On Tue, 2015-04-28 at 06:10 -0400, Jan Kurik wrote: > = Proposed System Wide Change: Disable SSL3 and RC4 by default = > https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4 > > Change owner(s): Nikos Mavrogiannopoulos <n...@redhat.com> > > This change will disable by default the SSL 3.0 protocol and the RC4 cipher > in components which use the system wide crypto policy. That is, gnutls and > openssl libraries, and all the applications based on them. > > == Detailed Description == > There are serious vulnerabilities known to the SSL 3.0 protocol, since a > decade. Recent attacks (e.g., the POODLE issue #1152789) take advantage of > them, negating the secrecy offerings of the protocol. The RC4 cipher is also > considered cryptographically broken, and new attacks against its secrecy are > made known every year (#1207101). Since attacks are only getting better, we > should disable these broken protocols and ciphers system wide. > > == Scope == > * Proposal owners: The crypto-policies package has to be updated to > accommodate the new policies. > * Other developers: Should verify that their package works after the change. > That is that their package doesn't require only SSL 3.0, or only the RC4 > ciphersuites. If their package requires these options due to design, they > should consider contacting upstream to update the software. If that is not > possible, or this support is needed to contact legacy servers, they should > consider not using the system wide policy, and make that apparent in the > package documentation. > * Release engineering: This feature doesn't require coordination with release > engineering. > * Policies and guidelines: The packaging guidelines do not need to be > changed. For clarification: This is only changing the default - SSL 3.0 is still available if specifically enabled? If so, we need to include documentation on enabling it.
Bigger question - should we deprecate SSL 3.0 and plan to remove it in F25? (F25 gives people a year to prepare after being notified of deprecation in F23.) We are looking at deprecating and ultimately removing a larger set of ciphers: /* 56-bit DES "domestic" cipher suites */ TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5 /* export ciphersuites with 1024-bit public key exchange keys */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* export ciphersuites with 512-bit public key exchange keys */ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, Should these ciphers be included in this proposal? > > -- > Jan Kuřík > _______________________________________________ > devel-announce mailing list > devel-annou...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
