSM) with Certificate System, see the documentation of the HSM for supported ciphers. Certificate System now supports additional strong ciphers by default With this update, the following additional ciphers, which are compliant with the Federal Information Processing Standard (FIPS), are enabled by default in Certificate System: * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_RSA_WITH_AES_256_GCM_SHA384 For a full list of enabled ciphers, enter: # /usr/lib64/nss/unsupported-tools/listsuites \| grep -B1 --no-group-separator "Enabled" If you use a Hardware Security Module (HSM) with Certificate System, see the documentation of the HSM for supported ciphers.
Clone Of:
Clones:	1554055 1554727 (view as bug list)
Environment:	(edit)
Last Closed:	2018-10-30 11:05:27 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:3195	None	None	None	2018-10-30 11:06 UTC

Description Matthew Harmsen 2018-03-02 02:23:48 UTC

It was determined that the following additional FIPS ciphers should be enabled by default for RSA:

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384

and the following additional FIPS cipher should be enabled by default for ECC:

    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Reference:  Bug 1539125 - restrict default cipher suite to those ciphers permitted in fips mode

Comment 3 Matthew Harmsen 2018-03-05 17:24:11 UTC

(In reply to Matthew Harmsen from comment #0)
> It was determined that the following additional FIPS ciphers should be
> enabled by default for RSA:
> 
>     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
>     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>     TLS_RSA_WITH_AES_256_GCM_SHA384
> 
> and the following additional FIPS ciphers should be enabled by default for
> ECC:
> 
>     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> 
> Reference:  Bug 1539125 - restrict default cipher suite to those ciphers
> permitted in fips mode

Comment 4 Matthew Harmsen 2018-03-11 05:15:46 UTC

As the SHA384 cipher variants are not yet available in JSS, this bug will be altered to ONLY include the following additional ciphers:

* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Separate bugs will be filed for both JSS and NSS to include SHA384 ciphers.

Comment 5 Matthew Harmsen 2018-03-12 22:03:35 UTC

Author: Matthew Harmsen <mharmsen@redhat.com>
Date:   Mon Mar 5 18:33:51 2018 -0700

    Permit additional FIPS ciphers to be enabled by default for RSA . . .
    
    It was determined that the following additional FIPS ciphers should be
    enabled by default for RSA:
    
        * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    
    Reference: dogtagpki Pagure Issue #2855 - restrict default cipher suite to
               those ciphers permitted in fips mode
    
    Fixes: https://pagure.io/dogtagpki/issue/2952
    Change-Id: I0947e8581beb3140e4c07800dd2c6bc9d90a6cd8

Comment 7 Matthew Harmsen 2018-03-14 01:53:06 UTC

Sample Test Procedure to create an RHCS CA RSA Server in FIPS mode:

    Install the latest NSS (e. g. - >= nss-3.34.0-4):

    # rpm -q nss
     nss-3.34.0-4.el7.x86_64

    Enabling FIPS status:
    
         (1) yum install dracut-fips
         (2) reboot
         (3) press 'e' on the grub config menu to 'edit' the selected kernel
         (4) add "fips=1" to the end of the boot line, or when multiple
             disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
         (5) Ctrl-x to boot with fips mode enabled
    
    # sysctl crypto.fips_enabled
    crypto.fips_enabled = 1
    
    # script -c "pkispawn -s CA -f /root/pki/ca.cfg -vvv" typescript.ca-rsa-fips
    
        where 'ca.cfg' contains:
    
            [DEFAULT]
            pki_admin_password=<password>
            pki_client_pkcs12_password=<password>
            pki_ds_password=<password>
    
    # pki cert-find
    
    Check '<instance>/conf/server.xml':
        
               sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
                                -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                                -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
                                +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,
                                -TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" 

        The following default ciphers should be enabled for RSA servers:

            +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA,
            +TLS_RSA_WITH_AES_256_CBC_SHA

Comment 8 Matthew Harmsen 2018-04-25 00:39:03 UTC

Marking MODIFIED; inherited from 7.5.z

Comment 10 Roshni 2018-07-20 20:53:48 UTC

[root@nocp1 ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.5.9
Release     : 1.el7
Architecture: noarch
Install Date: Wed 11 Jul 2018 02:01:35 PM EDT
Group       : System Environment/Daemons
Size        : 2451155
License     : GPLv2
Signature   : RSA/SHA256, Thu 14 Jun 2018 02:28:50 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.9-1.el7.src.rpm
Build Date  : Thu 14 Jun 2018 01:01:34 PM EDT
Build Host  : ppc-015.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

Verification steps explained in https://bugzilla.redhat.com/show_bug.cgi?id=1554727#c8

Comment 12 errata-xmlrpc 2018-10-30 11:05:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3195

Note You need to log in before you can comment on or make changes to this bug.