Bug 1880373 - The RSA-PSK key-exchange is disabled by default and unsupported by crypto-policies
Summary: The RSA-PSK key-exchange is disabled by default and unsupported by crypto-pol...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: crypto-policies
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Crypto Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-18 11:22 UTC by Björn 'besser82' Esser
Modified: 2020-09-25 17:02 UTC (History)
4 users (show)

Fixed In Version: crypto-policies-20200918-1.git85dccc5.fc33
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-25 17:02:57 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat-crypto/fedora-crypto-policies/-/merge_requests/79 0 None None None 2020-09-18 12:47:24 UTC

Description Björn 'besser82' Esser 2020-09-18 11:22:31 UTC 
Description of problem:

  Disables RSA-PSK key-exchange in OpenSSL, while DHE-PSK is enabled.

  Since both suites are to be considered equal in strength, there is
  no reason to have one of them disabled.


Version-Release number of selected component (if applicable):

  any


How reproducible:

  100%


Steps to Reproduce:

  1. $ openssl ciphers | grep 'RSA-PSK' ---> returns nothing
  2. $ openssl ciphers | grep 'DHE-PSK' ---> returns enabled ciphers


Actual results:

  RSA-PSK based ciphers are disabled.


Expected results:

  RSA-PSK based ciphers should be enabled, as there is no known
  reason to block them.


Additional info:

  RSA-PSK based ciphers have been introduced with OpenSSL 1.1 for TLSv1.3.

  TLSv3 used the following ciphers, which are RSK-PSK based (and thus are
  already white-listed explicitly):
  
  * TLS_AES_256_GCM_SHA384
  * TLS_CHACHA20_POLY1305_SHA256
  * TLS_AES_128_GCM_SHA256
  * TLS_AES_128_CCM_SHA256

  The following RSA-PSK based cipher are disabled for no reason:

  * RSA-PSK-AES256-GCM-SHA384
  * RSA-PSK-CHACHA20-POLY1305
  * RSA-PSK-AES128-GCM-SHA256
  * RSA-PSK-AES256-CBC-SHA
  * RSA-PSK-AES128-CBC-SHA256
  * RSA-PSK-AES128-CBC-SHA

  Enabling them by policy is as  easy as adding `kRSAPSK` to the
  `CipherString` in`opensslcnf.config`.

  This applies to any actively supported Fedora release, as well as
  to RHEL8.  Please consider backporting.
Comment 1 Björn 'besser82' Esser 2020-09-18 12:47:25 UTC 
See: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/79
Comment 2 Tomas Mraz 2020-09-18 13:47:01 UTC 
The reason to not enable RSA-PSK ciphersuites by default is that:
1. they are not used by default
2. they do not actually have an equivalent in TLS-1.3
3. special applications that need them, can enable them by using non-default cipher string
Comment 3 Tomas Mraz 2020-09-18 13:49:28 UTC 
That is I do not think there is any reason to not _support_ RSA-PSK for example via a subpolicy.
Comment 4 Fedora Update System 2020-09-23 15:58:42 UTC 
FEDORA-2020-bb31ea7e2b has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb31ea7e2b
Comment 5 Fedora Update System 2020-09-24 13:32:59 UTC 
FEDORA-2020-bb31ea7e2b has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-bb31ea7e2b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb31ea7e2b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2020-09-25 17:02:57 UTC 
FEDORA-2020-bb31ea7e2b has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.