1902219 – QEMU doesn't honour system crypto policies

Bug 1902219 - QEMU doesn't honour system crypto policies

Summary: QEMU doesn't honour system crypto policies

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	8.4
Assignee:	Danilo de Paula
QA Contact:	liunana
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1902960 1934509
TreeView+	depends on / blocked

Reported:	2020-11-27 12:16 UTC by Daniel Berrangé
Modified:	2021-05-25 06:45 UTC (History)
CC List:	7 users (show)
Fixed In Version:	qemu-kvm-5.2.0-6.module+el8.4.0+9871+53903be9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1902960 (view as bug list)
Environment:
Last Closed:	2021-05-25 06:45:10 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Berrangé 2020-11-27 12:16:31 UTC

Description of problem:

Because the QEMU in RHEL-8 was derived from QEU in RHEL-7, rather than that in Fedora, it inherited the "--tls-priority=NORMAL" arg to configure.

This was used in RHEL-7, because that distro lacks the crypto policies concept.

In RHEL-8, however, it should have been built to use "--tls-priority=@QEMU,SYSTEM" as is done in Fedora.

This would make QEMU use the "@QEMU" crypto policy profile, and if that doesn't exist, then it would use the @SYSTEM crypto policy profile.

The upshot of using "NORMAL" is that QEMU is exposing the GNUTLS defaults which are undesirable because they still allow TLS-1.0 and TLS-1.1

The DEFAULT RHEL8 crypto policies only allow TLS-1.2

To illustrate create some certs for a server and then run:

  /usr/libexec/qemu-kvm -object tls-creds-x509,dir=/root,endpoint=server,id=tls0 -chardev socket,host=localhost,port=9000,tls-creds=tls0,id=char0,server,nowait

Now in another terminal

  wget  http://nmap.org/svn/scripts/ssl-enum-ciphers.nse
  nmap --script ssl-enum-ciphers -p9000 localhost 

In the results you will see TLS-1.0, 1.1 and 1.2.

If /etc/crypto-policies/config is set to DEFAULT, it should only report TLS 1.2

Version-Release number of selected component (if applicable):
qemu-kvm-4.2.0-19.module+el8.2.0+6296+6b821950.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Run QEMU with a chardev using TLS
2. Scan algorithms exposed by QEMU

Actual results:
Includes TLS 1.0 and 1.1

Expected results:
Should honour /etc/crypto-policies/config and only expose TLS_1.2 for "DEFAULT"

Additional info:

Comment 1 Daniel Berrangé 2020-11-27 12:32:24 UTC

To help QE, here's a bit of further explanation about expected behaviour with:

  --tls-priority=@QEMU,SYSTEM

"SYSTEM" refers to the profile defined in /etc/crypto-policies/config, which is "DEFAULT" normally.

It is possible to create a  local override, eg to turn back on TLS-1.1

  # cat /etc/crypto-policies/local.d/gnutls-qemu.config
  QEMU=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-EDDSA-ED448:+CIPHER-ALL:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:+VERS-SSL3.0:-VERS-TLS1.0:+VERS-TLS1.1:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM
  # update-crypto-policies

If QEMU is restarted, it will now honour this custom override and advertize TLS-1.1 and TLS-1.2, instead of the "SYSTEM" settings which only advertize TLS-1.2

Comment 3 Danilo de Paula 2021-02-04 02:57:42 UTC

QA_ACK, please?

Comment 6 liunana 2021-02-04 03:08:57 UTC

(In reply to Danilo Cesar Lemes de Paula from comment #3)
> QA_ACK, please?

Done, thanks.



Best regards
Liu Nana

Comment 10 liunana 2021-02-19 02:12:26 UTC

Test with qemu-kvm-5.2.0-6.module+el8.4.0+9871+53903be9 PASS.

Test environments:
    intel-jacobsville-01.khw1.lab.eng.bos.redhat.com
    qemu-kvm-5.2.0-6.module+el8.4.0+9871+53903be9.x86_64
    kernel-4.18.0-289.el8.x86_64

Test steps:

1. Run QEMU with a chardev using TLS
#/usr/libexec/qemu-kvm -object tls-creds-x509,dir=/etc/pki/qemu/,endpoint=server,id=tls0 -chardev socket,host=localhost,port=9000,tls-creds=tls0,id=char0,server,nowait --monitor stdio

2. Scan algorithms exposed by QEMU
# nmap --script ssl-enum-ciphers -p9000 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-19 02:04 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000064s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
9000/tcp open  cslistener
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_128_CCM (rsa 3072) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CCM (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Key exchange (dh 2048) of lower strength than certificate key
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds

3. additional info:
# cat /etc/crypto-policies/config
DEFAULT


Can we move this bug to VERIFIED with the above test?
Please help to check this, thanks.


