Fedora 33 System-Wide Change proposal: Strong crypto settings: phase 2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

== Summary ==
We update the current system-wide crypto policy to further disable
legacy cryptographic protocols (TLS 1.0 and TLS 1.1), weak
Diffie-Hellman key exchange sizes (1024 bit), and use of the SHA-1
hash in signatures.

== Owner ==
* Name: [[User:tmraz|Tomáš Mráz]]
* Email: <tmraz@xxxxxxxxxx>


== Detailed Description ==

Fedora includes several cryptographic components who's security
doesn't remain constant over time. Algorithms such as (cryptographic)
hashing and encryption typically have a lifetime after which they are
considered either too risky to use or plain insecure. That would mean
we need to phase out such algorithms from the default settings, or
completely disable if they could cause irreparable issue.

While in the past we did not disable algorithms in a consistent way
(different applications utilized different policies), today we have a
system-wide policy followed by a large part of Fedora components. That
allows us to move consistently and deprecate algorithms system-wide.
For rationale see RFC 7457 for a more complete list of attacks taking
advantage of legacy crypto algorithms.

The changes for default policy are:
 * Keep only TLS 1.2 (and TLS 1.3 when available) as enabled protocols
and move the TLS 1.x, x<=1 to legacy level.
 * Require finite field parameters (RSA, Diffie-Hellman) of 2048 and
more in the default settings
 * Disable SHA1 support for use in signatures (X.509 certificates,
TLS, IPSEC handshakes)


That is a policy of:
 LEGACY
  MACs: All HMAC with SHA1 or better + all modern MACs (poly1305 etc)
  Curves: all prime >= 255 bits (including bernstein curves)
  Signature algorithms: SHA-1 hash or better (not RIPEMD)
  Ciphers: all available > 112-bit key, >= 128-bit block (no rc4, but with 3DES)
  key exchange: ECDHE, RSA, DHE
  DH params size: >=1023
  RSA params size: >=1023
  TLS protocols: TLS >= 1.0

 DEFAULT
  MACs: All HMAC with SHA1 or better + all modern MACs (poly1305 etc)
  Curves: all prime >= 255 bits (including bernstein curves)
  Signature algorithms: with SHA-256 hash or better (not DSA)
  Ciphers: >= 128-bit key, >= 128-bit block (aes, chacha20, including aes-cbc)
  key exchange: ECDHE, RSA, DHE
  DH params size: >= 2048
  RSA params size: >= 2048
  TLS protocols: TLS >= 1.2

 FUTURE
  MACs: All HMAC with SHA256 or better + all modern MACs (poly1305 etc)
  Curves: all prime >= 255 bits (including bernstein curves)
  Signature algorithms: SHA-256 hash or better (not DSA)
  Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated
Encryption (AE) ciphers
  key exchange: ECDHE, DHE
  DH params size: >= 3072
  RSA params size: >= 3072
  TLS protocols: TLS >= 1.2


== Benefit to Fedora ==

With this change we protect users from relying on enabled-by-default
weak cryptography, as well as reduce our maintenance cost for future
attacks that rely on weak crypto for exploitation.

Also please note that Firefox is also moving to similar default crypto
settings with the current releases (Firefox 74)
[https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/].

== Scope ==
* Proposal owners:
The policies include in crypto-policies package need to be updated.

* Other developers:
 * Crypto policies are updated to the settings above

* Release engineering: Copied from F28 change - no impact
[https://pagure.io/releng/issue/7235 #7235] (a check of an impact with
Release Engineering is needed)

 * Crypto policies are updated to the settings above
 * OpenSSL, NSS, GnuTLS and all applications covered under the Fedora
Crypto Policies follow the new crypto settings.

* Policies and guidelines:
No changes to packaging or other guidelines is needed.

* Trademark approval: N/A (not needed for this Change)

== Upgrade/compatibility impact ==
It may be that the new settings break software that connects to
servers which utilize weak algorithms. Compatibility can be obtained
by switching the system to legacy policy level as follows.

 update-crypto-policies --set LEGACY


== How To Test ==

Applications which follow the system-wide policy (e.g., curl,wget)
should be tested:
 * whether they can connect to legacy (TLS1.0, TLS1.1) servers when
system is in legacy mode
 * whether the previous connection breaks when system is in default mode
 * whether the system can connect to TLS 1.2 servers when in default,
legacy or future mode.


== User Experience ==
Given the existing deployment of TLS 1.2 on the internet, there should
not be significant user experience degradation, although that's a
speculation.

== Dependencies ==
 * nss
 * gnutls
 * openssl
 * crypto-policies


== Contingency Plan ==
* Contingency mechanism: (What to do?  Who will do it?)
If we notice significant user experience degradation, e.g., due to
many custom servers utilizing legacy protocols, we should consider
postponing or reducing the number of updates in that change. The
change owner will take care of this.
* Contingency deadline: beta freeze

* Blocks release? No

== Documentation ==

None

-- 
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux