Re: fedora28 and strong crypto settings
On Mon, 2018-02-26 at 10:26 -0600, mcatanz...@gnome.org wrote: > On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos >wrote: > > regarding the strong crypto change in Fedora28 [0], we have > > identified > > few (usually internal) sites which break under firefox or other > > tools. > > The main reason for this breakage is that these sites only support > > Diffie-Hellman with 1024-bit parameters which are considered too > > weak > > by this change. > > Setting up a unified distro-wide crypto policy was a Good Thing, but > we > have to use it responsibly. Unfortunately, I don't think it's > practical > for Fedora to increase the minimum required Diffie-Hellman parameter > size to 2048 until either Firefox or Chrome has done so first. Users > are just going to object that they can't use Fedora to access > various > important websites, and those important websites will never be fixed > so > long as they're only broken for Fedora users. We should consider > ourselves at the mercy of the major browser vendors to implement new > restrictions before we do. It's a shame that major browsers are so > unwilling to break websites, even when it's clearly important for > security, but that's the world we live in. :/ > > Alternatively, if you want to strengthen the system crypto policy, > then > it should not apply to web browsers at all. Or web browsers should > automatically use the weak policy. (We'd need the weak policy in > glib-networking, too.) I agree we need to have the DEFAULT policy be applicable to all applications, browsers and not (otherwise we end up in reports like curl and wget don't work while firefox does). It is important though to gather all data we can from the user reports before reverting, in order to better understand why that doesn't work, which apps are affected and better predict when we can make it work. From the current reports, I believe we have two classes of systems which cause a problem. (1) systems with implementations which don't support elliptic curves (that may be rhel5, centos5), and the administrator set up 1024-bit DH parameters, (2) cisco VPN servers which are configured to use 1024-bit DH parameters. regards, Nikos ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
On 02/26/2018 06:02 PM, Randy Barlow wrote: > Does Firefox use the system wide crypto policy? I adjusted > /etc/crypto-policies/config to be set to LEGACY and ran > update-crypto-policies, but Firefox still won't let me access southwest.com: > > An error occurred during a connection to southwest.com. SSL received a > weak ephemeral Diffie-Hellman key in Server Key Exchange handshake > message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY Nevermind, I just needed to restart Firefox. signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
Does Firefox use the system wide crypto policy? I adjusted /etc/crypto-policies/config to be set to LEGACY and ran update-crypto-policies, but Firefox still won't let me access southwest.com: An error occurred during a connection to southwest.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
On 02/26/2018 11:26 AM, mcatanz...@gnome.org wrote: On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopouloswrote: regarding the strong crypto change in Fedora28 [0], we have identified few (usually internal) sites which break under firefox or other tools. The main reason for this breakage is that these sites only support Diffie-Hellman with 1024-bit parameters which are considered too weak by this change. Setting up a unified distro-wide crypto policy was a Good Thing, but we have to use it responsibly. Unfortunately, I don't think it's practical for Fedora to increase the minimum required Diffie-Hellman parameter size to 2048 until either Firefox or Chrome has done so first. Users are just going to object that they can't use Fedora to access various important websites, and those important websites will never be fixed so long as they're only broken for Fedora users. We should consider ourselves at the mercy of the major browser vendors to implement new restrictions before we do. It's a shame that major browsers are so unwilling to break websites, even when it's clearly important for security, but that's the world we live in. :/ Alternatively, if you want to strengthen the system crypto policy, then it should not apply to web browsers at all. Or web browsers should automatically use the weak policy. (We'd need the weak policy in glib-networking, too.) It seems to me that the middle ground between giving up and breaking things might be to throw up a warning, like the unsecure HTTPS warnings for sites with self-signed certificates. I'd think upstream should be agreeable to it. Is it hard to do---would it possible by configuring the browser or would it require new code and patching? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
On Mon, Feb 26, 2018 at 10:26 AM, mcatanz...@gnome.org wrote: Alternatively, if you want to strengthen the system crypto policy, then it should not apply to web browsers at all. Or web browsers should automatically use the weak policy. (We'd need the weak policy in glib-networking, too.) Reading the change proposal page, I see we have LEGACY, DEFAULT, and FUTURE policies. We could add a BROWSER policy to matching what upstream Firefox is doing. That would be mostly stricter than LEGACY, but weaker than DEFAULT for DH parameter size. Then we would need some way for applications to override the policy choice at runtime, e.g. using a GnuTLS priority string of "@BROWSER" rather than "@SYSTEM". I do understand that's quite different from how you envisioned the system policy to work ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
On Mon, Feb 26, 2018 at 10:37 AM, Nikos Mavrogiannopouloswrote: > I believe however that we should gather as many data as we can related > to this security update in Fedora28, and decide after F28 beta is > released on whether to back this change off, or to ignore this > breakage. Any data gathered is very useful in planning a future > strengthening. Any objections? > No objections from me. I wasn't able to get to one internal site, but it helped encourage our NOC to update the SSL settings on that particular internal site. That being said, it might be helpful to document how to upgrade a typical Apache configuration with SSL to support Diffie-Hellman with 1024-bit parameters. -- Jared Smith ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopouloswrote: regarding the strong crypto change in Fedora28 [0], we have identified few (usually internal) sites which break under firefox or other tools. The main reason for this breakage is that these sites only support Diffie-Hellman with 1024-bit parameters which are considered too weak by this change. Setting up a unified distro-wide crypto policy was a Good Thing, but we have to use it responsibly. Unfortunately, I don't think it's practical for Fedora to increase the minimum required Diffie-Hellman parameter size to 2048 until either Firefox or Chrome has done so first. Users are just going to object that they can't use Fedora to access various important websites, and those important websites will never be fixed so long as they're only broken for Fedora users. We should consider ourselves at the mercy of the major browser vendors to implement new restrictions before we do. It's a shame that major browsers are so unwilling to break websites, even when it's clearly important for security, but that's the world we live in. :/ Alternatively, if you want to strengthen the system crypto policy, then it should not apply to web browsers at all. Or web browsers should automatically use the weak policy. (We'd need the weak policy in glib-networking, too.) Michael ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Re: fedora28 and strong crypto settings
I was bitten by this. To workaround the issues in FF and TB, it might help to change all the "dfe" options in about:config to False, which might break other sites, but it helped me to access my email again. Vít Dne 26.2.2018 v 16:37 Nikos Mavrogiannopoulos napsal(a): > Hi, > regarding the strong crypto change in Fedora28 [0], we have identified > few (usually internal) sites which break under firefox or other tools. > The main reason for this breakage is that these sites only support > Diffie-Hellman with 1024-bit parameters which are considered too weak > by this change. > > I believe however that we should gather as many data as we can related > to this security update in Fedora28, and decide after F28 beta is > released on whether to back this change off, or to ignore this > breakage. Any data gathered is very useful in planning a future > strengthening. Any objections? > > For any issues regarding crypto breakage in F28 please use > https://bugzilla.redhat.com/show_bug.cgi?id=1534532 > to report it. > > regards, > Nikos > > > [0]. > https://fedoraproject.org/wiki/Changes/StrongCryptoSettings > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org