Best regards
Liu Nana

Comment 11 Daniel Berrangé 2021-02-19 10:15:13 UTC

(In reply to liunana from comment #10)
> 3. additional info:
> # cat /etc/crypto-policies/config
> DEFAULT
> 
> Can we move this bug to VERIFIED with the above test?

I'd like to see two more scenarios.

 - CHange /etc/crypto-policies/config  to "LEGACY", and use nmap to show that new QEMU honours the change

 - Add a local custom QEMU policy in /etc/crypto-policies/local.d/gnutls-qemu.config, as described in comment #1, and show that QEMU honours this instead of the default crypoto-policies setting.

Comment 12 liunana 2021-02-19 14:23:30 UTC

(In reply to Daniel Berrangé from comment #11)
> (In reply to liunana from comment #10)
> > 3. additional info:
> > # cat /etc/crypto-policies/config
> > DEFAULT
> > 
> > Can we move this bug to VERIFIED with the above test?
> 
> I'd like to see two more scenarios.
> 
>  - CHange /etc/crypto-policies/config  to "LEGACY", and use nmap to show
> that new QEMU honours the change

Steps:
  1). # echo LEGACY > /etc/crypto-policies/config

  2). # update-crypto-policies
Setting system policy to LEGACY
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
 
  3). # nmap --script ssl-enum-ciphers -p9000 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-19 14:15 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000062s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
9000/tcp open  cslistener
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_128_CCM (rsa 3072) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CCM (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Key exchange (dh 2048) of lower strength than certificate key
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.75 seconds

4). # cat /etc/crypto-policies/config
    LEGACY


> 
>  - Add a local custom QEMU policy in
> /etc/crypto-policies/local.d/gnutls-qemu.config, as described in comment #1,
> and show that QEMU honours this instead of the default crypoto-policies
> setting.

Steps:
1). # cat /etc/crypto-policies/local.d/gnutls-qemu.config
QEMU=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-EDDSA-ED448:+CIPHER-ALL:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:+VERS-SSL3.0:-VERS-TLS1.0:+VERS-TLS1.1:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM

2). # update-crypto-policies
Setting system policy to LEGACY
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.

3)# nmap --script ssl-enum-ciphers -p9000 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-19 14:20 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000079s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
9000/tcp open  cslistener
| ssl-enum-ciphers: 
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Key exchange (dh 2048) of lower strength than certificate key
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Key exchange (dh 2048) of lower strength than certificate key
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds

4). # cat /etc/crypto-policies/config
LEGACY


Are those results expected? 
Please help to check this, thanks.



Best regards
Liu Nana

Comment 13 Daniel Berrangé 2021-02-19 19:13:27 UTC

(In reply to liunana from comment #12)
> Steps:
>   1). # echo LEGACY > /etc/crypto-policies/config
> 
>   2). # update-crypto-policies
> Setting system policy to LEGACY
> Note: System-wide crypto policies are applied on application start-up.
> It is recommended to restart the system for the change of policies
> to fully take place.
>  
>   3). # nmap --script ssl-enum-ciphers -p9000 localhost
> Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-19 14:15 EST
> Nmap scan report for localhost (127.0.0.1)
> Host is up (0.000062s latency).
> Other addresses for localhost (not scanned): ::1
> 
> PORT     STATE SERVICE
> 9000/tcp open  cslistener
> | ssl-enum-ciphers: 
> |   TLSv1.2: 
> |     ciphers: 
> |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
> |       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
> |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
> |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
> |       TLS_RSA_WITH_AES_128_CCM (rsa 3072) - A
> |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 3072) - A
> |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
> |       TLS_RSA_WITH_AES_256_CCM (rsa 3072) - A
> |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072) - A
> |     compressors: 
> |       NULL
> |     cipher preference: client
> |     warnings: 
> |       Key exchange (dh 2048) of lower strength than certificate key
> |_  least strength: A
> 
> Nmap done: 1 IP address (1 host up) scanned in 1.75 seconds
> 
> 4). # cat /etc/crypto-policies/config
>     LEGACY

This doesn't look right. QEMU  should offer TLS 1.0, 1.1 and 1.2 when "LEGACY" is set.  When I test it does the right thing, so I suspect you didn't run "update-crypto-policies" after changing to LEGACY.

