Bug 1554056 - JSS: Add support for TLS_*_SHA384 ciphers
Summary: JSS: Add support for TLS_*_SHA384 ciphers
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: jss
Version: 7.6
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Christina Fu
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On: 1550786 1554055
Blocks: 1554058 1596552
TreeView+ depends on / blocked
 
Reported: 2018-03-11 05:24 UTC by Matthew Harmsen
Modified: 2018-10-30 11:01 UTC (History)
6 users (show)

Fixed In Version: jss-4.4.4-3.el7
Doc Type: No Doc Update
Doc Text:
See Doc Text in BZ#1596552.
Clone Of: 1554055
: 1554058 1596552 (view as bug list)
Environment:
Last Closed: 2018-10-30 11:00:36 UTC
Target Upstream Version:


Attachments (Terms of Use)
This patch adds support to TLS_*_SHA384 ciphers (8.38 KB, patch)
2018-06-29 00:49 UTC, Christina Fu
jmagne: review+
Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3188 None None None 2018-10-30 11:01:21 UTC
Mozilla Foundation 1444690 None None None 2018-03-11 06:17:44 UTC

Comment 2 Matthew Harmsen 2018-03-11 05:26:04 UTC
It was determined that certain SHA384 FIPS ciphers should be enabled by default for RSA:

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384

and the following SHA384 FIPS ciphers should be enabled by default for ECC:

    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Reference:  Bug 1554055 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . .

Comment 4 Christina Fu 2018-06-29 00:49:06 UTC
Created attachment 1455410 [details]
This patch adds support to TLS_*_SHA384 ciphers

This patch adds support to TLS_*_SHA384 ciphers.

It also adds an optional test that for specific ciphers in tests/SSLClientAuth.java.

Comment 5 Jack Magne 2018-06-29 01:25:37 UTC
Comment on attachment 1455410 [details]
This patch adds support to TLS_*_SHA384 ciphers

Looks good and everything makes sense. Also there is some new test code.

Comment 6 Christina Fu 2018-06-29 01:30:31 UTC
commit 82f4b9a032f942fdc005e12a408c8e87c9ea0f36 (HEAD -> JSS_4_4_BRANCH)
Author: Christina Fu <cfu@redhat.com>
Date:   Thu Jun 28 17:42:36 2018 -0700

    Ticket #4 Add support for TLS_*_SHA384 ciphers
    
    This patch adds support for TLS_*_SHA384 ciphers.
    
    Fixes https://pagure.io/jss/issue/4

Comment 7 Christina Fu 2018-06-29 01:35:46 UTC
test procedure:

follow instruction in testSpecificCiphers() of
jss/org/mozilla/jss/tests/SSLClientAuth.java

compile and test per instruction in 
jss/README

Comment 10 Amol K 2018-08-17 09:11:11 UTC
I tested this Bugzilla on the version: 10.5.9-5.el7

To test this Bugzilla I followed the steps which I used to verify Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1596769#

It working as expected.

Verifying this Bugzilla

Comment 11 Amol K 2018-08-17 09:12:37 UTC
Steps used to verify this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1596769#c11

Comment 13 errata-xmlrpc 2018-10-30 11:00:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3188


Note You need to log in before you can comment on or make changes to this bug.