Description of problem: OpenSSL will allow DTLSv1.0 connections when system is configured with DEFAULT policy. This is in contrast to TLS, where in DEFAULT policy TLS 1.2 is the oldest version supported Version-Release number of selected component (if applicable): openssl-1.1.1i-3.fc33.x86_64 How reproducible: always Steps to Reproduce: 1. openssl req -x509 -newkey rsa:2048 -keyout /tmp/key.pem -out /tmp/cert.pem -days 365 -nodes -subj "/CN=localhost" 2. openssl s_server -dtls -key /tmp/key.pem -cert /tmp/cert.pem 3. (separate terminal) openssl s_client -dtls1 -cipher DEFAULT@SECLEVEL=0 -CAfile /tmp/cert.pem Actual results: --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1708 bytes and written 583 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : DTLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: E458F357925A5759B1F9EED6B9B2E9287E83D08DA78F5D7AA957845A74C4E46C Session-ID-ctx: Master-Key: C0AB4CFA6A4B5052D4087270BF8B5D1522DE96DF53D80172B6B2155603A8F77804C9D1E3D6E1F35C5A81584F7891AC88 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 6b 08 37 02 c2 2b 42 b5-f3 5f a4 5e e2 70 47 71 k.7..+B.._.^.pGq 0010 - 8f 96 83 b4 1d 50 8e 0e-40 b7 31 d9 16 31 d3 85 .....P..@.1..1.. 0020 - f2 31 14 13 e8 4d c2 a6-11 19 8c 00 ff 62 66 12 .1...M.......bf. 0030 - d6 e5 76 0b b9 74 c2 3e-0a 0b 00 11 b6 69 b1 85 ..v..t.>.....i.. 0040 - d6 7f 23 86 5d e9 6d b3-85 84 4a d5 d2 80 50 4d ..#.].m...J...PM 0050 - bb a4 a6 8a d4 be ae 20-0c ed e1 73 3e 00 f5 15 ....... ...s>... 0060 - 4f 1c b9 0b 62 26 a7 4b-f6 bd 11 bf b7 22 b0 67 O...b&.K.....".g 0070 - 50 83 bf c3 8b 09 7b 3a-69 34 4c 33 30 1e 04 b5 P.....{:i4L30... 0080 - 6e af f8 63 e9 b7 2a 07-ec c7 bb 21 4a d1 8c 48 n..c..*....!J..H 0090 - 49 f5 a0 48 55 7e 4f 3d-da 9d 49 01 5d d5 96 2c I..HU~O=..I.].., Start Time: 1614782081 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- Expected results: connection failure Additional info:
OpenSSL added support for setting MinProtocol version in DTLS in https://github.com/openssl/openssl/pull/12507/ This was released in OpenSSL version 1.1.1h. crypto-policies needs to align with this change in OpenSSL.
This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle. Changing version to 36.
With openssl-1:3.0.3-1.fc36.x86_64: [root@fedora36 ~]# update-crypto-policies --show DEFAULT [root@fedora36 ~]# openssl req -x509 -newkey rsa:2048 -keyout /tmp/key.pem -out /tmp/cert.pem -days 365 -nodes -subj "/CN=localhost" .......+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+......+............+...+..+.+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..+.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+...+......+.........+..........+..+.+........+.......+.....+...+..........