1179273 – [RFE] vdsm: Utilize system-wide crypto-policies

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1179273 - [RFE] vdsm: Utilize system-wide crypto-policies

Summary: [RFE] vdsm: Utilize system-wide crypto-policies

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	vdsm
Classification:	oVirt
Component:	General
Sub Component:
Version:	---
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	ovirt-4.4.0
Target Release:	---
Assignee:	Marcin Sobczyk
QA Contact:	Petr Kubica
Docs Contact:
URL:
Whiteboard:
Depends On:	1147148
Blocks:	fedora-crypto-policies
TreeView+	depends on / blocked

Reported:	2015-01-06 14:21 UTC by Nikos Mavrogiannopoulos
Modified:	2020-07-31 19:22 UTC (History)
CC List:	18 users (show)
Fixed In Version:	rhv-4.4.0-29
Doc Type:	Enhancement
Doc Text:	The VDSM's `ssl_protocol`, `ssl_excludes`, and `ssl_ciphers` config options have been removed. For details, see: https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8 To fine-tune your crypto settings, change or create your crypto policy. For example, for your hosts to communicate with legacy systems that still use insecure TLSv1 or TLSv1.1, change your crypto policy to `LEGACY` with: ---- # update-crypto-policies --set LEGACY ----
Clone Of:
Environment:
Last Closed:	2020-05-20 20:03:53 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:
Flags:	mperina: ovirt-4.4? mtessun: planning_ack+ mperina: devel_ack+ lleistne: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	104287	'None'	ABANDONED	config: ssl: Remove 'ssl_ciphers' option	2020-12-11 17:30:03 UTC
oVirt gerrit	104288	'None'	ABANDONED	config: ssl: Remove 'ssl_excludes' option	2020-12-11 17:30:31 UTC
oVirt gerrit	104289	'None'	ABANDONED	config: ssl: Remove 'ssl_protocol' option	2020-12-11 17:30:01 UTC
oVirt gerrit	104290	'None'	ABANDONED	tests: ssl: Test protocols disabled by crypto policy	2020-12-11 17:30:31 UTC
oVirt gerrit	104467	'None'	ABANDONED	config: ssl: Remove 'ssl_protocol' option	2020-12-11 17:30:03 UTC
oVirt gerrit	104710	'None'	MERGED	config: ssl: Conform to crypto policies	2020-12-11 17:30:01 UTC

Description Nikos Mavrogiannopoulos 2015-01-06 14:21:16 UTC

Please convert to use the system's crypto policy for SSL and TLS:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies

If this program is compiled against gnutls, change the default priority string to be "@SYSTEM" or to use gnutls_set_default_priority().

If this program is compiled against openssl, and there is no default cipher list specified, you don't need to modify it. Otherwise replace the default cipher list with "PROFILE=SYSTEM".

In both cases please verify that the application uses the system's crypto policies.

If the package is already using the system-wide crypto policies, or it does not use SSL or TLS, no action is required, the bug can simply be closed.

Comment 1 Oved Ourfali 2015-07-29 11:57:17 UTC

Will be fixed by m2crypto removal.

Comment 2 Sandro Bonazzola 2015-09-04 09:01:59 UTC

This is an automated message.
This Bugzilla report has been opened on a version which is not maintained anymore.
Please check if this bug is still relevant in oVirt 3.5.4.
If it's not relevant anymore, please close it (you may use EOL or CURRENT RELEASE resolution)
If it's an RFE please update the version to 4.0 if still relevant.

Comment 4 Dan Kenigsberg 2015-09-06 12:56:13 UTC

At the moment we have a (relatively small) Engine-side performance regression that does not let us completely drop m2crypto on 3.6.

Comment 5 Yaniv Kaul 2016-03-10 15:10:41 UTC

(In reply to Dan Kenigsberg from comment #4)
> At the moment we have a (relatively small) Engine-side performance
> regression that does not let us completely drop m2crypto on 3.6.

And in 4.0?

Comment 6 Piotr Kliczewski 2016-03-14 08:09:10 UTC

(In reply to Yaniv Kaul from comment #5)
> (In reply to Dan Kenigsberg from comment #4)
> > At the moment we have a (relatively small) Engine-side performance
> > regression that does not let us completely drop m2crypto on 3.6.
> 
> And in 4.0?

Recent tests were not clear whether the regression is still in place. I suggest to perform new set of tests (no code changes required).

Comment 7 Oved Ourfali 2016-04-18 07:50:22 UTC

(In reply to Piotr Kliczewski from comment #6)
> (In reply to Yaniv Kaul from comment #5)
> > (In reply to Dan Kenigsberg from comment #4)
> > > At the moment we have a (relatively small) Engine-side performance
> > > regression that does not let us completely drop m2crypto on 3.6.
> > 
> > And in 4.0?
> 
> Recent tests were not clear whether the regression is still in place. I
> suggest to perform new set of tests (no code changes required).

Do we feel comfortable removing m2crypto in 4.0?

