F23 System Wide Change: Disable SSL3 and RC4 by default

Russell Doty rdoty at redhat.com
Tue Apr 28 14:15:27 UTC 2015 

On Tue, 2015-04-28 at 06:10 -0400, Jan Kurik wrote:
> = Proposed System Wide Change: Disable SSL3 and RC4 by default =
> https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4
> 
> Change owner(s): Nikos Mavrogiannopoulos <nmav at redhat.com>
> 
> This change will disable by default the SSL 3.0 protocol and the RC4 cipher in components which use the system wide crypto policy. That is, gnutls and openssl libraries, and all the applications based on them. 
> 
> == Detailed Description ==
> There are serious vulnerabilities known to the SSL 3.0 protocol, since a decade. Recent attacks (e.g., the POODLE issue #1152789) take advantage of them, negating the secrecy offerings of the protocol. The RC4 cipher is also considered cryptographically broken, and new attacks against its secrecy are made known every year (#1207101). Since attacks are only getting better, we should disable these broken protocols and ciphers system wide. 
> 
> == Scope ==
> * Proposal owners: The crypto-policies package has to be updated to accommodate the new policies.
> * Other developers: Should verify that their package works after the change. That is that their package doesn't require only SSL 3.0, or only the RC4 ciphersuites. If their package requires these options due to design, they should consider contacting upstream to update the software. If that is not possible, or this support is needed to contact legacy servers, they should consider not using the system wide policy, and make that apparent in the package documentation. 
> * Release engineering: This feature doesn't require coordination with release engineering. 
> * Policies and guidelines: The packaging guidelines do not need to be changed. 
For clarification: This is only changing the default - SSL 3.0 is still
available if specifically enabled? If so, we need to include
documentation on enabling it.

Bigger question - should we deprecate SSL 3.0 and plan to remove it in
F25? (F25 gives people a year to prepare after being notified of
deprecation in F23.)

We are looking at deprecating and ultimately removing a larger set of
ciphers:

/* 56-bit DES "domestic" cipher suites */ 
TLS_DHE_RSA_WITH_DES_CBC_SHA,
TLS_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_FIPS_WITH_DES_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
TLS_DH_anon_WITH_DES_CBC_SHA,
TLS_KRB5_WITH_DES_CBC_SHA,
TLS_KRB5_WITH_DES_CBC_MD5

 /* export ciphersuites with 1024-bit public key exchange keys */ 
 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 /* export ciphersuites with 512-bit public key exchange keys */ 
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
TLS_KRB5_EXPORT_WITH_RC4_40_MD5,

Should these ciphers be included in this proposal?
> 
> -- 
> Jan Kuřík
> _______________________________________________
> devel-announce mailing list
> devel-announce at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel-announce

More information about the devel mailing list