Security
System-wide crypto policy in RHEL 8
In the Enterprise IT, the security landscape is constantly evolving. Without robust cryptographic integrity protections, information can be altered by unauthorized users without detection. With Red Hat Enterprise Linux 8.0 the system-wide crypto policy was introduced. This component configures the core cryptographic subsystems, covering TLS, IPSec, DNSSec, Kerberos, and secure communication protocols. This allows to apply a consistent cryptographic policy at scale. The predefined policies are DEFAULT, LEGACY, FUTURE, FIPS. The default system-wide crypto policy is set to DEFAULT by Red Hat. Beside the vendor-specific policies, it is possible to specify customized crypto policies.
More information here: System-wide crypto policies
Swisscom crypto policy in RHEL 8
On Managed RHEL 8 VMs, the SWISSCOM customized crypto policy is enabled and enforced with Puppet. You can check the enabled crypto policy by using the update-crypto-policies tool:
$ update-crypto-policies --show
SWISSCOM
The table below shows the relevant differences between the SWISSCOM and the vendor-specific DEFAULT crypto policy. The enabled SWISSCOM crypto policy is a conservative policy for today’s security standards. It allows the TLS 1.2 and 1.3 protocols, as well as IKEv2 and SSH2. The RSA and Diffie-Hellman parameters are accepted if larger than 2047 respectively 3071 bits. The policy provides at least 128-bit security, except for SHA-1 signatures needed for DNSSec and other still prevalent legacy use of SHA-1 signatures.
| SWISSCOM Policy | DEFAULT Policy | |
|---|---|---|
| TLS v1.0 | no | no |
| TLS v1.1 | no | no |
| TLS v1.2 | yes | yes |
| TLS v1.3 | yes | yes |
| Internet Key Exchange (IKE) v1 | no | no |
| Internet Key Exchange (IKE) v2 | yes | yes |
| Diffie-Hellman (DH) key size | min. 2048-bit | min. 2048-bit |
| DSA key size | min. 3072-bit | min. 2048-bit |
| RSA key size | min. 3072-bit | min. 2048-bit |
| SHA-1 in digital signatures | yes | yes |
| OpenSSH certificate authentication | yes | yes |
| OpenSSH EtM (encrypt-then-mac) extension | yes | yes |
| Message Authentication Code (MAC) | all HMAC with SHA-256 or better | all HMAC with SHA-1 or better |
| Cryptographic hash | all with SHA-256 hash or better | all with SHA-1 hash or better |
| Signature algorithm | all with SHA-256 hash or better (no DSA) | all with SHA-1 hash or better (no DSA) |
| Key exchange algorithm | ECDHE, RSA, DHE, DHE-RSA | ECDHE, RSA, DHE, DHE-RSA, PSK, DHE-PSK, ECDHE-PSK, ECDHE-GSS, DHE-GSS |
| TLS ciphers | min. 256-bit key, min. 128-bit block, including AES, ChaCha20, AES-CBC | min. 128-bit key, min. 128-bit block, including AES, ChaCha20, AES-CBC |
| Non-TLS ciphers | same as TLS ciphers with added Camellia | same as TLS ciphers with added Camellia |
| Groups or elliptic curves | all prime >= 255 bits (including Bernstein curves) | all prime >= 255 bits (including Bernstein curves) |