Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLSv1.3 and TLS_CHACHA20_POLY1305_SHA256 #208

Open
btaubmann opened this issue Jul 2, 2024 · 14 comments
Open

TLSv1.3 and TLS_CHACHA20_POLY1305_SHA256 #208

btaubmann opened this issue Jul 2, 2024 · 14 comments

Comments

@btaubmann
Copy link

A server that is compiled with golang-fips (master) and go1.22 still offers TLS_CHACHA20_POLY1305_SHA256 which is not FIPS compliant.
Is this a bug or is it a requirement to turn off TLSv1.3 completely?

Steps to repro on debian:

./scripts/setup-initial-patch.sh release-branch.go1.22
cd go/src/
bash all.bash
export PATH=...

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
go build
env OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
...
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256
@dbenoit17
Copy link
Collaborator

Hi, could you try running scripts/full-initialize-repo.sh and let us know if you still see this behavior? setup-initial-patch.sh only generates the initial patch, whereas full-initialize-repo.sh will generate the patch and apply all of patches/* to the tree.

@dbenoit17
Copy link
Collaborator

I've just updated the README.md in #209 accordingly.

@btaubmann
Copy link
Author

@dbenoit17 Thanks for the help. I tried it again with scripts/full-initialize-repo.sh and it's still not working for me.

@ueno
Copy link
Collaborator

ueno commented Jul 2, 2024
edited
Loading

I suggest making sure that the system is properly switched to FIPS mode. Afaik OPENSSL_FORCE_FIPS_MODE is a downstream feature (on Fedora, etc.) and not supported in Debian. Aside from that GOLANG_FIPS=1 might also need to be set the Go runtime to be FIPS mode.

@btaubmann
Copy link
Author

I reproduced the same issue in a fedora container (docker run -it fedora /bin/bash)

Here again the full list of commands:

yum install dnsutils make vim git wget procps
git config --global user.email "[email protected]"
git config --global user.name "Your Name"

wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin

git clone https://github.com/golang-fips/go.git go-fips
cd go-fips
scripts/full-initialize-repo.sh
export PATH=/root/go-fips/go/bin/:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which go

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
go build
env OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443

@btaubmann
Copy link
Author

Doing env GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server & also does not help

@ueno
Copy link
Collaborator

ueno commented Jul 4, 2024

@dbenoit17 pointed that building in the fedora container results in CGO disabled, as gcc is not installed by default. Maybe you could try installing gcc first with the yum command line.

@btaubmann
Copy link
Author

That does not change anything.

@btaubmann
Copy link
Author

I tried now with RHEL

docker run -it registry.access.redhat.com/ubi8/ubi:8.1 bash
yum install -y bind-utils make vim git wget procps gcc
git config --global user.email "[email protected]"
git config --global user.name "Your Name"

cd
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
env GOLANG_FIPS=1  OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443

In this case, testssl did not show TLS_CHACHA20_POLY1305_SHA256 cipher, but I see that the http daemon is crashing while testing

2024/07/04 09:27:13 http: panic serving 127.0.0.1:39012: runtime error: invalid memory address or nil pointer dereference
goroutine 277 [running]:
net/http.(*conn).serve.func1()
	/root/go-fips/go/src/net/http/server.go:1898 +0xbe
panic({0x6abde0?, 0xb13d50?})
	/root/go-fips/go/src/runtime/panic.go:770 +0x132
internal/godebug.(*Setting).IncNonDefault(0x6aaa00?)
	/root/go-fips/go/src/internal/godebug/godebug.go:102 +0x12
crypto/tls.(*serverHandshakeState).pickCipherSuite(0xc0001e4c30)
	/root/go-fips/go/src/crypto/tls/handshake_server.go:374 +0x205
crypto/tls.(*serverHandshakeState).handshake(0xc0001e4c30)
	/root/go-fips/go/src/crypto/tls/handshake_server.go:100 +0x138
crypto/tls.(*Conn).serverHandshake(0xc0001e9508, {0x776f30, 0xc000326820})
	/root/go-fips/go/src/crypto/tls/handshake_server.go:61 +0x111
crypto/tls.(*Conn).handshakeContext(0xc0001e9508, {0x776ef8, 0xc000342180})
	/root/go-fips/go/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
	/root/go-fips/go/src/crypto/tls/conn.go:1493
net/http.(*conn).serve(0xc0003cb3b0, {0x776ef8, 0xc00009f440})
	/root/go-fips/go/src/net/http/server.go:1921 +0xe85
created by net/http.(*Server).Serve in goroutine 1
	/root/go-fips/go/src/net/http/server.go:3285 +0x4b4

Also I tried go-toolset directly

docker run -it registry.access.redhat.com/ubi8/ubi:8.1 bash
yum install -y bind-utils make vim git wget procps gcc go-toolset
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
env GOLANG_FIPS=1  OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &
cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443

But this also shows
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 256 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256

@ueno
Copy link
Collaborator

ueno commented Jul 4, 2024

I tried (on fedora container, gcc installed), and it works for me:

# fake kernel FIPS mode
mkdir /tmp/crypto
echo 1 > /tmp/crypto/fips_enabled
podman run -ti -v /tmp/crypto:/proc/sys/crypto:Z fedora bash

yum install -y dnsutils make vim git wget procps gcc
git config --global user.email "[email protected]"
git config --global user.name "Your Name"

cd
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin

git clone https://github.com/golang-fips/go.git go-fips
cd go-fips
scripts/full-initialize-repo.sh
export PATH=/root/go-fips/go/bin/:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which go

cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
./fips-echo-server &

cd 
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
TLSv1.3 (server order)
 x1301   TLS_AES_128_GCM_SHA256            ECDH 256   AESGCM      128      TLS_AES_128_GCM_SHA256                             
 x1302   TLS_AES_256_GCM_SHA384            ECDH 256   AESGCM      256      TLS_AES_256_GCM_SHA384

I also observe some panics though.

