openssl

Author SHA1 Message Date

Author	SHA1	Message	Date
Clemens Lang	bb28a358c8	Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0 Fedora supports TLS down to 1.0 in LEGACY crypto-policy, but TLS 1.0 defaults to rsa_pkcs1_md5_sha1 with RSA certificates by default. However, MD5-SHA1 would require SECLEVEL=0, because its 67 bits of security do not meet SECLEVEL=1's requirement of 80 bits. Instead of setting SECLEVEL to 0 in the LEGACY crypto-policy (which would include all algorithms, regardless of their security level), allow MD5-SHA1 if rh-allow-sha1-signatures is yes and SECLEVEL is 1. Additionally, fix a regression in evp_pkey_name2type caused by the tr_TR locale fix. Resolves: rhbz#2069239 Signed-off-by: Clemens Lang <cllang@redhat.com>	2022-04-27 12:53:08 +02:00
Clemens Lang	2fdd24a724	Allow disabling of SHA1 signatures NOTE: This patch is ported from CentOS 9 / RHEL 9, where it defaults to denying SHA1 signatures. On Fedora, the default is – for now – to allow SHA1 signatures. In order to phase out SHA1 signatures, introduce a new configuration option in the alg_section named 'rh-allow-sha1-signatures'. This option defaults to true. If set to false, any signature creation or verification operations that involve SHA1 as digest will fail. This also affects TLS, where the signature_algorithms extension of any ClientHello message sent by OpenSSL will no longer include signatures with the SHA1 digest if rh-allow-sha1-signatures is false. For servers that request a client certificate, the same also applies for CertificateRequest messages sent by them. (cherry picked from commit `432cfa2baa`) Resolves: rhbz#2070977 Resolves: rhbz#2071615 Related: rhbz#2031742, rhbz#2062640 Signed-off-by: Clemens Lang <cllang@redhat.com>	2022-04-07 18:16:51 +02:00

Clemens Lang

bb28a358c8

Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0

Fedora supports TLS down to 1.0 in LEGACY crypto-policy, but TLS 1.0
defaults to rsa_pkcs1_md5_sha1 with RSA certificates by default.
However, MD5-SHA1 would require SECLEVEL=0, because its 67 bits of
security do not meet SECLEVEL=1's requirement of 80 bits.

Instead of setting SECLEVEL to 0 in the LEGACY crypto-policy (which
would include all algorithms, regardless of their security level), allow
MD5-SHA1 if rh-allow-sha1-signatures is yes and SECLEVEL is 1.

Additionally, fix a regression in evp_pkey_name2type caused by the tr_TR
locale fix.

Resolves: rhbz#2069239
Signed-off-by: Clemens Lang <cllang@redhat.com>

2022-04-27 12:53:08 +02:00

Clemens Lang

2fdd24a724

Allow disabling of SHA1 signatures

NOTE: This patch is ported from CentOS 9 / RHEL 9, where it defaults to
denying SHA1 signatures. On Fedora, the default is – for now – to allow
SHA1 signatures.

In order to phase out SHA1 signatures, introduce a new configuration
option in the alg_section named 'rh-allow-sha1-signatures'. This option
defaults to true. If set to false, any signature creation or
verification operations that involve SHA1 as digest will fail.

This also affects TLS, where the signature_algorithms extension of any
ClientHello message sent by OpenSSL will no longer include signatures
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
that request a client certificate, the same also applies for
CertificateRequest messages sent by them.

(cherry picked from commit 432cfa2baa)

Resolves: rhbz#2070977
Resolves: rhbz#2071615
Related: rhbz#2031742, rhbz#2062640
Signed-off-by: Clemens Lang <cllang@redhat.com>

2022-04-07 18:16:51 +02:00

2 Commits