Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1566597 - Call SSL_CTX_set_ecdh_auto() in reds_init_ssl() to get ECDH/PFS
Summary: Call SSL_CTX_set_ecdh_auto() in reds_init_ssl() to get ECDH/PFS
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: spice
Version: 7.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Default Assignee for SPICE Bugs
QA Contact: SPICE QE bug list
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-12 15:15 UTC by David Jaša
Modified: 2018-10-30 08:07 UTC (History)
2 users (show)

Fixed In Version: spice-0.14.0-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-10-30 08:07:14 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3068 0 None None None 2018-10-30 08:07:59 UTC

Description David Jaša 2018-04-12 15:15:31 UTC
Description of problem:
spice-server in RHEL as of now lacks ECDH support because openssl 1.0.2 in RHEL doesn't set up ECDH stuff by default and isn't likely to gain that support[1] (unlike more recent 1.1.0[2]). A single call of:
SSL_CTX_set_ecdh_auto(reds->ctx, 1) 
in the same section of code where server cert & key are set is enough to make ECDHE_* cipher suites and thus Perfect Forward Secrecy work without further configuration (unlike standard Diffie-Hellman that needs pre-generated keys).

Given that the ECDH stuff is set automatically from openssl 1.1.0 (also [2]), this change is necessary just in el7, not in upstream (openssl 1.1.0 is almost two years old so regular distributions have had enough time to pick it and gain ECDH/PFS support automatically).

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1565165
[2] https://git.openssl.org/?p=openssl.git;a=blob;f=CHANGES;h=7199f3d1961738a6e8709ba1c8de277b62c0304e;hb=refs/heads/OpenSSL_1_1_0-stable#l871

Version-Release number of selected component (if applicable):
RHEL 7.5 / spice-server-0.14.0-2.el7

How reproducible:

Steps to Reproduce:
1. server:
/usr/libexec/qemu-kvm -monitor stdio -vga qxl -spice tls-port=5800,password=123,x509-dir=/etc/pki/libvirt-spice,tls-ciphers=$(openssl ciphers 'ECDHE:!eNULL:!aNULL')
2. client: remote-viewer [--spice-ca-file FILE] spice://HOST_OR_IP/?tls-port=5800

Actual results:
no cipher overlap (shown in server output)

Expected results:
connection succeeds

Additional info:
Test case alternative: 
step 1: don't change default cipher suites on qemu CLI
step 3: run Wireshark (with capture filter: 'tcp port 5800' and then if you don't see TLS-marked packets, right-click one, choose Decode as → SSL, look into Server Hello message)

actual result: cipher suite without ECDH is used
expected result: cihper suite with ECDH is used

Comment 1 Christophe Fergeau 2018-06-20 16:15:06 UTC
I sent https://lists.freedesktop.org/archives/spice-devel/2018-June/044184.html upstream which is implementing your suggestion.
NB: for cipher-related testing, I find https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html very useful.

Comment 5 errata-xmlrpc 2018-10-30 08:07:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.