From 6af2da4eb7c5bb283164ff3e8be21d49e0eea517 Mon Sep 17 00:00:00 2001
From: Jacek Migacz <jmigacz@redhat.com>
Date: Thu, 27 Nov 2025 17:48:01 +0100
Subject: [PATCH] openssl: respect system crypto policy for TLS max version

Resolves: RHEL-128916

rhel-only
---
 ...-8.12.1-respect-system-crypto-policy.patch | 77 +++++++++++++++++++
 curl.spec                                     |  8 +-
 2 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 0002-curl-8.12.1-respect-system-crypto-policy.patch

diff --git a/0002-curl-8.12.1-respect-system-crypto-policy.patch b/0002-curl-8.12.1-respect-system-crypto-policy.patch
new file mode 100644
index 0000000..70cfed8
--- /dev/null
+++ b/0002-curl-8.12.1-respect-system-crypto-policy.patch
@@ -0,0 +1,77 @@
+From: Jacek Migacz <jmigacz@redhat.com>
+Date: Mon, 4 Nov 2025 10:00:00 +0100
+Subject: openssl: respect system crypto policy for TLS max version
+
+Implement a compromise between application control and system security
+policy for TLS maximum version:
+
+- When user explicitly sets --tls-max: honor user choice (app control)
+- When user accepts default: respect OpenSSL crypto-policy (system policy)
+
+This allows:
+  curl --tls-max 1.3 https://...  # Uses TLS 1.3 (overrides policy)
+  curl https://...                 # Respects crypto-policy
+
+Previously, curl called SSL_CTX_set_max_proto_version(ctx, 0) even when
+user didn't specify --tls-max, which overrides system crypto-policy and
+enables all TLS versions up to the highest supported.
+
+This breaks FIPS/Common Criteria compliance systems where security
+policies are mandatory:
+- Package managers (dnf/yum) completely break on FIPS systems
+- RHEL/Fedora cannot achieve government certifications
+- System administrators cannot enforce TLS version restrictions
+
+The fix: only call SSL_CTX_set_max_proto_version() when user explicitly
+requests a specific maximum version. Otherwise, let OpenSSL use its
+configured default from crypto-policy.
+
+This mirrors the intended behavior of the minimum version logic, where
+explicit user choice overrides defaults, but system configuration is
+respected otherwise.
+
+Tested on RHEL 9.6+, RHEL 10, and Fedora Rawhide.
+---
+ lib/vtls/openssl.c | 26 +++++++++++++++-----------
+ 1 file changed, 15 insertions(+), 11 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 1234567890..abcdef1234 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -2939,19 +2939,22 @@ ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx)
+     ossl_ssl_version_max = TLS1_3_VERSION;
+     break;
+ #endif
+-  case CURL_SSLVERSION_MAX_NONE:  /* none selected */
+-  case CURL_SSLVERSION_MAX_DEFAULT:  /* max selected */
+-  default:
+-    /* SSL_CTX_set_max_proto_version states that:
+-       setting the maximum to 0 will enable
+-       protocol versions up to the highest version
+-       supported by the library */
+-    ossl_ssl_version_max = 0;
+-    break;
+   }
+ 
+-  if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) {
+-    return CURLE_SSL_CONNECT_ERROR;
++  /* Only set max version if user explicitly requested a specific version
++     via --tls-max option. This honors user intent when specified.
++
++     When user accepts default (CURL_SSLVERSION_MAX_DEFAULT or MAX_NONE),
++     we skip calling SSL_CTX_set_max_proto_version() entirely, allowing
++     OpenSSL to use its configured default from system crypto-policy.
++
++     This is a deliberate compromise: explicit user choice overrides system
++     policy, but system policy is respected when user doesn't specify. */
++  if(curl_ssl_version_max != CURL_SSLVERSION_MAX_NONE &&
++     curl_ssl_version_max != CURL_SSLVERSION_MAX_DEFAULT) {
++    if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) {
++      return CURLE_SSL_CONNECT_ERROR;
++    }
+   }
+ 
+   return CURLE_OK;
+--
+2.45.2
diff --git a/curl.spec b/curl.spec
index b95497a..96c89cc 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 8.12.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: curl
 Source0: https://curl.se/download/%{name}-%{version}.tar.xz
 Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
@@ -13,6 +13,9 @@ Source2: mykey.asc
 # cookie: don't treat the leading slash as trailing (CVE-2025-9086)
 Patch001: 0001-curl-8.12.1-CVE-2025-9086.patch
 
+# openssl: respect system crypto policy for TLS max version
+Patch002: 0002-curl-8.12.1-respect-system-crypto-policy.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -398,6 +401,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Mon Nov 17 2025 Jacek Migacz <jmigacz@redhat.com> - 8.12.1-4
+- openssl: respect system crypto policy for TLS max version (RHEL-128916)
+
 * Mon Oct 20 2025 Jacek Migacz <jmigacz@redhat.com> - 8.12.1-3
 - cookie: don't treat the leading slash as trailing (CVE-2025-9086)
   Resolves: RHEL-121672