> >  - Add a local custom QEMU policy in
> > /etc/crypto-policies/local.d/gnutls-qemu.config, as described in comment #1,
> > and show that QEMU honours this instead of the default crypoto-policies
> > setting.
> 
> Steps:
> 1). # cat /etc/crypto-policies/local.d/gnutls-qemu.config
> QEMU=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-
> RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-
> SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-
> EDDSA-ED448:+CIPHER-ALL:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-
> GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:
> +ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:+VERS-SSL3.0:-VERS-TLS1.0:
> +VERS-TLS1.1:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM
> 
> 2). # update-crypto-policies
> Setting system policy to LEGACY
> Note: System-wide crypto policies are applied on application start-up.
> It is recommended to restart the system for the change of policies
> to fully take place.
> 
> 3)# nmap --script ssl-enum-ciphers -p9000 localhost
> Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-19 14:20 EST
> Nmap scan report for localhost (127.0.0.1)
> Host is up (0.000079s latency).
> Other addresses for localhost (not scanned): ::1
> 
> PORT     STATE SERVICE
> 9000/tcp open  cslistener
> | ssl-enum-ciphers: 
> |   TLSv1.1: 
> |     ciphers: 
> |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
> |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
> |     compressors: 
> |       NULL
> |     cipher preference: client
> |     warnings: 
> |       Key exchange (dh 2048) of lower strength than certificate key
> |   TLSv1.2: 
> |     ciphers: 
> |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
> |       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
> |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
> |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
> |     compressors: 
> |       NULL
> |     cipher preference: client
> |     warnings: 
> |       Key exchange (dh 2048) of lower strength than certificate key
> |_  least strength: A
> 
> Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds
> 
> 4). # cat /etc/crypto-policies/config
> LEGACY

This result is good - it shows  TLS1.1 which your custom QEMU policy added.

Comment 14 liunana 2021-02-20 02:13:47 UTC

(In reply to Daniel Berrangé from comment #13)
> (In reply to liunana from comment #12)
> > Steps:
> >   1). # echo LEGACY > /etc/crypto-policies/config
> > 
> >   2). # update-crypto-policies
> > Setting system policy to LEGACY
> > Note: System-wide crypto policies are applied on application start-up.
> > It is recommended to restart the system for the change of policies
> > to fully take place.
> >  
> >   3). # nmap --script ssl-enum-ciphers -p9000 localhost
> > Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-19 14:15 EST
> > Nmap scan report for localhost (127.0.0.1)
> > Host is up (0.000062s latency).
> > Other addresses for localhost (not scanned): ::1
> > 
> > PORT     STATE SERVICE
> > 9000/tcp open  cslistener
> > | ssl-enum-ciphers: 
> > |   TLSv1.2: 
> > |     ciphers: 
> > |       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
> > |       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
> > |       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
> > |       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
> > |       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
> > |       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
> > |       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
> > |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
> > |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
> > |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
> > |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
> > |       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
> > |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
> > |       TLS_RSA_WITH_AES_128_CCM (rsa 3072) - A
> > |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 3072) - A
> > |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
> > |       TLS_RSA_WITH_AES_256_CCM (rsa 3072) - A
> > |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072) - A
> > |     compressors: 
> > |       NULL
> > |     cipher preference: client
> > |     warnings: 
> > |       Key exchange (dh 2048) of lower strength than certificate key
> > |_  least strength: A
> > 
> > Nmap done: 1 IP address (1 host up) scanned in 1.75 seconds
> > 
> > 4). # cat /etc/crypto-policies/config
> >     LEGACY
> 
> This doesn't look right. QEMU  should offer TLS 1.0, 1.1 and 1.2 when
> "LEGACY" is set.  When I test it does the right thing, so I suspect you
> didn't run "update-crypto-policies" after changing to LEGACY.
> 

Sorry, I didn't restart the QEMU after the command "update-crypto-policies".
I can get the expected result after restarting the QEMU.


# nmap --script ssl-enum-ciphers -p9000 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-20 02:09 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000078s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
9000/tcp open  cslistener
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048) - C
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 3072) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_RC4_128_SHA (rsa 3072) - C
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Key exchange (dh 2048) of lower strength than certificate key
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048) - C
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 3072) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_RC4_128_SHA (rsa 3072) - C
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Key exchange (dh 2048) of lower strength than certificate key
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048) - C
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 3072) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_128_CCM (rsa 3072) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_CCM (rsa 3072) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 3072) - A
|       TLS_RSA_WITH_RC4_128_SHA (rsa 3072) - C
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Key exchange (dh 2048) of lower strength than certificate key
|_  least strength: C

Nmap done: 1 IP address (1 host up) scanned in 4.00 seconds




Please help to check, thanks.


Best regards
Liu Nana

Comment 15 Daniel Berrangé 2021-02-22 09:28:00 UTC

This looks good now.

Comment 16 liunana 2021-02-22 09:41:47 UTC

Move to VERIFIED according to comment 12 ~ comment 15.

Comment 18 errata-xmlrpc 2021-05-25 06:45:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:2098

Note You need to log in before you can comment on or make changes to this bug.