If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
As promoted by the security-team, we want to unify the cryptographic policies as used by different applications and libraries by introducing the crypto-policies package in Tumbleweed. This package allows to set the cryptographic security level for all applications that use a cryptographic back-end supported by the policies. For now, only OpenSSL and GnuTLS follow these policies but more libraries and applications will be added gradually. Note that, the crypto-policies support was added to Tumbleweed in snapshot 20201216.
Predefined security levels
The main idea is to have three predefined security levels that an administrator can configure by modifying /etc/crypto-policies/config or by using the update-crypto-policies script. These groups of policies are LEGACY, DEFAULT and FUTURE which have the following details:
* LEGACY MACs: All HMAC with SHA-1 or better + all modern MACs (Poly1305, ...) Curves: All prime >= 255 bits (including Bernstein curves) Signature algorithms: SHA-1 hash or better (DSA allowed) TLS Ciphers: All available >= 112-bit key, >= 128-bit block (including RC4 and 3DES) Non-TLS Ciphers: same as TLS ciphers with added Camellia key exchange: ECDHE, RSA, DHE DH params size: >= 1024 RSA params size: >= 1024 TLS protocols: TLS >= 1.0, DTLS >= 1.0
* DEFAULT MACs: All HMAC with SHA-1 or better + all modern MACs (Poly1305, ...) Curves: All prime >= 255 bits (including Bernstein curves) Signature algorithms: With SHA-256 hash or better (not DSA) TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) non-TLS Ciphers: as TLS Ciphers with added Camellia key exchange: ECDHE, RSA, DHE (no DHE-DSS) DH params size: >= 2048 RSA params size: >= 2048 TLS protocols: TLS >= 1.2, DTLS >= 1.2
* FUTURE MACs: All HMAC with SHA-256 or better + all modern MACs (Poly1305, ...) Curves: All prime >= 255 bits (including Bernstein curves) Signature algorithms: SHA-256 hash or better (not DSA) TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers non-TLS Ciphers: same as TLS ciphers with added non AE ciphers and Camellia key exchange: ECDHE, DHE (no DHE-DSS, no RSA) DH params size: >= 3072 RSA params size: >= 3072 TLS protocols: TLS >= 1.2, DTLS >= 1.2
These policies can also change over time together with the security of the cryptographic components. Having crypto-policies allows to easily handle the deprecation of algorithms or protocols system-wide and in a transparent manner.
On a fresh install of the crypto-policies package, the DEFAULT policy is set as the default policy. The actual policy in use can be checked with the update-crypto-policies command:
Some policies could break applications that connect to servers which use weak cryptographic algorithms. If this occurs, you could use the LEGACY policy level until resolved by using update-crypto-policies:
update-crypto-policies --set LEGACY
If we notice significant user experience degradation, e.g., due to many custom servers utilizing legacy protocols, we will consider postponing that change or adapt that policy.
Create a new policy
Defining a new policy from scratch requires to create a file named <POLICY>.pol, where the name must be in uppercase and without spaces. This file must be located in the /etc/crypto-policies/policies folder or in /usr/share/crypto-policies/policies. As shown before, the newly created policy can be applied with:
update-crypto-policies --set <POLICY>
As examples of policies, see the .pol files in /usr/share/crypto-policies/policies/.
Modify existing cryptographic policies
The cryptographic policies can be set with policy modifiers to adjust certain algorithms or protocols. Modifying an existing policy can be done via policy modifier modules. These policy modifiers are text files, with extension .pmod, that include the modifications. The name of the modifier module must be <MODULE>.pmod, where <MODULE> is the name of the modifier in uppercase and without spaces. These files must be located in the /etc/crypto-policies/policies/modules folder, or in the /usr/share/crypto-policies/policies/modules folder if they come pre-installed).
For example, to disable SHA-1 hash, the modifier module /usr/share/crypto-policies/policies/modules/NO-SHA1.pmod contains:
hash = -SHA1 sign = -RSA-PSS-SHA1 -RSA-SHA1 -ECDSA-SHA1
And, the newly customized policy can be applied with:
update-crypto-policies --set DEFAULT:NO-SHA1
Enforcing system crypto-policies
To follow the crypto-policies, some application's configuration file or compilation option should set a system default option. That is, for example, for applications that use GnuTLS or OpenSSL a priority string or cipher named "SYSTEM". Then, the shipped library will make sure that, once the "SYSTEM" option is encountered, the pre-configured system settings will be applied. When an application doesn't specify any default settings, the system settings should apply.
For example, for OpenSSL and GnuTLS this is:
- OpenSSL: The cipher string "PROFILE=SYSTEM" will be used to specify the system ciphers. Any applications not explicitly specifying ciphers will use the system ciphers.
- GnuTLS: The "@SYSTEM" priority string will be used to specify the system ciphers. Any applications using gnutls_set_default_priority() will also use the system ciphers.
We have carefully reviewed the packages that depend on GnuTLS and OpenSSL. Please, report back to us if you find any inconsistency opening a bug in openSUSE bugzilla.
Documentation and upstream project
For more information, please refer to the following man pages:
man 7 crypto-policies man 8 update-crypto-policies