= Proposed System Wide Change: Strong crypto settings: phase 2 = https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 Owner(s): * Tomáš Mráz <tmraz at redhat dot com> We update the current system-wide crypto policy to further disable legacy cryptographic protocols (TLS 1.0 and TLS 1.1) and weak Diffie-Hellman key exchange sizes (1024 bit) == Detailed description == Fedora includes several cryptographic components who's security doesn't remain constant over time. Algorithms such as (cryptographic) hashing and encryption typically have a lifetime after which they are considered either too risky to use or plain insecure. That would mean we need to phase out such algorithms from the default settings, or completely disable if they could cause irreparable issue. While in the past we did not disable algorithms in a consistent way (different applications utilized different policies), today we have a system-wide policy followed by a large part of Fedora components. That allows us to move consistently and deprecate algorithms system-wide. For rationale see RFC 7457 for a more complete list of attacks taking advantage of legacy crypto algorithms. The changes for default policy are: * Keep only TLS 1.2 (and TLS 1.3 when available) as enabled protocols and move the TLS 1.x, x<=1 to legacy level. * Require finite field parameters (RSA, Diffie-Hellman) of 2048 and more in the default settings That is a policy of: LEGACY MACs: All HMAC with SHA1 or better + all modern MACs (poly1305 etc) Curves: all prime >= 255 bits (including bernstein curves) Signature algorithms: SHA-1 hash or better (not RIPEMD) Ciphers: all available > 112-bit key, >= 128-bit block (no rc4, but with 3DES) key exchange: ECDHE, RSA, DHE DH params size: >=1023 RSA params size: >=1023 TLS protocols: TLS >= 1.0 DEFAULT MACs: All HMAC with SHA1 or better + all modern MACs (poly1305 etc) Curves: all prime >= 255 bits (including bernstein curves) Signature algorithms: with SHA-1 hash or better (not DSA) Ciphers: >= 128-bit key, >= 128-bit block (aes, camellia, chacha20, including aes-cbc) key exchange: ECDHE, RSA, DHE DH params size: >= 2048 RSA params size: >= 2048 TLS protocols: TLS >= 1.2 FUTURE MACs: All HMAC with SHA256 or better + all modern MACs (poly1305 etc) Curves: all prime >= 384 bits (including bernstein curves) Signature algorithms: SHA-384 hash or better (not DSA) Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers key exchange: ECDHE, DHE DH params size: >= 3072 RSA params size: >= 3072 TLS protocols: TLS >= 1.2 == Scope == * Proposal owners: The policies include in crypto-policies package need to be updated. * Other developers: * Crypto policies are updated to the settings above * https://bugzilla.redhat.com/show_bug.cgi?id=1487607 OpenSSL is updated to allow setting policies for TLS versions * Release engineering: Copied from F28 change - no impact https://pagure.io/releng/issue/7235 #7235 ** List of deliverables: * Crypto policies are updated to the settings above * OpenSSL, NSS, GnuTLS and all applications covered under the Fedora Crypto Policies follow the new crypto settings. * Policies and guidelines: No changes to packaging or other guidelines is needed. * Trademark approval: N/A (not needed for this Change) -- Jan Kuřík JBoss EAP Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/B4YAC3KZOJUT4V6B3EVYZIDKHELU5NRA/
