Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Crypto policies-2016

250 views

Published on

Fedora crypto policies presentation at OpenSuSe 2016 conference.

Published in: Technology
  • Be the first to comment

Crypto policies-2016

  1. 1. Fedora System-wide Crypto Policies Nikos Mavrogiannopoulos Red Hat Security Technologies June, 2016
  2. 2. ● Purpose ● Benefi ts ● Status ● Approach ● Lessons Learned ● Future
  3. 3. 3/17/13 3Red Hat me • I work at Red Hat Security technologies – Mostly on crypto-related projects (Fedora, RHEL) – I like working on GnuTLS, OpenConnect VPN, OpenWRT – I started the 'System-wide crypto policies' project at Fedora
  4. 4. 3/17/13 4Red Hat Purpose
  5. 5. 3/17/13 5Red Hat Purpose • Problem statement:
  6. 6. 3/17/13 6Red Hat Purpose • Problem statement:
  7. 7. 3/17/13 7Red Hat Purpose • Problem statement:
  8. 8. 3/17/13 8Red Hat Purpose • Problem statement: Communicates on the LAN and on the Internet
  9. 9. 3/17/13 9Red Hat Purpose • Problem statement: Communicates on the LAN and on the Internet using curl, wget, lftp, firefox, apache, ssh, openvpn, ...
  10. 10. 3/17/13 10Red Hat Purpose • Problem statement: – How secure is each communication channel established by these applications? – Can we ensure a consistent security level across all these applications?
  11. 11. 3/17/13 11Red Hat Purpose • Problem statement: – How secure is each communication channel established by these applications? – Can we ensure a consistent security level across all these applications? • System-wide crypto policies – Apply a consistent default security level across libraries and applications
  12. 12. 3/17/13 12Red Hat Purpose • Problem statement: – How secure is each communication channel established by these applications? – Can we ensure a consistent security level across all these applications? • System-wide crypto policies – Apply a consistent default security level across libraries and applications A level that is modifiable by the distributor and user of the software;
  13. 13. 3/17/13 13Red Hat Purpose • How is the problem tackled today?
  14. 14. 3/17/13 14Red Hat Purpose • How is the problem tackled today? – bettercrypto.org:
  15. 15. 3/17/13 15Red Hat Purpose • How is the problem tackled today? – Two years later: system outdated
  16. 16. 3/17/13 16Red Hat Benefits
  17. 17. 3/17/13 17Red Hat Benefits • The security level used by default by libraries and applications is known. – Reduce administrative burden on setting up services (e.g., no need to follow complex and long advices like in bettercrypto.org) – Reduced support costs (a big class of vulnerabilities that depends on inconsistent parameters is eliminated – e.g., logjam) – Easier audit (only programs that don't support the policy will need to be audited to figure their security level)
  18. 18. 3/17/13 18Red Hat Status
  19. 19. 3/17/13 19Red Hat Status • Pilot version in Fedora 21 (common policy for GnuTLS and OpenSSL) – 3 default policies to chose from (LEGACY, DEFAULT, FUTURE) • Converted several libraries and applications by Fedora 22 – Web servers: ● Apache httpd, Lighttpd, Libmicrohttpd, ... – Command line applications: ● Wget, Lftp, … • Added BIND in Fedora 23 • Added Kerberos in Fedora 24 • Plan to add Java, NSS applications in Fedora 25
  20. 20. 3/17/13 20Red Hat Status • Upstream Patches – GnuTLS ● Read profiles from a pre-configured file (upstream since 3.3.0) – OpenSSL ● Read profiles from configuration file (github PR #192,#193) -- carried as downstream patch – NSS ● Read policies via pkcs11.txt (upstream since 3.24.x)
  21. 21. 3/17/13 21Red Hat Approach
  22. 22. 3/17/13 22Red Hat Approach • Re-use the existing cipher suite strings in gnutls and openssl – OpenSSL example: “HIGH:aNULL:!MD5” – GnuTLS example: “NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2”
  23. 23. 3/17/13 23Red Hat Approach • Re-use the existing cipher suite strings in gnutls and openssl – OpenSSL example: “HIGH:aNULL:!MD5” – GnuTLS example: “NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2” • Store a system-wide pre-configured string which will be loaded when a specific cipher string is detected – OpenSSL example: “PROFILE=SYSTEM” – GnuTLS example: “@SYSTEM”
  24. 24. 3/17/13 24Red Hat Approach • Re-use the existing cipher suite strings in gnutls and openssl – OpenSSL example: “HIGH:aNULL:!MD5” – GnuTLS example: “NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2” • Store a system-wide pre-configured string which will be loaded when a specific cipher string is detected – OpenSSL example: “PROFILE=SYSTEM” – GnuTLS example: “@SYSTEM” • Then, modify all program's default configuration files to contain these strings
