Bug 1934600 - DTLS1.0 connections are allowed in DEFAULT crypto-policy [rhel-8]
Summary: DTLS1.0 connections are allowed in DEFAULT crypto-policy [rhel-8]
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssl
Version: 8.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Sahana Prasad
QA Contact: Hubert Kario
Depends On:
Blocks: 1946522
TreeView+ depends on / blocked
Reported: 2021-03-03 14:45 UTC by Hubert Kario
Modified: 2021-11-19 11:41 UTC (History)
3 users (show)

Fixed In Version: openssl-1.1.1k-1.el8
Doc Type: Bug Fix
Doc Text:
Cause: The list of allowed security protocols in OpenSSL was inconsistent, with some levels allowing DTLS1.0 but not allowing TLS 1.1. Consequence: When the system was configured with DEFAULT Crypto Policy, connections that used DTLS1.0 were allowed while connections that used TLS 1.1 were not. Fix: The OpenSSL library was updated to consistently disable DTLS 1.0 where TLS 1.1 was disabled. Result: Connections that attempt to use DTLS 1.0 do not work now in DEFAULT mode, in effect providing consistent security level across all Crypto Policy levels and supported protocols in OpenSSL.
Clone Of:
: 1946522 (view as bug list)
Last Closed: 2021-11-09 19:44:31 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1934595 1 unspecified CLOSED DTLS1.0 connections are allowed in DEFAULT crypto-policy [fedora] 2022-06-17 11:16:46 UTC
Red Hat Issue Tracker CRYPTO-5289 0 None None None 2021-11-09 20:00:36 UTC
Red Hat Product Errata RHSA-2021:4424 0 None None None 2021-11-09 19:45:06 UTC

Internal Links: 1934595

Description Hubert Kario 2021-03-03 14:45:56 UTC
Description of problem:
OpenSSL will allow DTLSv1.0 connections when system is configured with DEFAULT policy. This is in contrast to TLS, where in DEFAULT policy TLS 1.2 is the oldest version supported

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. openssl req -x509 -newkey rsa:2048 -keyout /tmp/key.pem -out /tmp/cert.pem -days 365 -nodes -subj "/CN=localhost"
2. openssl s_server -dtls -key /tmp/key.pem -cert /tmp/cert.pem
3. (separate terminal) openssl s_client -dtls1 -cipher DEFAULT@SECLEVEL=0 -CAfile /tmp/cert.pem

Actual results:
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
SSL handshake has read 1730 bytes and written 451 bytes
Verification: OK
New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : DTLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 481A64028477AD9DD40EA9FA483E4B10F0398AFCE30260CE8C34C222F842D68C
    Master-Key: 29BC1F446B16AEB23BF447AB9879919E47353C7B11F0CDF760F906325A45877D9F79BEF5F10B809C86FC8833695E17E8
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 98 8d 66 52 25 91 71 2f-2a 96 a6 2e ec 3f 36 cf   ..fR%.q/*....?6.
    0010 - fe bd f2 7d 0c 98 9d 14-b1 f0 e1 20 c8 ee 06 ea   ...}....... ....
    0020 - 60 95 5b c1 b0 f1 d4 b3-7a 9f d2 a5 53 30 a7 b1   `.[.....z...S0..
    0030 - b1 e5 87 a7 b4 cb 94 13-d3 64 7d d2 cc 8a 17 56   .........d}....V
    0040 - 84 f9 13 b1 e3 ec 16 01-f8 40 95 8d fa 39 13 69   .........@...9.i
    0050 - ab fd 4d bb 87 b7 8e 3e-2b 1e d2 c5 8f 6d 63 15   ..M....>+....mc.
    0060 - d3 ca 65 25 f4 b6 9d ac-b8 d2 2c 9f 6e f3 b0 51   ..e%......,.n..Q
    0070 - f7 ad c5 66 dc 67 26 1d-ff de 29 4a 76 67 5f a3   ...f.g&...)Jvg_.
    0080 - ec b0 68 0a 60 fc 1c c8-7c a8 ff aa 3d 09 5e 8b   ..h.`...|...=.^.
    0090 - 93 d3 7c b1 30 12 55 7e-fe 44 95 46 fe 97 43 89   ..|.0.U~.D.F..C.

    Start Time: 1614782654
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes

Expected results:
connection failure

Additional info:

Comment 13 errata-xmlrpc 2021-11-09 19:44:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openssl security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.