1554727 – Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z]

Summary: Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	pki-core
Sub Component:
Version:	7.6
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Matthew Harmsen
QA Contact:	Asha Akkiangady
Docs Contact:
URL:
Whiteboard:
Depends On:	1550786
Blocks:
TreeView+	depends on / blocked

Reported:	2018-03-13 08:57 UTC by Oneata Mircea Teodor
Modified:	2022-07-09 09:38 UTC (History)
CC List:	6 users (show)
Fixed In Version:	pki-core-10.5.1-10.el7
Doc Type:	No Doc Update
Doc Text:	Additional FIPS ciphers as previously documented for https://bugzilla.redhat.com/show_bug.cgi?id=1539125 - restrict default cipher suite to those ciphers permitted in fips mode
Clone Of:	1550786
Environment:
Last Closed:	2018-06-26 16:47:58 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:1979	0	None	None	None	2018-06-26 16:48:27 UTC

Description Oneata Mircea Teodor 2018-03-13 08:57:39 UTC

This bug has been copied from bug #1550786 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 2 Matthew Harmsen 2018-03-14 00:13:48 UTC

commit 7fb0bd0750577bd8c804899ab625799d1fd9ac99 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH)
Author: Matthew Harmsen <mharmsen>
Date:   Mon Mar 5 18:33:51 2018 -0700

    Permit additional FIPS ciphers to be enabled by default for RSA . . .
    
    It was determined that the following additional FIPS ciphers should be
    enabled by default for RSA:
    
        * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    
    Reference: dogtagpki Pagure Issue #2855 - restrict default cipher suite to
               those ciphers permitted in fips mode
    
    Fixes: https://pagure.io/dogtagpki/issue/2952
    Change-Id: I0947e8581beb3140e4c07800dd2c6bc9d90a6cd8
    (cherry picked from commit 7809f40bcd49ad11f0a314cd45979cfdcb55686f)

Comment 3 Matthew Harmsen 2018-03-14 01:53:53 UTC

Sample Test Procedure to create an RHCS CA RSA Server in FIPS mode:

    Install the latest NSS (e. g. - >= nss-3.34.0-4):

    # rpm -q nss
     nss-3.34.0-4.el7.x86_64

    Enabling FIPS status:
    
         (1) yum install dracut-fips
         (2) reboot
         (3) press 'e' on the grub config menu to 'edit' the selected kernel
         (4) add "fips=1" to the end of the boot line, or when multiple
             disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
         (5) Ctrl-x to boot with fips mode enabled
    
    # sysctl crypto.fips_enabled
    crypto.fips_enabled = 1
    
    # script -c "pkispawn -s CA -f /root/pki/ca.cfg -vvv" typescript.ca-rsa-fips
    
        where 'ca.cfg' contains:
    
            [DEFAULT]
            pki_admin_password=<password>
            pki_client_pkcs12_password=<password>
            pki_ds_password=<password>
    
    # pki cert-find
    
    Check '<instance>/conf/server.xml':
        
               sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
                                -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                                -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
                                +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                                -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,
                                -TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" 

        The following default ciphers should be enabled for RSA servers:

            +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA256,
            +TLS_RSA_WITH_AES_256_CBC_SHA256,
            +TLS_RSA_WITH_AES_128_CBC_SHA,
            +TLS_RSA_WITH_AES_256_CBC_SHA

Comment 5 Roshni 2018-04-04 18:22:35 UTC

(In reply to Matthew Harmsen from comment #3)
> Sample Test Procedure to create an RHCS CA RSA Server in FIPS mode:
> 
>     Install the latest NSS (e. g. - >= nss-3.34.0-4):
> 
>     # rpm -q nss
>      nss-3.34.0-4.el7.x86_64
> 
>     Enabling FIPS status:
>     
>          (1) yum install dracut-fips
>          (2) reboot
>          (3) press 'e' on the grub config menu to 'edit' the selected kernel
>          (4) add "fips=1" to the end of the boot line, or when multiple
>              disks/partitions are involved (e. g. - "fips=1 boot=/dev/sda1")
>          (5) Ctrl-x to boot with fips mode enabled
>     
>     # sysctl crypto.fips_enabled
>     crypto.fips_enabled = 1
>     
>     # script -c "pkispawn -s CA -f /root/pki/ca.cfg -vvv"
> typescript.ca-rsa-fips
>     
>         where 'ca.cfg' contains:
>     
>             [DEFAULT]
>             pki_admin_password=<password>
>             pki_client_pkcs12_password=<password>
>             pki_ds_password=<password>
>     
>     # pki cert-find
>     
>     Check '<instance>/conf/server.xml':
>         
>               
> sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>                                
> -TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>                                
> -TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>                                
> -TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>                                
> +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
>                                
> +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>                                
> -TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,
> +TLS_RSA_WITH_AES_256_CBC_SHA256,
>                                
> -TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> +TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" 
> 
>         The following default ciphers should be enabled for RSA servers:
> 
>             +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>             +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>             +TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>             +TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>             +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
>             +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
>             +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
>             +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>             +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
>             +TLS_RSA_WITH_AES_128_CBC_SHA256,
>             +TLS_RSA_WITH_AES_256_CBC_SHA256,
>             +TLS_RSA_WITH_AES_128_CBC_SHA,
>             +TLS_RSA_WITH_AES_256_CBC_SHA

From the above list the following were not enabled by default for an RSA CA server:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Snippet from server.xml

<Connector name="Secure" port="8443" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" connectionTimeout="3000000" keepAliveTimeout="300000" acceptCount="100" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" ocspResponderURL="http://nocp1.idm.lab.eng.rdu2.redhat.com:8080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" ocspMaxCacheEntryDuration="120" ocspTimeout="10" strictCiphers="true" clientAuth="want" sslVersionRangeStream="tls1_1:tls1_2" sslVersionRangeDatagram="tls1_1:tls1_2" sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA" serverCertNickFile="/var/lib/pki/pki-ca-Apr3/conf/serverCertNick.conf" passwordFile="/var/lib/pki/pki-ca-Apr3/ca/conf/CS.cfg" passwordClass="com.netscape.cms.tomcat.NuxwdogPasswordStore" certdbDir="/var/lib/pki/pki-ca-Apr3/alias"/>

Comment 8 Roshni 2018-04-09 17:02:15 UTC

[root@auto-hv-01-guest06 ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.5.1
Release     : 10.el7
Architecture: noarch
Install Date: Mon 09 Apr 2018 09:39:10 AM EDT
Group       : System Environment/Daemons
Size        : 2449044
License     : GPLv2
Signature   : RSA/SHA256, Sun 25 Mar 2018 09:31:41 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-10.el7.src.rpm
Build Date  : Sun 25 Mar 2018 02:56:04 AM EDT
Build Host  : ppc-016.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    +TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    +TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    +TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    +TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    +TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    +TLS_RSA_WITH_AES_128_CBC_SHA256
    +TLS_RSA_WITH_AES_256_CBC_SHA256
    +TLS_RSA_WITH_AES_128_CBC_SHA
    +TLS_RSA_WITH_AES_256_CBC_SHA

All of the above mentioned ciphers are enabled for all pki subsystem instances by default.

Comment 10 errata-xmlrpc 2018-06-26 16:47:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1979

Note You need to log in before you can comment on or make changes to this bug.