  25. 25. 3/17/13 25Red Hat Approach • Re-use the existing cipher suite strings in gnutls and openssl – OpenSSL example: “HIGH:aNULL:!MD5” – GnuTLS example: “NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2” • Store a system-wide pre-configured string which will be loaded when a specific cipher string is detected – OpenSSL example: “PROFILE=SYSTEM” – GnuTLS example: “@SYSTEM” • Then, modify all program's default configuration files to contain these strings – When that's not possible replace any hard-coded defaults with the system defaults
  26. 26. 3/17/13 26Red Hat Approach • Re-use the existing cipher suite strings in gnutls and openssl – OpenSSL example: “HIGH:aNULL:!MD5” – GnuTLS example: “NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2” • Store a system-wide pre-configured string which will be loaded when a specific cipher string is detected – OpenSSL example: “PROFILE=SYSTEM” – GnuTLS example: “@SYSTEM” • Then, modify all program's default configuration files to contain these strings – When that's not possible replace any hard-coded defaults with the system defaults https://fedoraproject.org/wiki/Packaging:CryptoPolicies
  27. 27. 3/17/13 27Red Hat Approach • Packager assistance – rpmlint was modified to warn packagers of applications which may need to be modified to adhere to policy (included in F23) $ rpmlint dovecot-2.2.9-1.fc20.x86_64.rpm dovecot.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/dovecot/libssl_iostream_openssl.so SSL_CTX_set_cipher_list $ rpmlint -I crypto-policy-non-compliance-openssl crypto-policy-non-compliance-openssl: This application package calls a function to explicitly set crypto ciphers for SSL/TLS. That may cause the application not to use the system-wide set cryptographic policy and should be modified in accordance to: https://fedoraproject.org/wiki/Packaging:CryptoPolicies
  28. 28. 3/17/13 28Red Hat Approach • Applications with config files (BIND, Kerberos) – Generate a configuration file with the crypto settings to be included by the main config
  29. 29. 3/17/13 29Red Hat Approach • Applications with config files (BIND, Kerberos) – Generate a configuration file with the crypto settings to be included by the main config # This file is automatically generated by update-crypto-policies. permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1- 96 des3-cbc-sha1 camellia256-cts-cmac camellia128-cts-cmac File linked from /etc/krb5.conf.d/ - Administrator can opt-out by deleting link
  30. 30. 3/17/13 30Red Hat Approach • Ideally covered settings: – Signature algorithms – MAC algorithms – Cipher algorithms – Key exchange algorithm – Elliptic curves – Size of parameters (RSA, DH) – Protocols (TLS 1.1, 1.2, …) – Compression
  31. 31. 3/17/13 31Red Hat Approach • Ideally covered settings: – Signature algorithms – MAC algorithms – Cipher algorithms – Key exchange algorithm – Elliptic curves – Size of parameters (RSA, DH) – Protocols (TLS 1.1, 1.2, …) – Compression GnuTLS, NSS OpenSSL
  32. 32. 3/17/13 32Red Hat Lessons learned
  33. 33. 3/17/13 33Red Hat Lessons learned ● System-wide changes require a smooth transition – It took 10 minutes to get a bug report in our rawhide (“later Fedora 22”) when we disabled SSL 3.0
  34. 34. 3/17/13 34Red Hat Lessons learned ● Nevertheless works with sufficient planning – Disabling RC4 and SSL 3.0 for all applications was possible in Fedora 23 via the system-wide policies
  35. 35. 3/17/13 35Red Hat Lessons learned ● Upstream concerns – Each application is free to set their own settings – Changes for pro-active security are slow to adopt ● Unlike CVEs, no time pressure → gets postponed
  36. 36. 3/17/13 36Red Hat Lessons learned ● Having a consistent default security level pays off: – The Fix for POODLE would have been a fix in the policy not in 1000+ applications – The same for issues in CBC ciphers, RC4, compression, … – Logjam attack would have been neutralized
  37. 37. 3/17/13 37Red Hat Future plans
  38. 38. 3/17/13 38Red Hat Future plans ● Include openssh's cipher combinations ● Tracker at https://fedoraproject.org/wiki/User:Nmav/FedoraCryptoPolicies
  39. 39. 3/17/13 39Red Hat Future plans ● Auto-generate application policy (rewrite to perl pending) ● Generate the policy in a standardized way for applications to parse
  40. 40. 3/17/13 40Red Hat Future plans ● Make it universal, not Fedora-only https://github.com/nmav/fedora-crypto-policies
  41. 41. 3/17/13 41Red Hat Questions

×