9:37 a.m.
Hi,
regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 1024-bit parameters which are considered too weak
by this change.
I believe however that we should gather as many data as we can related
to this security update in Fedora28, and decide after F28 beta is
released on whether to back this change off, or to ignore this
breakage. Any data gathered is very useful in planning a future
strengthening. Any objections?
For any issues regarding crypto breakage in F28 please use
https://bugzilla.redhat.com/show_bug.cgi?id=1534532
to report it.
regards,
Nikos
[0].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
9:51 a.m.
I was bitten by this. To workaround the issues in FF and TB, it might
help to change all the "dfe" options in about:config to False, which
might break other sites, but it helped me to access my email again.
Vít
Dne 26.2.2018 v 16:37 Nikos Mavrogiannopoulos napsal(a):
Hi,
regarding the strong crypto change in Fedora28 [0], we have identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 1024-bit parameters which are considered too weak
by this change.
I believe however that we should gather as many data as we can related
to this security update in Fedora28, and decide after F28 beta is
released on whether to back this change off, or to ignore this
breakage. Any data gathered is very useful in planning a future
strengthening. Any objections?
For any issues regarding crypto breakage in F28 please use
https://bugzilla.redhat.com/show_bug.cgi?id=1534532
to report it.
regards,
Nikos
[0].
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
10:26 a.m.
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos
<nmav(a)redhat.com> wrote:
regarding the strong crypto change in Fedora28 [0], we have
identified
few (usually internal) sites which break under firefox or other tools.
The main reason for this breakage is that these sites only support
Diffie-Hellman with 1024-bit parameters which are considered too weak
by this change.
Setting up a unified distro-wide crypto policy was a Good Thing, but we
have to use it responsibly. Unfortunately, I don't think it's practical
for Fedora to increase the minimum required Diffie-Hellman parameter
size to 2048 until either Firefox or Chrome has done so first. Users
are just going to object that they can't use Fedora to access various
important websites, and those important websites will never be fixed so
long as they're only broken for Fedora users. We should consider
ourselves at the mercy of the major browser vendors to implement new
restrictions before we do. It's a shame that major browsers are so
unwilling to break websites, even when it's clearly important for
security, but that's the world we live in. :/
Alternatively, if you want to strengthen the system crypto policy, then
it should not apply to web browsers at all. Or web browsers should
automatically use the weak policy. (We'd need the weak policy in
glib-networking, too.)
Michael
10:40 a.m.
On Mon, Feb 26, 2018 at 10:26 AM, mcatanzaro(a)gnome.org wrote:
Alternatively, if you want to strengthen the system crypto policy,
then it should not apply to web browsers at all. Or web browsers
should automatically use the weak policy. (We'd need the weak policy
in glib-networking, too.)
Reading the change proposal page, I see we have LEGACY, DEFAULT, and
FUTURE policies. We could add a BROWSER policy to matching what
upstream Firefox is doing. That would be mostly stricter than LEGACY,
but weaker than DEFAULT for DH parameter size. Then we would need some
way for applications to override the policy choice at runtime, e.g.
using a GnuTLS priority string of "@BROWSER" rather than "@SYSTEM". I
do understand that's quite different from how you envisioned the system
policy to work....
10:48 a.m.
On 02/26/2018 11:26 AM, mcatanzaro(a)gnome.org wrote:
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos
<nmav(a)redhat.com> wrote:
> regarding the strong crypto change in Fedora28 [0], we have identified
> few (usually internal) sites which break under firefox or other tools.
> The main reason for this breakage is that these sites only support
> Diffie-Hellman with 1024-bit parameters which are considered too weak
> by this change.
Setting up a unified distro-wide crypto policy was a Good Thing, but
we have to use it responsibly. Unfortunately, I don't think it's
practical for Fedora to increase the minimum required Diffie-Hellman
parameter size to 2048 until either Firefox or Chrome has done so
first. Users are just going to object that they can't use Fedora to
access various important websites, and those important websites will
never be fixed so long as they're only broken for Fedora users. We
should consider ourselves at the mercy of the major browser vendors to
implement new restrictions before we do. It's a shame that major
browsers are so unwilling to break websites, even when it's clearly
important for security, but that's the world we live in. :/
Alternatively, if you want to strengthen the system crypto policy,
then it should not apply to web browsers at all. Or web browsers
should automatically use the weak policy. (We'd need the weak policy
in glib-networking, too.)
It seems to me that the middle ground between giving up
and breaking
things might be to throw up a warning, like the unsecure HTTPS warnings
for sites with self-signed certificates. I'd think upstream should be
agreeable to it. Is it hard to do---would it possible by configuring the
browser or would it require new code and patching?
8:51 a.m.
On Mon, 2018-02-26 at 10:26 -0600, mcatanzaro(a)gnome.org wrote:
On Mon, Feb 26, 2018 at 9:37 AM, Nikos Mavrogiannopoulos
<nmav(a)redhat.com> wrote:
> regarding the strong crypto change in Fedora28 [0], we have
> identified
> few (usually internal) sites which break under firefox or other
> tools.
> The main reason for this breakage is that these sites only support
> Diffie-Hellman with 1024-bit parameters which are considered too
> weak
> by this change.
Setting up a unified distro-wide crypto policy was a Good Thing, but
we
have to use it responsibly. Unfortunately, I don't think it's
practical
for Fedora to increase the minimum required Diffie-Hellman parameter
size to 2048 until either Firefox or Chrome has done so first. Users
are just going to object that they can't use Fedora to access
various
important websites, and those important websites will never be fixed
so
long as they're only broken for Fedora users. We should consider
ourselves at the mercy of the major browser vendors to implement new
restrictions before we do. It's a shame that major browsers are so
unwilling to break websites, even when it's clearly important for
security, but that's the world we live in. :/
Alternatively, if you want to strengthen the system crypto policy,
then
it should not apply to web browsers at all. Or web browsers should
automatically use the weak policy. (We'd need the weak policy in
glib-networking, too.)
I agree we need to have the DEFAULT policy be applicable to all
applications, browsers and not (otherwise we end up in reports like
curl and wget don't work while firefox does). It is important though to
gather all data we can from the user reports before reverting, in order
to better understand why that doesn't work, which apps are affected and
better predict when we can make it work.
From the current reports, I believe we have two classes of systems
which cause a problem. (1) systems with implementations which don't
support elliptic curves (that may be rhel5, centos5), and the
administrator set up 1024-bit DH parameters, (2) cisco VPN servers
which are configured to use 1024-bit DH parameters.
regards,
Nikos
10:27 a.m.
On Mon, Feb 26, 2018 at 10:37 AM, Nikos Mavrogiannopoulos <nmav(a)redhat.com>
wrote:
I believe however that we should gather as many data as we can
related
to this security update in Fedora28, and decide after F28 beta is
released on whether to back this change off, or to ignore this
breakage. Any data gathered is very useful in planning a future
strengthening. Any objections?
No objections from me. I wasn't able to get to one internal site, but it
helped encourage our NOC to update the SSL settings on that particular
internal site. That being said, it might be helpful to document how to
upgrade a typical Apache configuration with SSL to support Diffie-Hellman
with 1024-bit parameters.
--
Jared Smith
5:02 p.m.
Does Firefox use the system wide crypto policy? I adjusted
/etc/crypto-policies/config to be set to LEGACY and ran
update-crypto-policies, but Firefox still won't let me access southwest.com:
An error occurred during a connection to southwest.com. SSL received a
weak ephemeral Diffie-Hellman key in Server Key Exchange handshake
message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
5:04 p.m.
On 02/26/2018 06:02 PM, Randy Barlow wrote:
Does Firefox use the system wide crypto policy? I adjusted
/etc/crypto-policies/config to be set to LEGACY and ran
update-crypto-policies, but Firefox still won't let me access southwest.com:
An error occurred during a connection to southwest.com. SSL received a
weak ephemeral Diffie-Hellman key in Server Key Exchange handshake
message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
Nevermind, I just needed to restart Firefox.
2256
days inactive
2257
days old
8 comments
6 participants
participants (6)
-
Jared K. Smith -
mcatanzaro@gnome.org -
Nikos Mavrogiannopoulos -
Przemek Klosowski -
Randy Barlow -
Vít Ondruch