Bugzilla – Bug 1203551
SSL certificate problem: CA certificate key too weak
Last modified: 2023-07-28 10:34:42 UTC
Good afternoon! I'm using Fedora Linux with a FUTURE cryptographic policy. One of differences is that the RSA should be min. 3072-bit. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening In an attempt to install a package from the openSUSE Build Service repository, I have an error: >Errors during downloading metadata for repository: > - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://download.opensuse.org/repositories/ [SSL certificate problem: CA certificate key too weak] I think the point is R3 RSA Public Key size 2048. Could you use ECDSA/EdDSA CA certificate?
We have this open since some time: https://github.com/openSUSE/open-build-service/pull/12528 current issue seems to be that some UEFI bios would be unable to boot with that default..
There's no description of the problem, I'm not sure the problem matches mine. I'm writing about HTTPS problem, not UEFI.
Okay, but this boils down to the discussion about the letsencrypt CA key length here: https://github.com/certbot/certbot/issues/2080 This is out of our control, our cert key size is already 4k, but we have no control over the CA which is still 2k. IMHO this needs a discussion between the people who select the Fedora default and letsencrypt.... This WONTFIX is basically a CANTFIX ...
This is about the CA cert for Let's Encrypt. According to https://letsencrypt.org/certificates/, they don't offer much to choose from: Let's Encrypt R3 (RSA 2048) Let's Encrypt E1 (ECDSA P-384, limited availability)
Can you upgrade to Let's Encrypt E1 (ECDSA P-384)? Please do not close the bug until the problem is solved.
> Let's Encrypt E1 (ECDSA P-384, limited availability) It's relatively easy to opt in by submitting the acccount ID - see https://community.letsencrypt.org/t/ecdsa-availability-in-production-environment/150679 - my account was accepted within a couple days and I've been using it since the beginning with no issues. The question is if we want to use an "experimental" feature in production - I don't see many issues, given all openSUSE clients should be up to date enough to not have issues with the new CA, however it should be evaluated with a test account first, given it's not possible to revert a Let's Encrypt account ID to the old issuance.
Maybe we could add another "experimental" subdomain/virtual host (something like beta.download.o.o) using a separate LE account using the new issuance for people to voluntarily switch to to avoid breaking legacy SLE setups - this should probably not use MirrorCache though to avoid it redirecting to a mirror using an old CA - that is assuming no one volunteers to add a certificate chain checker to MirrorCache... :-)
Fedora is gradually tightening its crypto policies. Following it, CentOS, Red Hat Enterprise Linux and Scientific Linux are changing (in total, 29% of the distributions offered). It may be worth implementing more reliable security right now to avoid sudden mistakes in the future. As a bonus, when using ECDSA/EdDSA, performance will increase slightly.
One question back to Fhiss: What do you try in this case? Do you receive this error message with the installation of a special package from our openSUSE repositories? Can you specify these ones then, please? Or do you want to receive updates from OBS? Or do you build your own package and you have got this error message? From my point of view, that is a topic for the OBS Ops Team and Adrian can help you. BUT there is some information missing, WHEN this error is happening.
The error appears in case of any access to the repository. The reason is the use of a weak key in an intermediate TLS certificate. By the way, Mr. Pfuetzenreuter, I just thought you didn't have to experiment with the Let's Encrypt. There's a free Buypass Go SSL and others. For example: download.opensuse.org (ECDSA NIST P-256) → Buypass Class 2 CA 5 (RSA 4096) → Buypass Class 2 Root CA (RSA 4096)