 To je 11, takže proč to závodují. Vědějte Tomáš. Máme Tomáš Mrás. Já vrátím v redhead check v Brno v Czech Republic. Já jsem principální software engineer v krypto teamu. Vykladně jsme vytvořili všechno technologi v redhead enterprise Linux. a Fedora, tohlež. Když byme načíli diskusovat, budeme ještě se na věděle. Zvukáváme když kryptopolície. Zvukáváme když kryptopolície, který je výjdon s tím kladem. Zvukáváme když kryptopolície. Protože jsme těžké, a to bude nějaké zvuky. Kryptografa i kryptoanalizáře vždyjí hodně a vždyjí vždyjí vždyjí vždyjí vždyjí a vždyjí vždyjí. You can never be sure, fully sure that once you deploy something that in like next year, you will be secure enough. So you need to accommodate for the changes. Here is some examples of changing technology in terms of crypto protocols, TLS. Vždyť se to, jak protočky byli standardizáře a když jsou větké, kde je to větké. A kde jsou větké, kde jsou větké, kde jsou větké, kde jsou větké, kde jsou větké, kde jsou větké, kde jsou větké, kde jsou větké. Jsou větké, kde jsou větké, kde jsou větké. Jste tady hodně jistí, jak se závodují s s hodiny, s s hodiny, s vládným závodem, jak se závodují, takže je to velmi velmi představlé a se vzávoduje algorithms and protocols and so on, but these guides, here is one of the examples, are very, very long, and you have to go through them, set up, change configuration files, so on. What if you need to apply these crypto settings and changes for the configuration regularly to hundreds of machines, various kinds of machines on your network and some of them are virtual machines maybe and containers or whatever. And the other thing, to complicate things even more, various machines usually have different needs or levels of needs to communicate with legacy devices, various old hardware, Cisco boxes, I don't know what you can have on your network. Crypto policies come to rescue because they are centrally managed on the system, they provide you multiple pre-designed policy levels and they also simplify FIPS support if you care about it, if you are enterprise, want to sell to U.S. government or related institutions. Central, what does it mean? It's central managed on the system. There is a single command updateCrypto policies dash dash set and you provide a level you want to set on your system. This single command manages configuration for all these core crypto libraries as we call them and also some applications on the Fedora or RELL system. These are basically all the core libraries that are used by the base system applications. So when the updateCrypto policies command runs, it transforms simple policy definition file into separate configuration file snippets that are loaded or included by the configuration files of these libraries or applications. Let's talk about the levels that we provide, which we are like kind of pre-designed. The most lenient level is legacy, which provides you 64-bit security about. It also enables RC4 and 3DS, but only for some applications, for the applications or libraries where we decided that it's no longer relevant at all, it's also disabled for these. Here are the levels for Fedora, actually. The default level still enables TLS 1.0 and TLS 1.1, but disables all the RC4 and 3DS. The next policy level, which is actually the default for RELL Enterprise Linux 8, enables only TLS 1.2 and it also requires Diffie-Hellman parameters to be larger than 2 kilobits, the same for RSA and DSA. At the time when we started for Fedora, it was not acceptable because it still broke some websites. But I suppose that in the next release we will drop or change the default for Fedora as well to this level. The future level is kind of special because it allows you to test whether your application or system or whatever is prepared for some of the future changes. Of course, it cannot enable things that are not implemented in the libraries, but it at least drops supports for 128-bit symmetric ciphers, which basically in this particular part it will prepare you for post-quantum situation. And the fifth policy is special because it removes support for all algorithms that are not approved for fifths. And the simplification of the fifth mode with the cryptopolicies is provided also by having just a single command that will enable the system fifth mode for you. Because previously, for example, on relative to price Linux 7 or older releases, you had to follow a few steps that you would have to do to enable the system fifth mode. Now you just run a single command entry boot. So to summarize, the system cryptopolicies provides central management on the system by a single command that controls all the core cryptolibraries and applications using crypto. There are multiple pre-design policy levels, which provide up-to-date security, also communication with legacy systems or preparation for future. And there is a fifth support provided as well and simplification of the fifth mode and implement. And where you can get this tool on current Fedora versions or all the supported Fedora versions and relative enterprise Linux 8. But what if the predefined policy levels don't match your requirements? Now custom cryptopolicies come to rescue, which is a new improvement of this tool. With this feature, you can define your own cryptopolicies from scratch. Or you can modify existing predefined policy levels. How to do that? When you define your full policy from scratch, you place the full policy definition file into one of these two directories. And the file needs to be named policy.pol with the uppercase in the file name is important because otherwise the tool won't recognize it. The format of the file is kind of simple, although you, of course, have to know the names of the algorithms. But as you can see here, you have hash. It's a simple, like key equals value format where most of the values are lists of algorithm names such as here we can have all the various hash algorithms. This is actually excerpt from user share cryptopolicies policies future pool and provide, as you can see, only SHA2 and SHA3 hashes are enabled in the future policy. Here is a setting for key exchanges. This is the group key. Again, you can see here that these are the downburst or the safe crypto curves. And here are the normal list curves and normal defi-helman parameters of these lengths. And in future policy, you can see the minimum TLS version is 1.2. Minimum size of the RSA keys are three kilobits. Of course, there are other values for symmetric ciphers, signature algorithms, and other parameters. But you might probably not want to design your policy from scratch, full policy from scratch. One of the reasons why not to do that is because the various crypto backends or the way how the policy is transformed into the actual configurations file for the libraries has some limitations. Basically, the limitations are due to the way how the libraries are being configured. We did not edit some changes, but we did not try to really reinvent all the configurations for all the libraries. So there are definitely some limitations on what you can set with one library and another. And for that reason, it might be a good idea to just modify existing policy with the so-called policy modifier module. These modules need to be placed into the modules subdirectory, and they have a different suffix p-mode. Again, the uppercase in the name of the module is important. So here will be some examples of the modifiers. For example, you can disable SHA1 hash. You just basically apply these changes to the original policy. That means minus SHA1 means remove SHA1 from the list of the hash algorithms minus RSA, PSS SHA1, RSA SHA1, ECDSA SHA1. Remove these signature algorithms from the list of signature algorithms in the base policy. How to apply this modifier? Basically, with this command, you append with a colon, no SHA1, you append it to the base policy, and the policy will be modified accordingly. Of course, there is no limitation if you have a module on which base policy you apply it. It can be applied on any other policy, like future. But for future policy, it has no effect, because the SHA1 is already disabled there. By default, Camelia is enabled only for non-TLS applications or protocols. With this plus name of the algorithm, you add it to the list of the enabled algorithms for TLS. In the base policy, if the Camelia is already enabled, if you add it again, there is no error or no problem with that. It's a good idea to be for sure that I enable it everywhere. I put it for both TLS and non-TLS ciphers. The other option is to put the plus after the name of the algorithm, which just changes the order where the algorithms are put. Before the name of the algorithm, it will be inserted on the beginning of the list. If you put it at the end of the algorithm name, it will be put last or appended to the list. You can, for example, disable all TLS protocol versions in legacy policy by these settings. There is a kind of duplication, because some of the backends of the libraries don't allow to selectively disable protocol by protocol. For these backends, there is the main TLS version. For the others, you can selectively use this list to disable all the protocols you don't want. SSL3, by the way, is already dropped, removed, disabled. No need to disable it anywhere, because it's already dropped from the libraries. Here is another example to just make the future policy a little bit more lenient, because most of the websites have only two kilobits RSA keys for certificates. This is the most probable reason why, if you set future policy, you won't be able to connect too many websites. You could adjust the future policy with this modifier, and you would be probably almost possible to use for future policy for regular web browsing. Or you can only allow, for example, ECDH and ECDH with pressure keys. This is basically the situation for open SSL on TLS 1.3 already, because it does not support the FFDH groups on TLS 1.3. It supports only forward secrecy enabling key exchanges. By this way, you just remove all the remaining algorithms from the key exchange. There is a kind of deficiency, because what would be more logical would be to have the policy modifier to just set the ECDH and ECDH PSK to key exchange, but the current version doesn't support this. The multiple policy modifiers can be applied at once. Basically, you just put all these one after another. The important thing to understand is that the generation of the actual configuration files for the libraries is done at the configured time. Basically, when you run the Update Crypto Polices script. This is important because this allows for changing things in new versions of the Update Crypto Polices tool. For example, open SSL back end could allow more fine grained selection of the algorithms, because currently it's kind of simple. Or even new back end could be added to be supported. For example, we are planning to have, for example, go language supported with a separate configuration. You would not need to regenerate your policy files or whatever. You would just automatically on the upgrade of the package the configuration will be updated and everything will be good, hopefully. So to summarize, with custom crypto policies you can define your crypto policy from scratch in a simple policy definition file. Or you can modify existing predefined policy levels by adding or removing enabled algorithms or protocols. And the generation of back end configurations is done when Update Crypto Polices script is run. The future plans. One big thing had is handling of Shawan deprecation. This is one of the reasons why we need to change the back end for open SSL. We need to be able to basically selectively disable Shawan. Currently this is not possible easily. And yeah, that's basically what I've already talked about. The fine grained back end configurations for GNU TLS is already improved. It was in previous versions, it was on the more similar level to open SSL. And yeah, we would like to at some point think about data at rest support, but that's a much harder topic. Currently, mostly the crypto policies affect only the protocol usage of our algorithms in data and transit. So quick summary, single command to rule them all. Algorithms and libraries, multiple predefined policy levels, custom crypto policies can be created from scratch by policy modification. And there is simple policy definition format. Thank you. Any questions? Do these policies also apply to containers running on the operating system? They would apply to containers only if you inside the container you have the system with the policies. Basically, if you have Fedora inside the container or L8, you will have crypto policies. It depends on your use case. Is there any support to distinguish between client and server connections? So say you're trying to insist that clients connect to your service with a particular level, but then your service then has to connect to another service with a different level. Some make sense? So you talk to a legacy system, say? If you have multiple systems connect... Well, just between the connecting client and then say your service has to then connect to another legacy service, which has a, you can't control the crypto you can use on it. Can you define a policy for the incoming connections to be at a high level, say for the clients on the general internet, but then you can have a level for your legacy? Really, maybe I don't understand the question really, but basically the policies apply to the whole system. They don't like selectively apply to servers, clients, whatever. They are like kind of general things to be simple, like for the admin to select. So if you have any questions further, I will answer it outside.