Make tlshd respect system-wide crypto policy

Question

Make tlshd respect system-wide crypto policy

jtlayton opened this issue 2 years ago · 4 comments

Petr Pisar mentioned this in the Fedora package review:

FIX: The daemon does not respect distribution-wide crypto policies. It enables algorithms in tlshd_make_priorities_string() based on what Linux supported at build time of this package. Ideally the daemon should consult crypto policy <https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/> and only enable a disjunction of what Linux offers and what user-space crypto policy mandates. Please contact <[security@lists.fedoraproject.org](mailto:security@lists.fedoraproject.org)> for help. There is a possibility that Linux already does that in other way. Please get a crypto review from the security team on that mailing list.

Basically we need to only enable ciphers tlshd_make_priorities_string that are supported by the local (runtime) crypto policy.

Answer 1 · 2023-04-24T19:35:15.000Z

I think we may be able to call gnutls_priority_cipher_list(3) and then iterate over that list to validate that each cipher we want to enable is part of it.

Answer 2 · 2023-04-24T19:38:10.000Z

This example may also be relevant: https://www.gnutls.org/manual/gnutls.html#Listing-the-ciphersuites-in-a-priority-string

Answer 3 · 2023-04-24T19:49:22.000Z

Note that tlshd uses the priorities string to control aspects of a PSK handshake that are not relevant for x.509 handshakes. Thus for now, a priorities string must be constructed for each kernel handshake request, since authentication type is one of the handshake parameters.

Answer 4 · 2023-05-16T15:30:01.000Z

Issue is addressed in ktls-utils-0.9. Thanks for your patch!