CentOS 8: FUTURE Security Policy AES256-CBC

I am trying to disable the AES256-CBC cipher used in the OpenSSH server on CentOS 8, while keeping the security policy set to FUTURE.

Based off of the table at this page (see "Cipher suites and protocols enabled in the crypto-policies levels"), it seems that the FUTURE crypto-policy should not enable the CBC mode ciphers (see 'no' in the cell corresponding to 'FUTURE' and 'CBC mode ciphers').

I ran this command to change my CentOS 8 system from DEFAULT to FUTURE:

sudo update-crypto-policies --set FUTURE

Followed by a reboot:

sudo reboot

However, a Nessus scan shows that the SSH service supports the 'aes256-cbc' algorithm. This output corresponds to this Nessus plugin.

After some investigation, it seems that the FUTURE security policy files for the service (and the client) do indeed contain 'aes256-cbc':

$ grep aes256-cbc /usr/share/crypto-policies/FUTURE/openssh*.txt
/usr/share/crypto-policies/FUTURE/opensshserver.txt:CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc -oMACs=umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 -oGSSAPIKeyExchange=no -oKexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 -oHostKeyAlgorithms=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com'
/usr/share/crypto-policies/FUTURE/openssh.txt:Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc

I could either make SSH opt-out of the global security policy (and set Ciphers in sshd_config manually) or edit the /usr/share/crypto-policies/FUTURE/openssh*.txt files manually to exclude CBC, but I don't like the idea of either of these.

Is this possibly a bug in the Centos 8 security policy configuration, or is there some way to disable CBC without manually specifying a cipher list?

Best Answer

After some hours of work, i solved it

You need to create a customized policy inside the directory /etc/crypto-policies/policies/modules/, setting the rules to disable CBC ciphers

Example

vim /etc/crypto-policies/policies/modules/NO-CBC.pmod

In this file, you should put all the ciphers you want to disable, like this:

tls_cipher = -AES-256-CBC -AES-128-CBC
cipher = -AES-128-CBC -AES-256-CBC -CAMELLIA-256-CBC -CAMELLIA-128-CBC
ssh_cipher = -AES-128-CBC -AES-256-CBC

After saving that, you need to load the policies with the modification that you created. In my case, i'm using the "FUTURE" policy. You can choose any policy, but don't forget to set up the modifier, like this:

update-crypto-policies --set FUTURE:NO-CBC

Now, just restart sshd service, and CBC will be disabled.

systemctl restart sshd

Best Answer

Related Solutions

Ssh authentication nfs

Centos – Security measures for CentOS

Related Topic