From Fedora Project Wiki

Disable SSL3 and RC4 by default

Summary

This change will disable by default the SSL 3.0 protocol and the RC4 cipher in components which use the system wide crypto policy. That is, gnutls and openssl libraries, and all the applications based on them.

Owner

Current status

  • Targeted release: Fedora 23
  • Last updated: 2015-04-28
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

There are serious vulnerabilities known to the SSL 3.0 protocol, since a decade. Recent attacks (e.g., the POODLE issue #1152789) take advantage of them, negating the secrecy offerings of the protocol. The RC4 cipher is also considered cryptographically broken, and new attacks against its secrecy are made known every year (#1207101). Since attacks are only getting better, we should disable these broken protocols and ciphers system wide.


Benefit to Fedora

We will ship applications that support by default the known to be secure ciphers. Applications will still be able to enable the old ciphers and protocols for compatibility, but only after user override, or interaction.


Scope

  • Proposal owners:

The crypto-policies package has to be updated to accommodate the new policies.

  • Other developers: Should verify that their package works after the change. That is that their package doesn't require only SSL 3.0, or only the RC4 ciphersuites. If their package requires these options due to design, they should consider contacting upstream to update the software. If that is not possible, or this support is needed to contact legacy servers, they should consider not using the system wide policy, and make that apparent in the package documentation.


  • Release engineering: This feature doesn't require coordination with release engineering.
  • Policies and guidelines: The packaging guidelines do not need to be changed.

Upgrade/compatibility impact

After this change, there may be no impact on compatibility after upgrade, if the local network of the user contains servers which only support the removed protocols or ciphers.


How To Test

Common applications that depend on openssl or gnutls should be tested against known servers on the internet or LAN.

User Experience

If users rely on infrastructure which deploys the legacy protocols, ciphers they will be denied access to it. They will be able to enable the old ciphers globally be switching to LEGACY policy and running update-crypto-policies

Dependencies

repoquery --whatrequires gnutls
repoquery --whatrequires openssl


Contingency Plan

  • Contingency mechanism: The owner will revert the change
  • Contingency deadline: beta freeze
  • Blocks release? No
  • Blocks product? No

Documentation

No documentation is available.


Release Notes

It should be mentioned in the released notes that SSL 3.0 and the RC4 cipher are not enabled by default in the programs we ship. Unfortunately that will not be in all programs we ship but in the programs that adhere to system-wide crypto policy. I.e., currently all applications that utilize TLS via NSS will not be affected by this change.