New RHEL 8 Crypto Configuration mentioned in:
From: Илья Шипицин <chipits...@gmail.com> Sent: Wednesday, May 6, 2020 5:34 AM To: HAProxy <haproxy@formilux.org> Subject: running haproxy with predefined security policies on RHEL8 ? Hello, do we have any experience of https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8 defines FUTURE configuration as: no SHA-1 signatures DH and RSA parameters minimum 3072 Norman Branitsky Senior Cloud Architect P: 416-916-1752 -----Original Message----- From: Willy Tarreau <w...@1wt.eu> Sent: Wednesday, May 6, 2020 2:00 PM To: HAProxy <haproxy@formilux.org> Cc: eb...@haproxy.com; wlallem...@haproxy.com; remi.gaco...@powerdns.com Subject: about Warning: Setting tune.ssl.default-dh-param to 1024 Hi all, while running on a trivial test config in which I had enabled "zero-warning", my process refused to start due to the good old warning "Setting tune.ssl.default-dh-param to 1024 blah blah". I was almost certain we discussed about switching the default value to 2048 for 2.0 or 2.1 but couldn't find any trace of this, so I must have dreamed or discussed it in person. I've run a quick check on the configs shared on the list over the last two years and found this: $ tail -c80m Mail/lists/haproxy-ml | grep -o 'tune.ssl.default-dh-param[ ]\+[0-9]\+' | awk '{print $1,$2}' |sort|uniq -c|sort -n 1 tune.ssl.default-dh-param 4096 13 tune.ssl.default-dh-param 1024 86 tune.ssl.default-dh-param 2048 Thus it seems that the vast majority of users (exactly 86%) prefer to use 2048 which is also the one recommended in the warning. All I found on the subject was in fact added to the doc by Rémi who implemented the tunable 6 years ago (commit f46cd6e4ec), and he warned: values greater than 1024 bits are not supported by Java 7 and earlier clients Do we still really care given how old this is now and that users can still force the value if they absolutely need it ? As such I think it's about time we change the default value to 2048 and get rid of this annoying warning before 2.2 gets released (and at the same time 86% of the users will be able to remove one cryptic line in their config). This way those who don't know/need it will be more secure by default and those who need it will still be able to. Does anyone have any objection or alternate recommendation ? Thanks, Willy
