Open btaubmann opened 3 days ago
Hi, could you try running scripts/full-initialize-repo.sh
and let us know if you still see this behavior? setup-initial-patch.sh
only generates the initial patch, whereas full-initialize-repo.sh
will generate the patch and apply all of patches/* to the tree.
I've just updated the README.md in #209 accordingly.
@dbenoit17 Thanks for the help. I tried it again with scripts/full-initialize-repo.sh
and it's still not working for me.
I suggest making sure that the system is properly switched to FIPS mode. Afaik OPENSSL_FORCE_FIPS_MODE
is a downstream feature (on Fedora, etc.) and not supported in Debian. Aside from that GOLANG_FIPS=1
might also need to be set the Go runtime to be FIPS mode.
I reproduced the same issue in a fedora container (docker run -it fedora /bin/bash
)
Here again the full list of commands:
yum install dnsutils make vim git wget procps
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin
git clone https://github.com/golang-fips/go.git go-fips
cd go-fips
scripts/full-initialize-repo.sh
export PATH=/root/go-fips/go/bin/:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which go
cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
go build
env OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &
cd
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
Doing env GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &
also does not help
@dbenoit17 pointed that building in the fedora container results in CGO disabled, as gcc is not installed by default. Maybe you could try installing gcc first with the yum command line.
That does not change anything.
I tried now with RHEL
docker run -it registry.access.redhat.com/ubi8/ubi:8.1 bash
yum install -y bind-utils make vim git wget procps gcc
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
cd
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin
cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
env GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &
cd
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
In this case, testssl did not show TLS_CHACHA20_POLY1305_SHA256 cipher, but I see that the http daemon is crashing while testing
2024/07/04 09:27:13 http: panic serving 127.0.0.1:39012: runtime error: invalid memory address or nil pointer dereference
goroutine 277 [running]:
net/http.(*conn).serve.func1()
/root/go-fips/go/src/net/http/server.go:1898 +0xbe
panic({0x6abde0?, 0xb13d50?})
/root/go-fips/go/src/runtime/panic.go:770 +0x132
internal/godebug.(*Setting).IncNonDefault(0x6aaa00?)
/root/go-fips/go/src/internal/godebug/godebug.go:102 +0x12
crypto/tls.(*serverHandshakeState).pickCipherSuite(0xc0001e4c30)
/root/go-fips/go/src/crypto/tls/handshake_server.go:374 +0x205
crypto/tls.(*serverHandshakeState).handshake(0xc0001e4c30)
/root/go-fips/go/src/crypto/tls/handshake_server.go:100 +0x138
crypto/tls.(*Conn).serverHandshake(0xc0001e9508, {0x776f30, 0xc000326820})
/root/go-fips/go/src/crypto/tls/handshake_server.go:61 +0x111
crypto/tls.(*Conn).handshakeContext(0xc0001e9508, {0x776ef8, 0xc000342180})
/root/go-fips/go/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
/root/go-fips/go/src/crypto/tls/conn.go:1493
net/http.(*conn).serve(0xc0003cb3b0, {0x776ef8, 0xc00009f440})
/root/go-fips/go/src/net/http/server.go:1921 +0xe85
created by net/http.(*Server).Serve in goroutine 1
/root/go-fips/go/src/net/http/server.go:3285 +0x4b4
Also I tried go-toolset directly
docker run -it registry.access.redhat.com/ubi8/ubi:8.1 bash
yum install -y bind-utils make vim git wget procps gcc go-toolset
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
env GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 ./fips-echo-server &
cd
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
But this also shows
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 256 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
I tried (on fedora container, gcc installed), and it works for me:
# fake kernel FIPS mode
mkdir /tmp/crypto
echo 1 > /tmp/crypto/fips_enabled
podman run -ti -v /tmp/crypto:/proc/sys/crypto:Z fedora bash
yum install -y dnsutils make vim git wget procps gcc
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
cd
wget https://go.dev/dl/go1.21.12.linux-amd64.tar.gz
tar xf go1.21.12.linux-amd64.tar.gz
export PATH=$PATH:/root/go/bin
git clone https://github.com/golang-fips/go.git go-fips
cd go-fips
scripts/full-initialize-repo.sh
export PATH=/root/go-fips/go/bin/:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
which go
cd
git clone https://github.com/igor-kupczynski/fips-echo-server.git
cd fips-echo-server
go build
./fips-echo-server &
cd
git clone https://github.com/drwetter/testssl.sh.git
cd testssl.sh
bash testssl.sh localhost:8443
TLSv1.3 (server order)
x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256
x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384
I also observe some panics though.
