Skip to content

OSPRH-28892: Harden Apache SSL config for PQC compliance#594

Closed
mcgonago wants to merge 1 commit into
openstack-k8s-operators:mainfrom
mcgonago:pqc/ssl-protocol-hardening
Closed

OSPRH-28892: Harden Apache SSL config for PQC compliance#594
mcgonago wants to merge 1 commit into
openstack-k8s-operators:mainfrom
mcgonago:pqc/ssl-protocol-hardening

Conversation

@mcgonago

Copy link
Copy Markdown
Contributor

Summary

  • Add !kRSA to SSLCipherSuite to block quantum-vulnerable RSA key exchange suites and remove MEDIUM-strength ciphers
  • Switch SSLProtocol from blacklist (all -SSLv2 -SSLv3 -TLSv1) to whitelist (-all +TLSv1.3 +TLSv1.2), removing implicit TLS 1.1 support

These changes harden the Horizon Apache reverse proxy against the Harvest Now, Decrypt Later (HNDL) threat model by preventing negotiation of quantum-vulnerable cipher suites and legacy protocol versions.

Jira

Changes

templates/horizon/config/ssl.conf

Directive Before After
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES HIGH:!aNULL:!MD5:!RC4:!3DES:!kRSA
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -all +TLSv1.3 +TLSv1.2

Why these changes

  • !kRSA: RSA key exchange is vulnerable to Shor's algorithm (quantum attack) and lacks forward secrecy. Blocking it ensures Apache only uses (EC)DHE-based key exchanges
  • MEDIUM removed: Only HIGH-strength ciphers should be offered
  • SSLProtocol whitelist: Explicit allowlist is safer than a denylist; TLS 1.1 was implicitly still allowed in the old config

Test plan

  • go build ./... passes
  • make test passes (36/36 functional specs, 75.4% coverage)
  • Post-merge: verify TLS 1.3 negotiation with openssl s_client -connect <route>:443 -tls1_3
  • Post-merge: verify kRSA blocked with openssl s_client -connect <route>:443 -cipher "AES256-SHA" (expect handshake failure)

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

SSLCipherSuite: Remove MEDIUM-strength ciphers and add !kRSA to block
quantum-vulnerable RSA key exchange suites that lack forward secrecy.

SSLProtocol: Switch from blacklist (all -old) to whitelist (-all +new)
style, explicitly allowing only TLS 1.3 and TLS 1.2. This removes
implicit TLS 1.1 support that remained under the old configuration.

These changes address the Harvest Now, Decrypt Later (HNDL) threat
model by ensuring Apache cannot negotiate quantum-vulnerable cipher
suites or legacy protocol versions.

Related: OSPRH-28891
Closes: OSPRH-28892

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Owen McGonagle <omcgonag@redhat.com>
@openshift-ci openshift-ci Bot requested review from fmount and stuggi May 10, 2026 23:09
@openshift-ci

openshift-ci Bot commented May 10, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mcgonago

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mcgonago mcgonago changed the title Harden Apache SSL config for PQC compliance OSPRH-28892: Harden Apache SSL config for PQC compliance May 11, 2026
@openshift-ci-robot

openshift-ci-robot commented May 11, 2026

Copy link
Copy Markdown

@mcgonago: This pull request references OSPRH-28892 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

  • Add !kRSA to SSLCipherSuite to block quantum-vulnerable RSA key exchange suites and remove MEDIUM-strength ciphers
  • Switch SSLProtocol from blacklist (all -SSLv2 -SSLv3 -TLSv1) to whitelist (-all +TLSv1.3 +TLSv1.2), removing implicit TLS 1.1 support

These changes harden the Horizon Apache reverse proxy against the Harvest Now, Decrypt Later (HNDL) threat model by preventing negotiation of quantum-vulnerable cipher suites and legacy protocol versions.

Jira

Changes

templates/horizon/config/ssl.conf

Directive Before After
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES HIGH:!aNULL:!MD5:!RC4:!3DES:!kRSA
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -all +TLSv1.3 +TLSv1.2

Why these changes

  • !kRSA: RSA key exchange is vulnerable to Shor's algorithm (quantum attack) and lacks forward secrecy. Blocking it ensures Apache only uses (EC)DHE-based key exchanges
  • MEDIUM removed: Only HIGH-strength ciphers should be offered
  • SSLProtocol whitelist: Explicit allowlist is safer than a denylist; TLS 1.1 was implicitly still allowed in the old config

Test plan

  • go build ./... passes
  • make test passes (36/36 functional specs, 75.4% coverage)
  • Post-merge: verify TLS 1.3 negotiation with openssl s_client -connect <route>:443 -tls1_3
  • Post-merge: verify kRSA blocked with openssl s_client -connect <route>:443 -cipher "AES256-SHA" (expect handshake failure)

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci

openshift-ci Bot commented May 19, 2026

Copy link
Copy Markdown
Contributor

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mcgonago mcgonago closed this Jun 15, 2026
@mcgonago

mcgonago commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Related to ssl.conf centralized to lib-common (OSPRH-30239). PQC TLS defaults will most likely follow a change in lib-common PR-697. See OSPRH-28889 for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants