Configuring System Cryptograpic Policies
From Oracle Linux 8 onward, Oracle Linux provides a facility to set a system-wide cryptographic policy. Many applications implement cryptographic protocols to secure communications or to encrypt data. Historically, applications have maintained their own configuration of cryptographic policies in various ways, which meant that changing cryptographic policy across an entire system needed to be performed for each application and often the configuration method differed from application to application.
The ability to define a system-wide cryptographic policy that applications can hook into often reduces administrative overhead and simplifies the process. An administrator can configure the system-wide cryptographic policy and have confidence that most applications can use the same policy, by default.
Policies enable an administrator to configure:
- TLS/SSL (and DTLS) versions that are accepted
- Ciphersuites that are accepted and the preferred order
- Parameters that are accepted for certificates and key exchange, including:
- the minimum acceptable size of parameters (DH,ECDH,RSA,DSA,ECDSA),
- the acceptable elliptic curves (ECDH,ECDSA),
- the acceptable signature hash functions.
- Other TLS options including safe-renegotiation
Most of the major cryptographic software on Oracle Linux is already configured to use the system-wide cryptographic policy by default. Applications that are configured to behave in this manner include important applications such as OpenSSH and bind, in addition to any applications that use the OpenSSL, GnuTLS, NSS, libkrb5 libraries and
Configuring system-wide policy doesn't enforce behavior across the system. That policy
provides a common configuration across a wide variety of applications. Any application that's
not designed to use the system-wide policy continues to function according to the different
policy configuration that it uses. Many applications also provide options to override the
system-wide cryptographic policy if required. For example, OpenSSH provides options to set
different cryptographic policies on the server and client applications, and commands such as
wget and curl provide options to define a custom cipher
selection and order by using the --ciphers option, effectively overriding the
system-wide policy.
The system-wide policy defines the default cryptographic behavior within applications so that you can harden a system and remove insecure protocols to match your security requirements.
Oracle Linux includes the update-crypto-policies command that can be used to configure which cryptographic algorithms, ciphers, and protocols are enabled on a system for use by applications and services. That command can be used to either relax policy or to harden it further.
For more information on this tool and the applications that are
affected by it, see the crypto-policies(7)
and update-crypto-policies(8) manual pages.
About Predefined Policies
- LEGACY: Configures certain legacy protocols to maximize compatibility with legacy systems. It includes enabling 3DES, RC1, DSA, TLSv1.0 and TLSv1.1. It also sets a 1024 bit minimum parameter size for DH and RSA. Protocols and values specified in this policy aren't considered highly secure but aren't easily exploitable.
- DEFAULT: Configures standard modern protocols including TLSv1.2 and TLSv1.3 , IKEv2 and SSH2. It sets a 2048 bit minimum parameter size for DH and RSA.
- FIPS: Configures the system to meet FIPS 140-2 requirements for cryptographic policies. This policy is enabled by the
fips-mode-setupcommand used to enable FIPS mode on an Oracle Linux system. See Configuring FIPS Mode in Oracle Linux 8 for more information on using this policy. - FUTURE: A conservative policy level that disables SHA-1 and CBC and sets a 3072 bit minimum parameter size for DH and RSA. This policy can disable communications with many older systems but is worth exploring to decide what actions you can perform in future to ensure that applications continue to function securely.
Restrictions in these policies can change over time as new secure default values are decided.
You can use the update-crypto-policies tool to view the current system
policy and to change which policy is applied to the system.
Reviewing the Current System-Wide Policy
Any user can review the current system-wide cryptographic policy by running:
update-crypto-policies --show
Setting the System-Wide Policy
Switching between cryptographic policies on Oracle Linux can be achieved using the
update-crypto-policies --set command with the name of the policy.
For example, to switch to the LEGACY policy, run:
sudo update-crypto-policies --set LEGACY
The policy is updated immediately and any applications that are enabled to use the system-wide cryptographic policy work with the new policy immediately when they're run or restarted. Because some applications might already be running using a custom policy it's good practice to reboot the system after changing policy to ensure that all applications are using the correct policy.
To switch back to the DEFAULT policy, run:
sudo update-crypto-policies --set DEFAULT
Extending a Policy By Using Modules
You can customize the system-wide policy by creating a policy module or a subpolicy. You can
fine-tune a policy without needing to create an entire policy from scratch by
creating a module. For example, if you intended to use the
DEFAULT system policy and also disable the weaker SHA-1
hash functionality in all applications, rather than rewriting the entire DEFAULT
system policy, you can apply a module by setting the DEFAULT policy with an
appended module for example:
sudo update-crypto-policies --set DEFAULT:NO-SHA1
Oracle Linux provides some extra modules that have already been configured and can be used
immediately in the /usr/share/crypto-policies/policies/modules/
directory.
You can create custom modules in the /etc/crypto-policies/policies/modules/
directory. Modules must be named in uppercase and have a lowercase
.pmod extension. For example, you can create a module named
/etc/crypto-policies/policies/modules/NO-AES-128.pmod to
add this content to the file to disable the AES-128 cipher entirely:
# Disable the AES-128 cipher cipher = -AES-128-*
Note that to disable the cipher, you must prefixed it with a - character. To
enable a functionality, specify it without a prefix. In the example, the
* character is also used to specify a wildcard so that the
rule matches all modes of the AES-128 cipher.
You can also chain modules together when you set the system-wide cryptograpic policy:
sudo update-crypto-policies --set DEFAULT:NO-SHA1:NO-AES-128
For more information about the syntax for policy definition files, see the
crypto-policies(7) manual pages.
Creating a New System-Wide Cryptographic Policy
You can create a custom cryptographic policy from scratch instead of using any of the
predefined policies provided with Oracle Linux. Policies can be defined in the
/etc/crypto-policies/policies/ directory. Policy file names
must be uppercase and end in the lowercase suffix .pol. Policy
files use the INI file format with standard key = value
entries.
The predefined policies provided with Oracle Linux are stored in the
/usr/share/crypto-policies/policies/ directory. To define a
custom policy, you can copy an existing policy and then configure it as you need.
For example:
sudo cp /usr/share/crypto-policies/policies/DEFAULT.pol /etc/crypto-policies/policies/MYPOLICY.pol
See the section titled "CRYPTO POLICY DEFINITON FORMAT" in the
crypto-policies(7) manual page for more information about
the file format and structure.
When you have finished editing the custom policy, you can enable it with this command:
sudo update-crypto-policies --set MYPOLICY
Remember to reboot the system after enabling a custom system-wide policy so that it's enabled for all running services.
Note:
Consider whether you can achieve what you need to do by extending an existing policy using a module. Maintaining a custom system-wide cryptographic policy requires that you consistently monitor new security standards and research, so by extending the predefined policies to meet security requirements you can avoid needing to maintaining an entire policy by yourself.