Comment 8 Piotr Kliczewski 2016-04-18 09:59:14 UTC

It should not take a lot of time to remove it but we would need to make sure that we are as fast with standard ssl module.

Comment 9 Yaniv Bronhaim 2016-04-19 10:38:04 UTC

will it be verified and removed in 4.0 scope? if not, please update the target milestone and flags.

Comment 10 Piotr Kliczewski 2016-04-19 11:03:04 UTC

Let's target 4.0 and see how we progress with verification.

Comment 11 Sandro Bonazzola 2016-05-02 10:07:43 UTC

Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA.

Comment 12 Yaniv Lavi 2016-05-23 13:22:20 UTC

oVirt 4.0 beta has been released, moving to RC milestone.

Comment 13 Yaniv Lavi 2016-05-23 13:25:02 UTC

oVirt 4.0 beta has been released, moving to RC milestone.

Comment 14 Yaniv Kaul 2017-09-04 10:50:35 UTC

Piotr, what's the latest status here?

Comment 15 Piotr Kliczewski 2017-09-04 11:55:56 UTC

There was no work done to provide this functionality.

Comment 16 Yaniv Kaul 2017-09-04 14:40:43 UTC

(In reply to Piotr Kliczewski from comment #15)
> There was no work done to provide this functionality.

Didn't you remove m2crypto?

commit 6cc45394f688c0098f576d29f4623c1416e99299
Author: Piotr Kliczewski <piotr.kliczewski>
Date:   Tue Apr 25 16:31:56 2017 +0200

    ssl: remove m2crypto

Comment 17 Piotr Kliczewski 2017-09-04 14:51:29 UTC

Please see comment #1. This BZ is not about which implementation we use but how it is configured. We want to use system's crypto policy to configure vdsm.

Comment 18 Oved Ourfali 2017-09-27 09:08:24 UTC

I don't see it being prioritized.
Closing as wontfix.

Comment 20 Nir Soffer 2018-05-14 08:28:21 UTC

Nikos, this page does mention Python.
https://fedoraproject.org/wiki/Packaging:CryptoPolicies

Do we have recommended configuration for Python?

Comment 21 Nikos Mavrogiannopoulos 2018-05-14 09:57:16 UTC

Hari do you know that answer to the above? Do python applications need any additional settings to use the default crypto policies?

Comment 22 Charalampos Stratakis 2018-05-14 11:34:53 UTC

(In reply to Nikos Mavrogiannopoulos from comment #21)
> Hari do you know that answer to the above? Do python applications need any
> additional settings to use the default crypto policies?

Hello Nikos.

Python 3 already utilizes the system wide crypto policies in Fedora [0] and according to upstream [1]: Application are encouraged to use this default suite list. They are still free to override the default by calling SSLContext's set_ciphers() method. 

[0] https://src.fedoraproject.org/rpms/python3/c/969d51434e2479639d62c2b03fd51df7403eb722?branch=master
[1] https://bugs.python.org/issue31429

Comment 23 Nikos Mavrogiannopoulos 2018-05-14 11:55:13 UTC

So Nir, the point is that the application must not override the default set_ciphers(), unless requested by the user, in order to comply with the policies.

Comment 24 Nir Soffer 2018-05-14 12:10:53 UTC

(In reply to Charalampos Stratakis from comment #22)
> (In reply to Nikos Mavrogiannopoulos from comment #21)
> > Hari do you know that answer to the above? Do python applications need any
> > additional settings to use the default crypto policies?
> Python 3 already utilizes the system wide crypto policies in Fedora
...

What about 2.7? it seems we have no integration with system wide policies.

From Fedora 28, python2-2.7.14-15.fc28.x86_64:

# Disable weak or insecure ciphers by default
# (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
# Enable a better set of ciphers by default
# This list has been explicitly chosen to:
#   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
#   * Prefer ECDHE over DHE for better performance
#   * Prefer AEAD over CBC for better performance and security
#   * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
#     (ChaCha20 needs OpenSSL 1.1.0 or patched 1.0.2)
#   * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
#     performance and security
#   * Then Use HIGH cipher suites as a fallback
#   * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs
#     for security reasons
_DEFAULT_CIPHERS = (
    'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
    'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
    '!aNULL:!eNULL:!MD5:!3DES'
    )

# Restricted and more secure ciphers for the server side
# This list has been explicitly chosen to:
#   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
#   * Prefer ECDHE over DHE for better performance
#   * Prefer AEAD over CBC for better performance and security
#   * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
#   * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
#     performance and security
#   * Then Use HIGH cipher suites as a fallback
#   * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and
#     3DES for security reasons
_RESTRICTED_SERVER_CIPHERS = (
    'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
    'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
    '!aNULL:!eNULL:!MD5:!DSS:!RC4:!3DES'
)

