Re: F23 System Wide Change: Disable SSL3 and RC4 by default
- Original Message - From: Jan Kurik jku...@redhat.com To: devel-annou...@lists.fedoraproject.org Sent: Tuesday, April 28, 2015 6:10:37 AM Subject: F23 System Wide Change: Disable SSL3 and RC4 by default = Proposed System Wide Change: Disable SSL3 and RC4 by default = https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4 Change owner(s): Nikos Mavrogiannopoulos n...@redhat.com This change will disable by default the SSL 3.0 protocol and the RC4 cipher in components which use the system wide crypto policy. That is, gnutls and openssl libraries, and all the applications based on them. == Detailed Description == There are serious vulnerabilities known to the SSL 3.0 protocol, since a decade. Recent attacks (e.g., the POODLE issue #1152789) take advantage of them, negating the secrecy offerings of the protocol. The RC4 cipher is also considered cryptographically broken, and new attacks against its secrecy are made known every year (#1207101). Since attacks are only getting better, we should disable these broken protocols and ciphers system wide. == Scope == * Proposal owners: The crypto-policies package has to be updated to accommodate the new policies. * Other developers: Should verify that their package works after the change. That is that their package doesn't require only SSL 3.0, or only the RC4 ciphersuites. If their package requires these options due to design, they should consider contacting upstream to update the software. If that is not possible, or this support is needed to contact legacy servers, they should consider not using the system wide policy, and make that apparent in the package documentation. * Release engineering: This feature doesn't require coordination with release engineering. * Policies and guidelines: The packaging guidelines do not need to be changed. From the Change proposal, Upgrade/Compatibility Impact: After this change, there may be no impact on compatibility after upgrade, if the local network of the user contains servers which only support the removed protocols or ciphers. I suspect this should be updated to note that there IS a clear compatibility change with this feature. Or is this supposed to be stating that upgrades will NOT disable the existing ciphers? Basically, there are two options that we can take for upgrades from F22: 1) Upgrade disables the legacy protocols and users must manually re-enable them if they need to. 2) Upgrade maintains whatever protocols the user had enabled in F22. Personally, I prefer option 1) so that upgraded systems and freshly-installed systems are the same. Either way, this needs to be clearly stated in the Upgrade section of the Change, please. -- Jan Kuřík ___ devel-announce mailing list devel-annou...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F23 System Wide Change: Disable SSL3 and RC4 by default
On Tue, Apr 28, 2015 at 04:51:32PM +0200, Nikos Mavrogiannopoulos wrote: The plan is to allow re-enabling by switching the system to legacy crypto policy. That would work for RC4. For SSL 3.0, since OpenSSL doesn't provide knobs to enable or disable on runtime, that will not be possible. However, according to Tomas Mraz openssl already disables SSL 3.0 in F22, and there were no major issues reported so that would be no issue. Could you please clarify it in the Upgrade/compatibility impact part of the change proposal? The current text is cryptic and having some clear information about this plan will be useful. Thanks, Debarshi pgpSG0s5Y8fB_.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F23 System Wide Change: Disable SSL3 and RC4 by default
On Tue, 2015-04-28 at 06:10 -0400, Jan Kurik wrote: = Proposed System Wide Change: Disable SSL3 and RC4 by default = https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4 Change owner(s): Nikos Mavrogiannopoulos n...@redhat.com This change will disable by default the SSL 3.0 protocol and the RC4 cipher in components which use the system wide crypto policy. That is, gnutls and openssl libraries, and all the applications based on them. == Detailed Description == There are serious vulnerabilities known to the SSL 3.0 protocol, since a decade. Recent attacks (e.g., the POODLE issue #1152789) take advantage of them, negating the secrecy offerings of the protocol. The RC4 cipher is also considered cryptographically broken, and new attacks against its secrecy are made known every year (#1207101). Since attacks are only getting better, we should disable these broken protocols and ciphers system wide. == Scope == * Proposal owners: The crypto-policies package has to be updated to accommodate the new policies. * Other developers: Should verify that their package works after the change. That is that their package doesn't require only SSL 3.0, or only the RC4 ciphersuites. If their package requires these options due to design, they should consider contacting upstream to update the software. If that is not possible, or this support is needed to contact legacy servers, they should consider not using the system wide policy, and make that apparent in the package documentation. * Release engineering: This feature doesn't require coordination with release engineering. * Policies and guidelines: The packaging guidelines do not need to be changed. For clarification: This is only changing the default - SSL 3.0 is still available if specifically enabled? If so, we need to include documentation on enabling it. Bigger question - should we deprecate SSL 3.0 and plan to remove it in F25? (F25 gives people a year to prepare after being notified of deprecation in F23.) We are looking at deprecating and ultimately removing a larger set of ciphers: /* 56-bit DES domestic cipher suites */ TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5 /* export ciphersuites with 1024-bit public key exchange keys */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* export ciphersuites with 512-bit public key exchange keys */ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, Should these ciphers be included in this proposal? -- Jan Kuřík ___ devel-announce mailing list devel-annou...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
F23 System Wide Change: Disable SSL3 and RC4 by default
= Proposed System Wide Change: Disable SSL3 and RC4 by default = https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4 Change owner(s): Nikos Mavrogiannopoulos n...@redhat.com This change will disable by default the SSL 3.0 protocol and the RC4 cipher in components which use the system wide crypto policy. That is, gnutls and openssl libraries, and all the applications based on them. == Detailed Description == There are serious vulnerabilities known to the SSL 3.0 protocol, since a decade. Recent attacks (e.g., the POODLE issue #1152789) take advantage of them, negating the secrecy offerings of the protocol. The RC4 cipher is also considered cryptographically broken, and new attacks against its secrecy are made known every year (#1207101). Since attacks are only getting better, we should disable these broken protocols and ciphers system wide. == Scope == * Proposal owners: The crypto-policies package has to be updated to accommodate the new policies. * Other developers: Should verify that their package works after the change. That is that their package doesn't require only SSL 3.0, or only the RC4 ciphersuites. If their package requires these options due to design, they should consider contacting upstream to update the software. If that is not possible, or this support is needed to contact legacy servers, they should consider not using the system wide policy, and make that apparent in the package documentation. * Release engineering: This feature doesn't require coordination with release engineering. * Policies and guidelines: The packaging guidelines do not need to be changed. -- Jan Kuřík ___ devel-announce mailing list devel-annou...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F23 System Wide Change: Disable SSL3 and RC4 by default
On Tue, 2015-04-28 at 10:15 -0400, Russell Doty wrote: == Scope == * Proposal owners: The crypto-policies package has to be updated to accommodate the new policies. * Other developers: Should verify that their package works after the change. That is that their package doesn't require only SSL 3.0, or only the RC4 ciphersuites. If their package requires these options due to design, they should consider contacting upstream to update the software. If that is not possible, or this support is needed to contact legacy servers, they should consider not using the system wide policy, and make that apparent in the package documentation. * Release engineering: This feature doesn't require coordination with release engineering. * Policies and guidelines: The packaging guidelines do not need to be changed. For clarification: This is only changing the default - SSL 3.0 is still available if specifically enabled? If so, we need to include documentation on enabling it. The plan is to allow re-enabling by switching the system to legacy crypto policy. That would work for RC4. For SSL 3.0, since OpenSSL doesn't provide knobs to enable or disable on runtime, that will not be possible. However, according to Tomas Mraz openssl already disables SSL 3.0 in F22, and there were no major issues reported so that would be no issue. Bigger question - should we deprecate SSL 3.0 and plan to remove it in F25? (F25 gives people a year to prepare after being notified of deprecation in F23.) Do you mean remove from the default settings in F25? I believe due to the high publicity of the various attacks with SSL 3.0 and RC4, administrators are already informed about the need to deprecate the algorithms, so there will not be much benefit postponing that issue for so long. We are looking at deprecating and ultimately removing a larger set of ciphers: /* 56-bit DES domestic cipher suites */ TLS_DHE_RSA_WITH_DES_CBC_SHA, [...] Should these ciphers be included in this proposal? These are not enabled by default so they are not really a concern of that proposal. regards, Nikos -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct