STIG Script Incorrectly Modifies openssl.cnf Causing SSL Handshaking Errors
Summary
scripts/xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy.sh is incorrect and is causing non-deterministic SSL handshake errors with FIPS enabled containers.
That script references /etc/crypto-policies/back-ends/openssl.config, but it should be referring to /etc/crypto-policies/back-ends/opensslcnf.config.
See http://static.open-scap.org/ssg-guides/ssg-rhel8-guide-ospp.html#xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy
Steps to reproduce
Our Kubernetes nodes for USAF Weather have FIPS enabled at the kernel level, as such, our containers are also enforcing FIPS.
$ cat /proc/sys/crypto/fips_enabled
1Enable FIPS in the Dockerfile:
(I realize there is a redhat/ubi/ubi8:8.5-fips, but all of the Python containers, which is what we are using, use ubi8:8.5. Regardless, this issue also affects ubi8:8.5-fips)
FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.5
RUN fips-mode-setup --enableWhat is the current bug behavior?
OpenSSL is offering non-FIPS compliant ciphers during the ClientHello portion of the SSL Handshake:
$ openssl ciphers -s -v -tls1_3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEADAs a result, some servers pick a FIPS compliant cipher in response, in which case the SSL handshake succeeds, while others pick a non-compliant cipher (TLS_CHACHA20_POLY1305_SHA256), resulting in curl: (35) error:0607B0C8:digital envelope routines:EVP_CipherInit_ex:disabled for FIPS.
What is the expected correct behavior?
It should only offer valid ciphers that it can accept. Such as docker.io/rhel/ubi8:8.5 does:
FROM redhat/ubi8:8.5
RUN fips-mode-setup --enable && dnf -y install openssl$ openssl ciphers -s -v -tls1_3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEADRelevant logs and/or screenshots
Looking at /etc/pki/tls/openssl.cnf, I found the following discrepancies:
Official RHEL UBI 8.5:
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/opensslcnf.configIronBank UBI 8.5 :
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/openssl.config
.include /etc/crypto-policies/back-ends/opensslcnf.configIronBank UBI 8.5-fips:
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/openssl.config
.include /etc/crypto-policies/back-ends/openssl.config
.include /etc/crypto-policies/back-ends/opensslcnf.configIronBank UBI 8.5 Minimal:
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/openssl.config
.include /etc/crypto-policies/back-ends/opensslcnf.configPlease note that this affects ubi8, ubi8-fips, and ubi8-minimal. And with ubi8-fips, since it is based on ubi8, it is running the script a second time, causing an additional erroneous entry.
If I remove the incorrect includes, OpenSSL works correctly.