Re: fedora28 and strong crypto settings

2018-02-27 Thread Nikos Mavrogiannopoulos 
On Mon, 2018-02-26 at 10:26 -0600, mcatanz...@gnome.org wrote:
> On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos 
>  wrote:
> > regarding the strong crypto change in Fedora28 [0], we have
> > identified
> > few (usually internal) sites which break under firefox or other
> > tools.
> > The main reason for this breakage is that these sites only support
> > Diffie-Hellman with 1024-bit parameters which are considered too
> > weak
> > by this change.
> 
> Setting up a unified distro-wide crypto policy was a Good Thing, but
> we 
> have to use it responsibly. Unfortunately, I don't think it's
> practical 
> for Fedora to increase the minimum required Diffie-Hellman parameter 
> size to 2048 until either Firefox or Chrome has done so first. Users 
> are just going to object that they can't use Fedora to access
> various 
> important websites, and those important websites will never be fixed
> so 
> long as they're only broken for Fedora users. We should consider 
> ourselves at the mercy of the major browser vendors to implement new 
> restrictions before we do. It's a shame that major browsers are so 
> unwilling to break websites, even when it's clearly important for 
> security, but that's the world we live in. :/
> 
> Alternatively, if you want to strengthen the system crypto policy,
> then 
> it should not apply to web browsers at all. Or web browsers should 
> automatically use the weak policy. (We'd need the weak policy in 
> glib-networking, too.)

I agree we need to have the DEFAULT policy be applicable to all
applications, browsers and not (otherwise we end up in reports like
curl and wget don't work while firefox does). It is important though to
gather all data we can from the user reports before reverting, in order
to better understand why that doesn't work, which apps are affected and
better predict when we can make it work.

From the current reports, I believe we have two classes of systems
which cause a problem. (1) systems with implementations which don't
support elliptic curves (that may be rhel5, centos5), and the
administrator set up 1024-bit DH parameters, (2) cisco VPN servers
which are configured to use 1024-bit DH parameters.

regards,
Nikos
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread Randy Barlow 
On 02/26/2018 06:02 PM, Randy Barlow wrote:
> Does Firefox use the system wide crypto policy? I adjusted
> /etc/crypto-policies/config to be set to LEGACY and ran
> update-crypto-policies, but Firefox still won't let me access southwest.com:
> 
> An error occurred during a connection to southwest.com. SSL received a
> weak ephemeral Diffie-Hellman key in Server Key Exchange handshake
> message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY

Nevermind, I just needed to restart Firefox.



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread Randy Barlow 
Does Firefox use the system wide crypto policy? I adjusted
/etc/crypto-policies/config to be set to LEGACY and ran
update-crypto-policies, but Firefox still won't let me access southwest.com:

An error occurred during a connection to southwest.com. SSL received a
weak ephemeral Diffie-Hellman key in Server Key Exchange handshake
message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread Przemek Klosowski 

On 02/26/2018 11:26 AM, mcatanz...@gnome.org wrote:
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos 
 wrote:

regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 1024-bit parameters which are considered too weak
by this change.


Setting up a unified distro-wide crypto policy was a Good Thing, but 
we have to use it responsibly. Unfortunately, I don't think it's 
practical for Fedora to increase the minimum required Diffie-Hellman 
parameter size to 2048 until either Firefox or Chrome has done so 
first. Users are just going to object that they can't use Fedora to 
access various important websites, and those important websites will 
never be fixed so long as they're only broken for Fedora users. We 
should consider ourselves at the mercy of the major browser vendors to 
implement new restrictions before we do. It's a shame that major 
browsers are so unwilling to break websites, even when it's clearly 
important for security, but that's the world we live in. :/


Alternatively, if you want to strengthen the system crypto policy, 
then it should not apply to web browsers at all. Or web browsers 
should automatically use the weak policy. (We'd need the weak policy 
in glib-networking, too.) 
It seems to me that the middle ground between giving up and breaking 
things might be to throw up a warning, like the unsecure HTTPS warnings 
for sites with  self-signed certificates. I'd think upstream should be 
agreeable to it. Is it hard to do---would it possible by configuring the 
browser or would it require new code and patching?

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread mcatanzaro 

On Mon, Feb 26, 2018 at 10:26 AM, mcatanz...@gnome.org wrote:
Alternatively, if you want to strengthen the system crypto policy, 
then it should not apply to web browsers at all. Or web browsers 
should automatically use the weak policy. (We'd need the weak policy 
in glib-networking, too.)


Reading the change proposal page, I see we have LEGACY, DEFAULT, and 
FUTURE policies. We could add a BROWSER policy to matching what 
upstream Firefox is doing. That would be mostly stricter than LEGACY, 
but weaker than DEFAULT for DH parameter size. Then we would need some 
way for applications to override the policy choice at runtime, e.g. 
using a GnuTLS priority string of "@BROWSER" rather than "@SYSTEM". I 
do understand that's quite different from how you envisioned the system 
policy to work

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread Jared K. Smith 
On Mon, Feb 26, 2018 at 10:37 AM, Nikos Mavrogiannopoulos 
wrote:

> I believe however that we should gather as many data as we can related
> to this security update in Fedora28, and decide after F28 beta is
> released on whether to back this change off, or to ignore this
> breakage. Any data gathered is very useful in planning a future
> strengthening. Any objections?
>

No objections from me.  I wasn't able to get to one internal site, but it
helped encourage our NOC to update the SSL settings on that particular
internal site.  That being said, it might be helpful to document how to
upgrade a typical Apache configuration with SSL to support Diffie-Hellman
with 1024-bit parameters.

--
Jared Smith
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread mcatanzaro 
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos 
 wrote:

regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 1024-bit parameters which are considered too weak
by this change.


Setting up a unified distro-wide crypto policy was a Good Thing, but we 
have to use it responsibly. Unfortunately, I don't think it's practical 
for Fedora to increase the minimum required Diffie-Hellman parameter 
size to 2048 until either Firefox or Chrome has done so first. Users 
are just going to object that they can't use Fedora to access various 
important websites, and those important websites will never be fixed so 
long as they're only broken for Fedora users. We should consider 
ourselves at the mercy of the major browser vendors to implement new 
restrictions before we do. It's a shame that major browsers are so 
unwilling to break websites, even when it's clearly important for 
security, but that's the world we live in. :/


Alternatively, if you want to strengthen the system crypto policy, then 
it should not apply to web browsers at all. Or web browsers should 
automatically use the weak policy. (We'd need the weak policy in 
glib-networking, too.)


Michael
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: fedora28 and strong crypto settings

2018-02-26 Thread Vít Ondruch 
I was bitten by this. To workaround the issues in FF and TB, it might
help to change all the "dfe" options in about:config to False, which
might break other sites, but it helped me to access my email again.


Vít



Dne 26.2.2018 v 16:37 Nikos Mavrogiannopoulos napsal(a):
> Hi,
>  regarding the strong crypto change in Fedora28 [0], we have identified
> few (usually internal) sites which break under firefox or other tools.
> The main reason for this breakage is that these sites only support
> Diffie-Hellman with 1024-bit parameters which are considered too weak
> by this change.
>
> I believe however that we should gather as many data as we can related
> to this security update in Fedora28, and decide after F28 beta is
> released on whether to back this change off, or to ignore this
> breakage. Any data gathered is very useful in planning a future
> strengthening. Any objections?
>
> For any issues regarding crypto breakage in F28 please use
> https://bugzilla.redhat.com/show_bug.cgi?id=1534532
> to report it.
>
> regards,
> Nikos
>
>
> [0].
> https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org