False Gems

Recently we had deployed a Flask application on a RHEL9 server where FIPS mode was enabled. It started find but refused to serve any requests. The logs were filled with Unsupported DigestmodError messages.

FIPS (which stands for Federal Information Processing Standards) mode will not allow you system-wide to use any hashing algo that is considered to be insecure. But vanilla Flask (and it's batteries) often using sha1. We have stumbled upon two cases.

A standard Flask stack often uses sha1 by default in two key places

flask sessions

The default secure cookie sessions are using itsdangerious for signing, which can default to sha1. The fix was easy: fask's session interface is designed to be subclassed. We can create a custom session class inheriting it from SecureCookieSessionInterface and tell it to use sha256 as the digest method

flask-wtf

Serializing and signing CSRF token here also uses itsdangerious, that again, defaults to sha1. This is the trickier part. As for now, flask_wtf does not provide a simple config option to change the digest method. We have to create a custom CSRFProtect implementation forcing it to use sha256 serializer.