Issue #5684: Configure 389ds with "default" cipher suite - freeipa

freeipa

#5684 Configure 389ds with "default" cipher suite

Closed: Fixed None Opened 8 years ago by ftweedal.

FreeIPA currently configures 389 with nsSSL3Ciphers: +all, allowing
the use of insecure ciphers when connecting to 389.

It could be changed to nsSSL3Ciphers: default, which is a more secure
(and maintained) default set of ciphers (available since 389 v1.3.3).

See https://fedorahosted.org/389/ticket/47838 and
http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html
for more info.

mkosek commented 8 years ago

Original RFE that introduced the cipher suite: #4395 (FreeIPA 4.0.3).

mbasti commented 8 years ago

We have also this configuration,

allowWeakCipher: off

shouldn't this turn off weak ciphers?

According to http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html default provides less suites than +all but weak

cheimes commented 8 years ago

Current cipher list on F23:

$ rpm -qa nss 389-ds-base
nss-3.22.2-1.0.fc23.x86_64
389-ds-base-1.3.4.5-1.fc23.x86_64
$ sslscan HOST:636 | grep Accept
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  256 bits  CAMELLIA256-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  SEED-SHA
    Accepted  TLSv1  128 bits  CAMELLIA128-SHA
    Accepted  TLS11  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  TLS11  256 bits  AES256-SHA
    Accepted  TLS11  256 bits  CAMELLIA256-SHA
    Accepted  TLS11  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  TLS11  128 bits  AES128-SHA
    Accepted  TLS11  128 bits  SEED-SHA
    Accepted  TLS11  128 bits  CAMELLIA128-SHA
    Accepted  TLS12  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA256
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  TLS12  256 bits  AES256-SHA256
    Accepted  TLS12  256 bits  AES256-SHA
    Accepted  TLS12  256 bits  CAMELLIA256-SHA
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  DHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  TLS12  128 bits  AES128-GCM-SHA256
    Accepted  TLS12  128 bits  AES128-SHA256
    Accepted  TLS12  128 bits  AES128-SHA
    Accepted  TLS12  128 bits  SEED-SHA
    Accepted  TLS12  128 bits  CAMELLIA128-SHA

Except for CAMELLIA and SEED it doesn't look that bad.

cheimes commented 8 years ago

With 'nsSSL3Ciphers: default':

    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLS11  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  AES256-SHA
    Accepted  TLS11  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  AES128-SHA
    Accepted  TLS12  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA256
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  AES256-SHA256
    Accepted  TLS12  256 bits  AES256-SHA
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  DHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  AES128-GCM-SHA256
    Accepted  TLS12  128 bits  AES128-SHA256
    Accepted  TLS12  128 bits  AES128-SHA

firstyear commented 8 years ago

We would prefer if you used nsSSL3Ciphers: default. We try to keep these as strong secure defaults. That's why there are less in the list than "all but weak".

It also means you (ipa project) don't need to worry about updating them as much, as we will take care of it on the DS side.

mbasti commented 8 years ago

master:

dd86f83 Configure 389ds with "default" cipher suite

ipa-4-3:

3c4a8c8 Configure 389ds with "default" cipher suite

mkubik commented 8 years ago

No test required on ipa side.

Metadata Update from @ftweedal:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.3.1

7 years ago

Metadata

Assignee

mbasti

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.3.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

blocking

None

on_review

keywords

None

test_coverage

reviewer

ftweedal

external_tracker

None

rhbz

tester

mkubik

changelog

None

design

None

freeipa

Source Code

#5684 Configure 389ds with "default" cipher suite Closed: Fixed None Opened 8 years ago by ftweedal.

Metadata

#5684 Configure 389ds with "default" cipher suite

Closed: Fixed None Opened 8 years ago by ftweedal.