Open issues

Remove support for outdated ciphers and algorithms from the node's SSH server.
CORDA-3550
Corda RPC Graceful Reconnect *prevents* flows from starting
CORDA-3508
Incompatible Schema Change Detected on using SQLServer2017 with ojdbc6.jar for Cordapp involving accounts SDK.
CORDA-3488
Add extensions API to interact with state machine / hospital / checkpoints
CORDA-3459
[Implementation]- Enhance checkpoint schema to support numerous requirements
CORDA-3455
Notary: Node operator can easily change/repoint states to new notary
CORDA-3435
Pricing: Corda OS nodes record metering information
CORDA-3433
Engineering: Having too many flow checkpoints should not cause the node to crash or fail to start up
CORDA-3432
[Eng. Internal] - Ledger consistency - better handling of flow exceptions - Phase 1
CORDA-3428
Ledger consistency - state machine improvements
CORDA-3427
Security: Critical Security Updates for OS 4.4
CORDA-3424
Handle failures that occur after deleting a flow's checkpoint
CORDA-3359
Transaction chain resolution slows down significantly with large numbers of transactions
CORDA-3295
Modify killFlow to kill flow instantly (rather than waiting to suspend)
CORDA-3291
Send session errors on killFlow
CORDA-3198
Some SQL statements in manually created DDL script from Database Management Tool for node set up with PostgreSQL database have syntax errors
CORDA-3125
Receiver node does not clear node_checkpoints upon double spend error
CORDA-3095
Exception not logged when the node can't deserialise a flow session message
CORDA-3092
Postgres isValid does not always respect the timeout
CORDA-3029
Read-only shell/rpc user role
CORDA-3025
RPC client acknowledge window is too large.
CORDA-2845
Don't fail deserialization with carpentry errors IFF the carpented types would be discarded through evolution
CORDA-2707
Configure Team City to ensure that all cordapps are signed by R3
CORDA-2226
Expose dev mode via cordformation
CORDA-1380
myLegalName constrains not explained
CORDA-677
Performance: Allow a flow to checkpoint for long-running operations
CORDA-3531
Forcefully killing flows does not release soft-locks resulting in unspendable states
CORDA-3528
Incompatible Schema Change Detected in Oracle 11g DB with ojdbc6.jar
CORDA-3487
Identify behaviour if Artemis is lost between send and send ack
CORDA-3425
Remove Design Docs
CORDA-3422
Errors in VaultService.updates are unsubscribing stopping observers from working once an error occurs
CORDA-3381
Exceptions thrown in raw vault observers can cause critical issues
CORDA-3329
Update documentation of our policy on API stability, internal methods and deprecation
CORDA-3328
Deserialisation of Throwables does not support evolution
CORDA-3316
CorDapp versioning: PartyA is unable to build the transaction to PartyB after contracts upgrade for PartyA and Notary
CORDA-3262
Design: Problems with ZIP file attachments
CORDA-3215
Flow Hospital unable to identify in ReceiveFinalityFlow when throwing from transition
CORDA-3204
Inefficient query generated on vault queries with custom paging
CORDA-3176
OS MSSQL database migration failing on OS 5.0 SNAPSHOT
CORDA-3070
Propagate and expose the actual target destination of a flow on the receiving end
CORDA-3059
Performance problems when transactions contain custom attachments
CORDA-3036
Fix the Network Builder and add it to tools being published
CORDA-2998
Serialization Error encountered when flow throws IllegalFlowLogicException
CORDA-2969
JdbcSQLException thrown when receiving a transaction with reference-states in Observer node
CORDA-2967
Node won't start up with multiple JARs with different hashes but same version number in manifest
CORDA-2957
Retrospectivly release Network Builder (Doc Link Broken)
CORDA-2928
Remove programmatic gradle invocation during unit tests.
CORDA-2916
Corda should allow multiple Non-code attachments to contain *non-class* files with the same names
CORDA-2867
Add "hibernate.show_sql" option to CordaPersistence
CORDA-2857
Rewrite the "Cordapp versioning" section in upgrading-cordapps.rst
CORDA-2850
issue 1 of 676

Remove support for outdated ciphers and algorithms from the node's SSH server.

Description

As a guidance, it might be a good idea to remove support for any ciphers/ algorithms that are not listed in the modern configuration for OpenSSH here: https://infosec.mozilla.org/guidelines/openssh.html

Other audit tools are:

Suggested implementation

sshd-core will be upgraded from current version (1.6.0) to the latest version (2.3.0).

Notation

Status

Description

KEEP

Currently supported in shell and will be kept

ADD

Currently not supported but will be added to shell together with sshd 2.3.0

REMOVE

Currently supported in hell but will be removed

Ciphers

RC4, Blowfish, 3-DES and CBC will be removed. The only supported cipher family will be CTR.
chacha20 and GCM are still not supported by sshd.