From RHEL 7.5, python-2.7.5-68.el7.x86_64 

# Disable weak or insecure ciphers by default
# (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
# Enable a better set of ciphers by default
# This list has been explicitly chosen to:
#   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
#   * Prefer ECDHE over DHE for better performance
#   * Prefer any AES-GCM over any AES-CBC for better performance and security
#   * Then Use HIGH cipher suites as a fallback
#   * Then Use 3DES as fallback which is secure but slow
#   * Finally use RC4 as a fallback which is problematic but needed for
#     compatibility some times.
#   * Disable NULL authentication, NULL encryption, and MD5 MACs for security
#     reasons
_DEFAULT_CIPHERS = (
    'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
    'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:ECDH+RC4:'
    'DH+RC4:RSA+RC4:!aNULL:!eNULL:!MD5'
)

# Restricted and more secure ciphers for the server side
# This list has been explicitly chosen to:
#   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
#   * Prefer ECDHE over DHE for better performance
#   * Prefer any AES-GCM over any AES-CBC for better performance and security
#   * Then Use HIGH cipher suites as a fallback
#   * Then Use 3DES as fallback which is secure but slow
#   * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, and RC4 for
#     security reasons
_RESTRICTED_SERVER_CIPHERS = (
    'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
    'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
    '!eNULL:!MD5:!DSS:!RC4'
)

Comment 25 Charalampos Stratakis 2018-05-14 12:23:20 UTC

(In reply to Nir Soffer from comment #24)
> (In reply to Charalampos Stratakis from comment #22)
> > (In reply to Nikos Mavrogiannopoulos from comment #21)
> > > Hari do you know that answer to the above? Do python applications need any
> > > additional settings to use the default crypto policies?
> > Python 3 already utilizes the system wide crypto policies in Fedora
> ...
> 
> What about 2.7? it seems we have no integration with system wide policies.
> 
> From Fedora 28, python2-2.7.14-15.fc28.x86_64:
> 
> # Disable weak or insecure ciphers by default
> # (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
> # Enable a better set of ciphers by default
> # This list has been explicitly chosen to:
> #   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
> #   * Prefer ECDHE over DHE for better performance
> #   * Prefer AEAD over CBC for better performance and security
> #   * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
> #     (ChaCha20 needs OpenSSL 1.1.0 or patched 1.0.2)
> #   * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
> #     performance and security
> #   * Then Use HIGH cipher suites as a fallback
> #   * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs
> #     for security reasons
> _DEFAULT_CIPHERS = (
>     'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
>     'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
>     '!aNULL:!eNULL:!MD5:!3DES'
>     )
> 
> # Restricted and more secure ciphers for the server side
> # This list has been explicitly chosen to:
> #   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
> #   * Prefer ECDHE over DHE for better performance
> #   * Prefer AEAD over CBC for better performance and security
> #   * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
> #   * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
> #     performance and security
> #   * Then Use HIGH cipher suites as a fallback
> #   * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and
> #     3DES for security reasons
> _RESTRICTED_SERVER_CIPHERS = (
>     'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
>     'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
>     '!aNULL:!eNULL:!MD5:!DSS:!RC4:!3DES'
> )
> 
> From RHEL 7.5, python-2.7.5-68.el7.x86_64 
> 
> # Disable weak or insecure ciphers by default
> # (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
> # Enable a better set of ciphers by default
> # This list has been explicitly chosen to:
> #   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
> #   * Prefer ECDHE over DHE for better performance
> #   * Prefer any AES-GCM over any AES-CBC for better performance and security
> #   * Then Use HIGH cipher suites as a fallback
> #   * Then Use 3DES as fallback which is secure but slow
> #   * Finally use RC4 as a fallback which is problematic but needed for
> #     compatibility some times.
> #   * Disable NULL authentication, NULL encryption, and MD5 MACs for security
> #     reasons
> _DEFAULT_CIPHERS = (
>    
> 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
>    
> 'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:ECDH+RC4:'
>     'DH+RC4:RSA+RC4:!aNULL:!eNULL:!MD5'
> )
> 
> # Restricted and more secure ciphers for the server side
> # This list has been explicitly chosen to:
> #   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
> #   * Prefer ECDHE over DHE for better performance
> #   * Prefer any AES-GCM over any AES-CBC for better performance and security
> #   * Then Use HIGH cipher suites as a fallback
> #   * Then Use 3DES as fallback which is secure but slow
> #   * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, and RC4
> for
> #     security reasons
> _RESTRICTED_SERVER_CIPHERS = (
>    
> 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
>     'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
>     '!eNULL:!MD5:!DSS:!RC4'
> )

Unfortunately python2 does not have any mechanism in place about that.

Comment 29 Nir Soffer 2019-11-19 16:05:03 UTC

Note that this bug is about vdsm but we have more components that may
need to be updated to use system policy:
- ovirt-imageio-daemon
- ovirt-hosted-engine-ha?
- ovirt-vmconsole?
- cockpit?

Comment 31 Petr Kubica 2020-04-23 22:50:51 UTC

Verified in 4.4.0-0.33.master.el8ev

Comment 32 Sandro Bonazzola 2020-05-20 20:03:53 UTC

This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020.

Since the problem described in this bug report should be
resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.