Bug 1821875 - Strong crypto settings: phase 2
Summary: Strong crypto settings: phase 2
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: 33
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
Depends On:
Blocks: F33Changes
TreeView+ depends on / blocked
Reported: 2020-04-07 18:32 UTC by Ben Cotton
Modified: 2022-01-07 20:48 UTC (History)
5 users (show)

Fixed In Version: crypto-policies-20200702-2.gitc40cede.fc33
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-10-27 14:47:52 UTC
Type: ---

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1884920 0 unspecified CLOSED Cannot ssh into CentOS 6 using ssh key authentication 2021-05-26 13:04:46 UTC
Red Hat Bugzilla 1892704 0 unspecified CLOSED domains with SHA1 DNSSEC algorithms SERVFAIL in Fedora 33 2021-02-22 00:41:40 UTC

Internal Links: 1892704

Description Ben Cotton 2020-04-07 18:32:13 UTC
This is a tracking bug for Change: Strong crypto settings: phase 2
For more details, see: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

We update the current system-wide crypto policy to further disable legacy cryptographic protocols (TLS 1.0 and TLS 1.1), weak Diffie-Hellman key exchange sizes (1024 bit), and use of the SHA-1 hash in signatures.

Comment 1 Ben Cotton 2020-08-11 13:10:44 UTC
Branching F33 Change Tracker bugs.

Today is the code complete (testable) deadline. All bugs should be at least in MODIFIED state by now to indicate they are testable.

Comment 2 Ben Cotton 2020-10-27 14:47:52 UTC
Closing tracking bugs for F33. If your change didn't make it into F33 for some reason, please reopen this and NEEDINFO me.

Comment 3 Petr Špaček 2020-10-29 14:44:35 UTC
Breakage found after release:
- OpenSSH - connecting to RHEL 6 servers - bug 1884920
- Knot Resolver - DNSSEC validation DNS domains with SHA1 signatures - bug 1892704 (affects fedoraproject.org as well, LOL)

Comment 4 Tomas Mraz 2020-10-29 15:47:29 UTC
The SSH to RHEL-6 is expected and not a bug. However the other is a little bit unexpected as the SHA1 disablement was supposed to be applied only within context of the TLS, SSH, and IKE protocols. It was not supposed to be applied to DNSSec.

Comment 5 Federic 2021-04-05 17:35:41 UTC
Someone seems to have forgotten about ADSL routers with wifi. Their firmware gets updated less frequently and blanket assumption behind this change that all servers will "probably " get updates  to TLS 1.2 is a bit presumptuous. 

Currently Fed33 is unable to connect to a lot of wifi hot spots and the wifi on my router, for example.

more over it is very opaque and appears exactly like an incorrect password to the user and even in dmesg output :


This is incorrect, since it is not the auth credentials which were not valid ! 

Do we need a new bug for this since this one is closed?

Comment 6 Federic 2021-04-05 17:41:11 UTC

"Given the existing deployment of TLS 1.2 on the internet, there should not be significant user experience degradation, although that's a speculation. "

perhaps such sweeping changes should be based on more than speculation.

Comment 7 Дилян Палаузов 2021-07-11 21:05:56 UTC
www.euroclear.com does not load with Firefox 89 on Fedora 34.  As outlined at https://github.com/drwetter/testssl.sh/issues/1929 , the site’s and intermediate certificates use SHA-256 hash, the root uses SHA-1 hash and for self-signed (root) certificates the hash formula shall be irrelevant.  My reading is, that the “Strong Crypto Settings” change disables SHA-1 hashes even for root certificates, but it should not.

Chromium on Fedora 34 does load it, Epiphany does not connect.

Comment 8 Дилян Палаузов 2021-07-12 08:25:29 UTC
Since in the default configuration on Fedora 34 Firefox cannot open https://darikradio.bg/, but Chromium opens it, user will migrate permanently from Firefox to Chrome.

Comment 9 Bas Meijer 2022-01-07 20:48:06 UTC
On Fedora the strongest usable crypto-policy is 'NEXT' until DigiCert updates their CA certificate RSA signature to 3072 bits.
That CA signed https://mirrors.fedoraproject.org with 2048 bits RSA.

Note You need to log in before you can comment on or make changes to this bug.