Thanks @ueno that sheds some light on the problem. I tried this on ubi and on fedora container:
docker run --cap-add SYS_ADMIN -it registry.access.redhat.com/ubi8/ubi bash
[root@f98b6b3cf070 /]# openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021
[root@f98b6b3cf070 /]# mount -t tmpfs none /proc/sys/crypto/
[root@f98b6b3cf070 /]# echo 1 > /proc/sys/crypto/fips_enabled
[root@f98b6b3cf070 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:AES256-GCM-SHA384:AES256-CCM:PSK-AES256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:AES128-GCM-SHA256:AES128-CCM:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ECDHE-PSK-3DES-EDE-CBC-SHA:RSA-PSK-3DES-EDE-CBC-SHA:DHE-PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
[root@f98b6b3cf070 /]# echo 0 > /proc/sys/crypto/fips_enabled
[root@f98b6b3cf070 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:AECDH-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM8:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM8:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM8:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM8:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256:ECDHE-PSK-RC4-SHA:RSA-PSK-RC4-SHA:DHE-PSK-RC4-SHA:RC4-SHA:PSK-RC4-SHA:ECDHE-PSK-3DES-EDE-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:RSA-PSK-3DES-EDE-CBC-SHA:DHE-PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:NULL-MD5:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
And again on fedora
docker run --cap-add SYS_ADMIN -it fedora bash
yum install util-linux-ng openssl
[root@8a7e342bdca0 /]# openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
[root@8a7e342bdca0 /]# mount -t tmpfs none /proc/sys/crypto/
echo 1 > /proc/sys/crypto/fips_enabled
openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ADH-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ADH-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:PSK-AES256-GCM-SHA384:PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:DHE-PSK-AES256-CCM8:DHE-PSK-AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:DHE-PSK-NULL-SHA:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
[root@8a7e342bdca0 /]# echo 0 > /proc/sys/crypto/fips_enabled
[root@8a7e342bdca0 /]# openssl ciphers 'ALL:eNULL'
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ADH-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM8:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-AES256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-AES128-SHA256:ADH-CAMELLIA128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:DHE-PSK-AES256-CCM8:DHE-PSK-AES128-CCM8:AES256-CCM8:AES128-CCM8:PSK-AES256-CCM8:PSK-AES128-CCM8:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-CAMELLIA128-SHA256:ECDHE-ECDSA-NULL-SHA:ECDHE-RSA-NULL-SHA:AECDH-NULL-SHA:NULL-SHA256:ECDHE-PSK-NULL-SHA384:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-NULL-SHA:RSA-PSK-NULL-SHA384:RSA-PSK-NULL-SHA256:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:RSA-PSK-NULL-SHA:DHE-PSK-NULL-SHA:NULL-SHA:NULL-MD5:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-NULL-SHA
Fedora and ubi use different openssl versions. And the openssl version of fedora does not list TLS_CHACHA20_POLY1305_SHA256 in when fips_enabled = 1.
And I tried the same on ubi 9
docker run --cap-add SYS_ADMIN -it registry.access.redhat.com/ubi8/ubi bash
<compilation steps from above>
mount -t tmpfs none /proc/sys/crypto/
echo 1 > /proc/sys/crypto/fips_enabled
...
x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256
x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384
But I still see several crashes of the fips-echo-server
2024/07/04 13:49:32 http: panic serving 127.0.0.1:41260: runtime error: invalid memory address or nil pointer dereference
goroutine 30 [running]:
net/http.(*conn).serve.func1()
/root/go-fips/go/src/net/http/server.go:1898 +0xbe
panic({0x6a5880?, 0x90ed50?})
/root/go-fips/go/src/runtime/panic.go:770 +0x132
internal/godebug.(*Setting).IncNonDefault(0x6a44a0?)
/root/go-fips/go/src/internal/godebug/godebug.go:102 +0x12
crypto/tls.(*serverHandshakeState).pickCipherSuite(0xc0001f8000)
/root/go-fips/go/src/crypto/tls/handshake_server.go:374 +0x205
crypto/tls.(*serverHandshakeState).handshake(0xc0001f8000)
/root/go-fips/go/src/crypto/tls/handshake_server.go:100 +0x138
crypto/tls.(*Conn).serverHandshake(0xc0001f0388, {0x7709d0, 0xc0000df860})
/root/go-fips/go/src/crypto/tls/handshake_server.go:61 +0x111
crypto/tls.(*Conn).handshakeContext(0xc0001f0388, {0x770998, 0xc0001ee660})
/root/go-fips/go/src/crypto/tls/conn.go:1553 +0x3cb
crypto/tls.(*Conn).HandshakeContext(...)
/root/go-fips/go/src/crypto/tls/conn.go:1493
net/http.(*conn).serve(0xc0001ba510, {0x770998, 0xc00009b110})
/root/go-fips/go/src/net/http/server.go:1921 +0xe85
created by net/http.(*Server).Serve in goroutine 1
/root/go-fips/go/src/net/http/server.go:3285 +0x4b4
Note that Go TLS stack doesn't use libssl.so from OpenSSL, so the output of openssl ciphers is not relevant. As for the panic, it seems to be known in upstream and will be fixed when rebasing to 1.22.5.
@ueno Thanks that helps. So my fault was that I didn't set /proc/sys/crypto/fips_enabled
to 1.
It might be good to add that to the documentation as well, in case people want to to play around with it.
A server that is compiled with golang-fips (master) and go1.22 still offers TLS_CHACHA20_POLY1305_SHA256 which is not FIPS compliant. Is this a bug or is it a requirement to turn off TLSv1.3 completely?
Steps to repro on debian: