Lotus what? Nah mate, the world has moved on.

Wednesday, 1 April 2015

Daniel Nashed's Blog

Daniel Nashed's Blog:



'via Blog this'







First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP2 IF2

Daniel Nashed  30 March 2015 13:14:58
As posted before IBM shipped a new IF that introduces TLS 1.2 Along with this new version a set of ciphers have been added. 
Some of them are enabled by default and other can be enabled using notes.ini settings. 
Other ciphers that are regarded as "weak" have been removed from the default cipher list. 

So by default without any additional settings you get the ciphers that IBM currently recommends. 
What has been added to the default are the AEAD (AES-GCM) ciphers -- see details below. 

There are additional ciphers that will provide "Perfect Forward Secrecy" (PFS) for some platforms/browsers. 

IBM implemented Ephemeral Diffie-Hellman (DHE) ciphers. Those ciphers are used by many but not all platforms. 
That's why even if you enable them you the SSL Test Site will not give you a better rating because not all the reference browsers will use PFS. 

In addition those ciphers have a higher overhead to your Domino Server. Therefore IBM left the decision which cipher to add to administrators. 
You have to find the right balance between security and performance. 
Probably on a smaller server it will not have that much overhead. But on a larger server you might want to take special care and watch the CPU load of your server before and after you enabled the DHE ciphers! 

The current default setting is that the cipher order on the server takes preference. 

As mentioned before all the fixes currently have no design change because that will have to wait until 9.0.2. 
Therefore also the cipher spec has to be enabled using notes.ini settings as already described in our ConnectED presentation. 

There is a notes.ini setting described in a recent Wiki entry. Each cipher has an internal reference number that is standard. 
Domino uses the two digit hexadecimal number to specify the ciphers you want to have enabled on your server. 
The order of entries does not matter. You just have to make sure that you always use a two digit value per cipher -- even the cipher itself might have just one hex digit. 
There is no space between the cipher numbers. 


Here is what you get by default without any changes: 

SSLCipherSpec=9D9C3D3C352F0A 

9D = RSA_WITH_AES_256_GCM_SHA384 
9C = RSA_WITH_AES_128_GCM_SHA256 
3D = SA_WITH_AES_256_CBC_SHA256 
3C = RSA_WITH_AES_128_CBC_SHA256 

35 = RSA_WITH_AES_256_CBC_SHA 
2F = RSA_WITH_AES_128_CBC_SHA 
0A = RSA_WITH_3DES_EDE_CBC_SHA 


In addition to that you have the folllowing new DHE ciphers available. 

33 - DHE_RSA_WITH_AES_128_CBC_SHA 
39 - DHE_RSA_WITH_AES_256_CBC_SHA 
67 - DHE_RSA_WITH_AES_128_CBC_SHA256 
6B - DHE_RSA_WITH_AES_256_CBC_SHA256 
9E - DHE_RSA_WITH_AES_128_GCM_SHA256 
9F - DHE_RSA_WITH_AES_256_GCM_SHA384 

So as an example when you want to enable all DHE ciphers and keep the other ciphers you set the following notes.ini setting and restart the servertasks like http. 


SSLCipherSpec=9D9C3D3C352F0A3339676B9E9F 

So you could add those ciphers to your cipher list using the notes.ini setting. 
Once you are done you can use the SSL Labs Test Website https://www.ssllabs.com/ssltest/ to check if the ciphers are properly configured. 
What is nice on the website is that the website will "simulate" which client type will probably use which type of cipher when connecting given the current settings of your server. 

Now you should have all the default ciphers and the DHE ciphers enabled. 

You should take special care which ciphers to disable because you could block out certain devices types. 

When testing with the SSL Tabs Test and also using Java applications I noticed that they will pick the DHE ciphers. 
But Java 1.6/1.7 does currently not support more that 1024 bits. By default Domino uses higher key-length. 

So Java sees that DHE ciphers are enabled and will try to use them. And it does not check before using it that it cannot handle larger key sizes than 1024. 

That means if you enable DHE ciphers you might have to consider to lower the key-length used. 
If you change the key-length to 1024 the SSL Labs Test site will report that your key is "weak". 

So you have to balance lower security with compatibility at this point. 

There is a notes.ini setting to specify the key-length for DHE ciphers. 

You could set notes.ini SSL_DH_KEYSIZE=1024 to resolve this incompatibility. 


There have been also discussions about other PFS ciphers that are used by other applications like older IE versions. 

"Elliptic Curves ciphers" (ECDHE..) are supported by older IE versions and by Windows mobile. 
But they are currently not implemented on the Domino side. 

All the development work in this area based by priorities and demand. And IBM is releasing it step by step with IF fixes. 
It's not confirmed IBM is working on those type of ciphers. I just wanted to mention it to explain why not all platforms will use PFS ciphers when you enable the DHE ciphers. 
Also the ECDHE ciphers have better performance than the DHE ciphers. But the first priority was to implement the DHE ciphers because most platforms support it. 
This was for sure not the last functionality update we get via a IF. I am looking forward to see that is next on the list. 

Not all of the notes.ini settings are documented yet. I expect that IBM will publish another Wiki article soon. 
I might update this blog entry or have a more complete article with more details as soon more information is available. 

-- Daniel 

0 comments :

Post a Comment

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers

Pages

Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed

Ads

Web sites come and go and information is lost and therefore some pages are archived. @rayd123 . Powered by Blogger.