#5684 Configure 389ds with "default" cipher suite
Closed: Fixed None Opened 5 years ago by ftweedal.

FreeIPA currently configures 389 with nsSSL3Ciphers: +all, allowing
the use of insecure ciphers when connecting to 389.

It could be changed to nsSSL3Ciphers: default, which is a more secure
(and maintained) default set of ciphers (available since 389 v1.3.3).

See https://fedorahosted.org/389/ticket/47838 and
http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html
for more info.


Original RFE that introduced the cipher suite: #4395 (FreeIPA 4.0.3).

We have also this configuration,

allowWeakCipher: off

shouldn't this turn off weak ciphers?

According to http://directory.fedoraproject.org/docs/389ds/design/nss-cipher-design.html default provides less suites than +all but weak

Current cipher list on F23:

$ rpm -qa nss 389-ds-base
nss-3.22.2-1.0.fc23.x86_64
389-ds-base-1.3.4.5-1.fc23.x86_64
$ sslscan HOST:636 | grep Accept
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  256 bits  CAMELLIA256-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  SEED-SHA
    Accepted  TLSv1  128 bits  CAMELLIA128-SHA
    Accepted  TLS11  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  TLS11  256 bits  AES256-SHA
    Accepted  TLS11  256 bits  CAMELLIA256-SHA
    Accepted  TLS11  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  TLS11  128 bits  AES128-SHA
    Accepted  TLS11  128 bits  SEED-SHA
    Accepted  TLS11  128 bits  CAMELLIA128-SHA
    Accepted  TLS12  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA256
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  DHE-RSA-CAMELLIA256-SHA
    Accepted  TLS12  256 bits  AES256-SHA256
    Accepted  TLS12  256 bits  AES256-SHA
    Accepted  TLS12  256 bits  CAMELLIA256-SHA
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  DHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  DHE-RSA-CAMELLIA128-SHA
    Accepted  TLS12  128 bits  AES128-GCM-SHA256
    Accepted  TLS12  128 bits  AES128-SHA256
    Accepted  TLS12  128 bits  AES128-SHA
    Accepted  TLS12  128 bits  SEED-SHA
    Accepted  TLS12  128 bits  CAMELLIA128-SHA

Except for CAMELLIA and SEED it doesn't look that bad.

With 'nsSSL3Ciphers: default':

    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLS11  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS11  256 bits  AES256-SHA
    Accepted  TLS11  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS11  128 bits  AES128-SHA
    Accepted  TLS12  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA256
    Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLS12  256 bits  AES256-SHA256
    Accepted  TLS12  256 bits  AES256-SHA
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  DHE-RSA-AES128-GCM-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA256
    Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLS12  128 bits  AES128-GCM-SHA256
    Accepted  TLS12  128 bits  AES128-SHA256
    Accepted  TLS12  128 bits  AES128-SHA

We would prefer if you used nsSSL3Ciphers: default. We try to keep these as strong secure defaults. That's why there are less in the list than "all but weak".

It also means you (ipa project) don't need to worry about updating them as much, as we will take care of it on the DS side.

master:

  • dd86f83 Configure 389ds with "default" cipher suite

ipa-4-3:

  • 3c4a8c8 Configure 389ds with "default" cipher suite

No test required on ipa side.

Metadata Update from @ftweedal:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.3.1

4 years ago

Login to comment on this ticket.

Metadata