+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- [root@fedora36 ~]# openssl s_server -dtls -key /tmp/key.pem -cert /tmp/cert.pem In a separate terminal: [root@fedora36 ~]# openssl s_client -dtls1 -cipher DEFAULT@SECLEVEL=0 -CAfile /tmp/cert.pem [60/60] CONNECTED(00000003) 40DC81168E7F0000:error:0A00042E:SSL routines:dtls1_read_bytes:tlsv1 alert protocol version:ssl/record/rec_layer_d1.c:613:SSL alert number 70 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 63 bytes and written 298 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : DTLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1655463861 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- Using DTLSv1.2 works: [root@fedora36 ~]# openssl s_client -dtls1_2 -cipher DEFAULT@SECLEVEL=0 -CAfile /tmp/cert.pem [30/60] CONNECTED(00000003) depth=0 CN = localhost verify return:1 --- Certificate chain 0 s:CN = localhost i:CN = localhost a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 17 11:03:17 2022 GMT; NotAfter: Jun 17 11:03:17 2023 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIDCTCCAfGgAwIBAgIUAsLUqQkPzf5HN/C+2akfA4rTsSkwDQYJKoZIhvcNAQEL BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDYxNzExMDMxN1oXDTIzMDYx NzExMDMxN1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA0xUpQFErfM6PMo51uOG1ZQ6QZbNsQ4Mli4XBdQW8zsVc 96qpLIijjDVf8kNB9ZUsh13BFPDOD8KRMD6fp1j+9gFk+NvgNDDTWz4B6AqZx372 fW36dgFYBpj5rT9Xd0EIMldF2Z9ZB6r4eOxDe7JbfUu96vyBdqYSAjBG4hHzEnfv y2Tx89xvuR3a2EosHj9u17MIIpUnAfblKI1poCmqO2hIXjr+vLrkuHaoHMcNqiK+ ygyPAS3I0TPKGGQJjdu3X5Za5wWAuGorwGA3jYiUt5oF8f4PLVu9D9uCiLSaoE+u 99WnzZDqfnfQltygpr2KK5AnjhO0tmHdQ1pxf6L7QQIDAQABo1MwUTAdBgNVHQ4E FgQU5OB8j39uZORaDs66vMh7n2eALl8wHwYDVR0jBBgwFoAU5OB8j39uZORaDs66 vMh7n2eALl8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABkEq JTXae6PzHgTovRXdEWCHqLx1aI/bAMTNoP79N4dachkdebPyIWBbCq66SFzV4KSw wuDR0VwrNUc0XEUQMY4QuG4ewlXVCfupsfTM4oNCHeCTr/vngXaz5N+EOZel3V70 4/70wuoYwLwnH6xy2S8A7Z0bm4SEi0uHMyuM0L8eKvEWZP7vU7lpsmExqLz+hJGa Vk9oDPQqqfxF5VZ69IYi6tsHHB1afG/CovxhoopcjPG3OWFgYCRvac7OuQuLAky1 ajo1ahkw3yKLxTzV/gzh2y3LI4CEIcOCuuaRsiu7n0CwWYHLmtgnrdgqN9xd8rQv NxiqYgTjA0ANsUuoiw== -----END CERTIFICATE----- subject=CN = localhost issuer=CN = localhost --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1724 bytes and written 583 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : DTLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: D2F00170E9532A59F426E50C9A149E534DF87DEC21A60C0AE41AA90EBEC1ADD1 Session-ID-ctx: Master-Key: 86BEB538134EE62CB3DC55B64BB4226B16F12C150B7D194CB44957011704A912C332BF47A7C5DC77F6BD542AA9CB5EEC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 9d 85 a0 08 42 9f b2 16-db 7c db b6 0b 47 15 f0 ....B....|...G.. 0010 - ab f0 3d 26 0d 81 94 b6-48 ba 62 d5 32 29 03 e0 ..=&....H.b.2).. 0020 - 5b 6c 52 04 23 3f 59 ca-23 a2 cd 4b d5 25 1e a6 [lR.#?Y.#..K.%.. 0030 - 26 72 c2 11 7f ec d9 99-9f c0 31 25 ec 31 38 0b &r........1%.18. 0040 - 32 02 2f 15 30 54 ce dc-2e 01 e2 6e 35 f1 32 10 2./.0T.....n5.2. 0050 - 14 72 52 4f 2d b5 aa 30-17 65 29 15 ff 56 72 fd .rRO-..0.e)..Vr. 0060 - 11 b6 f6 ed bd 15 a3 0b-60 fb 89 f1 1e f7 e4 9c ........`....... 0070 - df 6a 03 66 b4 93 53 2d-fa b4 cb cd b8 5e 5a 39 .j.f..S-.....^Z9 0080 - b5 42 d4 9c 32 5f 8f ad-38 e1 71 79 6b 0d d5 cc .B..2_..8.qyk... 0090 - 19 54 9d a9 5e 91 ca 7a-f7 0b 61 7c fc 89 94 32 .T..^..z..a|...2 00a0 - 47 b6 b5 a6 e9 1f bf f1-42 c4 a4 cc 16 ac 47 b3 G.......B.....G. Start Time: 1655463869 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- DONE That's expected: [root@fedora36 ~]# grep DTLS /etc/crypto-policies/back-ends/opensslcnf.config DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2