@btaubmann
Copy link
Author

Thanks @ueno that sheds some light on the problem. I tried this on ubi and on fedora container:

docker run --cap-add SYS_ADMIN -it registry.access.redhat.com/ubi8/ubi bash
[root@f98b6b3cf070 /]# openssl version
OpenSSL 1.1.1k  FIPS 25 Mar 2021
[root@f98b6b3cf070 /]# mount -t tmpfs none /proc/sys/crypto/
[root@f98b6b3cf070 /]# echo 1 > /proc/sys/crypto/fips_enabled
[root@f98b6b3cf070 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:AES256-GCM-SHA384:AES256-CCM:PSK-AES256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:AES128-GCM-SHA256:AES128-CCM:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ECDHE-PSK-3DES-EDE-CBC-SHA:RSA-PSK-3DES-EDE-CBC-SHA:DHE-PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
[root@f98b6b3cf070 /]# echo 0 > /proc/sys/crypto/fips_enabled
[root@f98b6b3cf070 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:AECDH-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM8:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM8:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM8:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM8:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256:ECDHE-PSK-RC4-SHA:RSA-PSK-RC4-SHA:DHE-PSK-RC4-SHA:RC4-SHA:PSK-RC4-SHA:ECDHE-PSK-3DES-EDE-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:RSA-PSK-3DES-EDE-CBC-SHA:DHE-PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:NULL-MD5:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA

And again on fedora

docker run --cap-add SYS_ADMIN -it fedora bash
yum install util-linux-ng openssl
[root@8a7e342bdca0 /]# openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
[root@8a7e342bdca0 /]# mount -t tmpfs none /proc/sys/crypto/
echo 1 > /proc/sys/crypto/fips_enabled
openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ADH-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ADH-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:PSK-AES256-GCM-SHA384:PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:DHE-PSK-AES256-CCM8:DHE-PSK-AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:DHE-PSK-NULL-SHA:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
[root@8a7e342bdca0 /]# echo 0 > /proc/sys/crypto/fips_enabled
[root@8a7e342bdca0 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:DHE-PSK-AES256-CCM8:DHE-PSK-AES128-CCM8:AES256-CCM8:AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:NULL-MD5:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA

Fedora and ubi use different openssl versions. And the openssl version of fedora does not list TLS_CHACHA20_POLY1305_SHA256 in when fips_enabled = 1.

@btaubmann
Copy link
Author

And I tried the same on ubi 9

docker run --cap-add SYS_ADMIN -it registry.access.redhat.com/ubi8/ubi bash
<compilation steps from above>
mount -t tmpfs none /proc/sys/crypto/
echo 1 > /proc/sys/crypto/fips_enabled
...
 x1301   TLS_AES_128_GCM_SHA256            ECDH 256   AESGCM      128      TLS_AES_128_GCM_SHA256
 x1302   TLS_AES_256_GCM_SHA384            ECDH 256   AESGCM      256      TLS_AES_256_GCM_SHA384

But I still see several crashes of the fips-echo-server

2024/07/04 13:49:32 http: panic serving 127.0.0.1:41260: runtime error: invalid memory address or nil pointer dereference
goroutine 30 [running]:
net/http.(*conn).serve.func1()
	/root/go-fips/go/src/net/http/server.go:1898 +0xbe
panic({0x6a5880?, 0x90ed50?})
	/root/go-fips/go/src/runtime/panic.go:770 +0x132
internal/godebug.(*Setting).IncNonDefault(0x6a44a0?)
	/root/go-fips/go/src/internal/godebug/godebug.go:102 +0x12
crypto/tls.(*serverHandshakeState).pickCipherSuite(0xc0001f8000)
	/root/go-fips/go/src/crypto/tls/handshake_server.go:374 +0x205
crypto/tls.(*serverHandshakeState).handshake(0xc0001f8000)
	/root/go-fips/go/src/crypto/tls/handshake_server.go:100 +0x138
crypto/tls.(*Conn).serverHandshake(0xc0001f0388, {0x7709d0, 0xc0000df860})
	/root/go-fips/go/src/crypto/tls/handshake_server.go:61 +0x111
crypto/tls.(*Conn).handshakeContext(0xc0001f0388, {0x770998, 0xc0001ee660})
	/root/go-fips/go/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
	/root/go-fips/go/src/crypto/tls/conn.go:1493
net/http.(*conn).serve(0xc0001ba510, {0x770998, 0xc00009b110})
	/root/go-fips/go/src/net/http/server.go:1921 +0xe85
created by net/http.(*Server).Serve in goroutine 1
	/root/go-fips/go/src/net/http/server.go:3285 +0x4b4

@ueno
Copy link
Collaborator

ueno commented Jul 4, 2024

Note that Go TLS stack doesn't use libssl.so from OpenSSL, so the output of openssl ciphers is not relevant. As for the panic, it seems to be known in upstream and will be fixed when rebasing to 1.22.5.

@btaubmann
Copy link
Author

@ueno Thanks that helps. So my fault was that I didn't set /proc/sys/crypto/fips_enabled to 1.
It might be good to add that to the documentation as well, in case people want to to play around with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ueno @dbenoit17 @btaubmann