Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-36299

c10s nss needs to become aware of TLS-REQUIRE-EMS

    • None
    • None
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 25
    • 26
    • 3
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • Crypto24Q3
    • Hide

      [/CoreOS/nss/Regression/bz2157950-EMS-in-FIPS]

      Either of the two:

      If RHEL-5313 is not fixed (aborts, but late):

      • when TLS-REQUIRE-EMS is not in policy,
        a TLS 1.2 connection that doesn't negotiate EMS extension
        is aborted with the `handshake_failure` Alert
      • when TLS-REQUIRE-EMS is not in policy:
        TLS 1.2 connections that both do and don't negotiate the EMS extension proceed as normal

      If RHEL-5313 is fixed (timely aborts):

      • when TLS-REQUIRE-EMS is in policy,
        a TLS 1.2 connection that doesn't negotiate EMS extension
        is aborted early in the handshake with the `handshake_failure` Alert
        (immediately after receiving ServerHello for the client, and
        immediately after receiving ClientHello for the server)
        when TLS-REQUIRE-EMS is not in policy:
      • TLS 1.2 connections that both do and don't negotiate the EMS extension proceed as normal
         
      Show
      [/CoreOS/nss/Regression/bz2157950-EMS-in-FIPS] Either of the two: If RHEL-5313 is not fixed (aborts, but late): when TLS-REQUIRE-EMS is not in policy, a TLS 1.2 connection that doesn't negotiate EMS extension is aborted with the `handshake_failure` Alert when TLS-REQUIRE-EMS is not in policy: TLS 1.2 connections that both do and don't negotiate the EMS extension proceed as normal If RHEL-5313 is fixed (timely aborts): when TLS-REQUIRE-EMS is in policy, a TLS 1.2 connection that doesn't negotiate EMS extension is aborted early in the handshake with the `handshake_failure` Alert (immediately after receiving ServerHello for the client, and immediately after receiving ClientHello for the server) when TLS-REQUIRE-EMS is not in policy: TLS 1.2 connections that both do and don't negotiate the EMS extension proceed as normal  
    • Pass
    • None
    • Bug Fix
    • Hide
      .NSS now enforce EMS in FIPS mode

      The Network Security Services (NSS) libraries now contain the `TLS-REQUIRE-EMS` keyword to require the Extended Master Secret (EMS) extension (RFC 7627) for all TLS 1.2 connections as mandated by the FIPS 140-3 standard. NSS use the new keyword when the system-wide cryptographic policies are set to `FIPS`.

      If your scenario requires interoperating with legacy systems without support for EMS or TLS 1.3, you can apply the `NO-ENFORCE-EMS` system-wide cryptographic subpolicy. However, this change violates the FIPS-140-3 requirements.
      Show
      .NSS now enforce EMS in FIPS mode The Network Security Services (NSS) libraries now contain the `TLS-REQUIRE-EMS` keyword to require the Extended Master Secret (EMS) extension (RFC 7627) for all TLS 1.2 connections as mandated by the FIPS 140-3 standard. NSS use the new keyword when the system-wide cryptographic policies are set to `FIPS`. If your scenario requires interoperating with legacy systems without support for EMS or TLS 1.3, you can apply the `NO-ENFORCE-EMS` system-wide cryptographic subpolicy. However, this change violates the FIPS-140-3 requirements.
    • Done
    • None

      What were you trying to do that didn't work?

      RHEL-9 NSS recognizes the TLS-REQUIRE-EMS keyword. Fedora and c10s NSS does not.

      Please provide the package NVR for which bug is seen:

      nss-3.97.0-1.el10.x86_64

      How reproducible: reliably

      Steps to reproduce

      1. check that the patch is missing, or
      2. check that strings /usr/lib64/libnss3.so | grep EMS
      3. establish a TLS 1.2 connection without EMS FIPS mode

      Expected results

      patch is present, keyword is recognized, EMS is enforced in FIPS mode once the keyword is specified in the config file

      Actual results

      patch is not present, keyword is not recognized, EMS is not enforced in FIPS mode

              rrelyea@redhat.com Robert Relyea
              asosedki@redhat.com Alexander Sosedkin
              Robert Relyea Robert Relyea
              Alexander Sosedkin Alexander Sosedkin
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: