Description of problem: Brainpool (long curves only) support for ECC is now enabled in Fedora Bug reference: https://bugzilla.redhat.com/show_bug.cgi?id=2141672 However, we don't want to allow brainpool curves in TLS by default. We want it to be enabled via crypto-policies only. Version-Release number of selected component (if applicable): rawhide Actual results: No config option to enable brainpool curves in TLS via crypto-policies Expected results: Config option to enable brainpool curves in TLS via crypto-policies
What's the openssl config knob for enabling and disabling brainpool usage in TLS?
Groups and SignatureAlgorithms, I think https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
I've started implementing this request in https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/130, to the best of my understanding. Unfortunately, said understanding is rather limited. What I'm fairly sure of: 1. We need to start controlling the `Groups =` directive from crypto-policies 2. and bind `Groups = brainpoolP???r1` to `group = BRAINPOOL-P???R1` in crypto-policies What I'm not sure of at all, but implemented just in case: 3. also bound `brainpoolP???r1_tls13` to it - will we need this one as well when TLS 1.3 brainpool support reaches us? 4. and added `SignatureAlgorithms = ecdsa_brainpoolP???r1_sha???` bound to `ECDSA-BRAINPOOL-P???R1-SHA2-???` - is that needed? Help from OpenSSL-knowlegeable folks will be greatly appreciated.
Turns out it'll need re-doing. brainpoolP???r1_tls13 and ecdsa_brainpoolP???r1_sha??? aren't really recognized by OpenSSL. What's worse, OpenSSL doesn't just ignore invalid values (which'd be sane) or entire directives referring to them (which'd be unfortunate and fragile, but livable with), but instead ignores entire parts of config upon encountering ones. https://github.com/openssl/openssl/issues/20789 has been filed upstream.