Name

Comment

ssh-audit

Suggestion

chacha20-poly1305@openssh.com

not supported in sshd-core

-

aes256-gcm@openssh.com

not supported in sshd-core

-

aes128-gcm@openssh.com

not supported in sshd-core

-

aes256-ctr

AES/CTR/NoPadding

KEEP

aes192-ctr

AES/CTR/NoPadding

KEEP

aes128-ctr

AES/CTR/NoPadding

KEEP

aes256-cbc

AES/CBC/NoPadding

REMOVE

aes192-cbc

AES/CBC/NoPadding

REMOVE

aes128-cbc

AES/CBC/NoPadding

REMOVE

3des-cbc

DESede/CBC/NoPadding

REMOVE

blowfish-cbc

Blowfish/CBC/NoPadding

REMOVE

arcfour256

RC4

REMOVE

arcfour128

RC4

REMOVE

MACs

MD5 and SHA-1 will be removed. The next sshd version will support encrypt-then-mac which should be preferable, however this version is still not released.

Name

Comment

ssh-audit

Suggestion

hmac-sha2-512-etm@openssh.com

Will be added in sshd 2.3.1 (unreleased yet). Secure.

-

hmac-sha2-256-etm@openssh.com

Will be added in sshd 2.3.1 (unreleased yet). Secure.

-

hmac-sha2-512

HmacSHA512, replace with hmac-sha2-512-etm after 2.3.1

KEEP

hmac-sha2-256

HmacSHA256, replace with hmac-sha2-256-etm after 2.3.1

KEEP

hmac-sha1-etm@openssh.com

Will be added in sshd 2.3.1 (unreleased yet). Not secure.

-

-

hmac-sha1-96

HmacSHA1

REMOVE

hmac-sha1

HmacSHA1

REMOVE

hmac-md5-96

HmacMD5

REMOVE

hmac-md5

HmacMD5

REMOVE

KexAlgorithms

Algorithms using SHA-1 will be removed.
diffie-hellman-group14-sha1 will be replaced with diffie-hellman-group14-sha256 introduced in 2.3.0.
Other introduced DH groups (15-18) will be still not supported, although group16 could be potentially added.

NIST curves will be kept according to OpenSSH configuration, however evaluation done in http://safecurves.cr.yp.to/ considers them unsafe. Also, nistp521 is not recommended due to padding issues - https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-10.html

See also:

Name

Comment

tools.ietf.org

ssh-audit

Suggestion

curve25519-sha256@libssh.org

not supported in sshd-core

SHOULD

-

ecdh-sha2-nistp521

521-bit key vs 512-bit hash

MAY

KEEP?

ecdh-sha2-nistp384

 

SHOULD

KEEP?

ecdh-sha2-nistp256

 

SHOULD

KEEP?

diffie-hellman-group1-sha1

SHA-2 alternative is available

SHOULD NOT

REMOVE

diffie-hellman-group14-sha1

 

SHOULD NOT

REMOVE

diffie-hellman-group14-sha256

new in 2.3.0

MUST

ADD

diffie-hellman-group15-sha512

new in 2.3.0

MAY

-

SKIP

diffie-hellman-group16-sha512

new in 2.3.0

SHOULD

ADD

diffie-hellman-group17-sha512

new in 2.3.0

MAY

-

SKIP

diffie-hellman-group18-sha512

new in 2.3.0

MAY

ADD

diffie-hellman-group-exchange-sha256

 

MAY

REMOVE

diffie-hellman-group-exchange-sha1

 

SHOULD NOT

REMOVE

HostKeyAlgorithms

ssh-dss and ssh-rsa will be removed due to usage of SHA-1 in signatures.
ssh-rsa is replaced by rsa-sha2-512 and rsa-sha2-256 in sshd 2.3.0.

Name

Comment

ssh-audit

Suggestion

ssh-ed25519

NONEwithEdDSA

KEEP

rsa-sha2-512

SHA512withRSA, new in 2.3.0

ADD

rsa-sha2-256

SHA256withRSA, new in 2.3.0

ADD

ecdsa-sha2-nistp521

SHA512withECDSA

KEEP?

ecdsa-sha2-nistp384

SHA384withECDSA

KEEP?

ecdsa-sha2-nistp256

SHA256withECDSA

KEEP?

ssh-rsa

SHA1withRSA

KEEP?

ssh-dss

SHA1withDSA

-

REMOVE

Corda shell can only generate RSA host keys at the moment. Also hostkey.pem is always automatically replaced even it exists, so it's not possible to use pre-existing keys. Shell it be changed?

Compression

zlib is clearly unsafe. Delayed zlib is more secure, though it's better to remove it if we can.

Name

Comment

Suggestion

none

 

zlib

 

REMOVE

zlib@openssh.com

delayed zlib

REMOVE

Assignee

Denis Rekalov

Reporter

Florian.Friemel@r3.com

Affected OS

None

CVSS Score

None

Severity

Medium

Feature Team

Kernel Group

CVSS Vector

None

Sprint

Affects versions

Priority

Highest
Configure