The SSL Problem & How To Deploy SHA2 Certificates

Mark MyersDirector - LDC Viamark@ldcvia.com

Gabriella DavisTechnical Director - The Turtle Partnershipgabriella@turtlepartnership.com

Who Are We?❖ Adminofallthingsandespecially

quitecomplicatedthingswherethefunis

❖ Workingwithsecurity,healthchecks,singlesignon,designanddeploymentofDomino,ST,Connec>onsandthingsthattheytalkto

❖ Stubbornandrelentlessproblemsolver

❖ LivesinLondonabouthalfofthe>me❖ gabriella@turtlepartnership.com❖ twiDer:gabturtle

Who Are We?❖ MemberoftheLondonDeveloperCo-

op❖ Co-writerofLDCViahDp://

www.ldcvia.com❖ IBMConnec>ons,Domino,Mobile

andWebdevelopment❖ Hireme!❖ Developerfromasupportbackground❖ 14+yearsonDomino,17+yearsinIT❖ Speakerat6xLotuspheres/Connects,

6xUKLUGs,1xILUG,3xBLUG/Engage

Why This Session?• Encrypting and securing information is not just a thing you

add to complete a project, it’s a necessity• Information can be intercepted en route between client

and server or between servers• This can include credentials which can they expose

further information• The speed at which hackers are working around

encryption standards is growing, major attacks and vulnerabilities appear every week

• You need to understand where the vulnerabilities are, how to watch for them and how to protect against them

Encryption and Certificates❖ What is Encryption?

❖ It is a process of making data unrecognizable

❖ Unless you have “key” to unlocking the data.

❖ Without the key, it should be imposable or more commonly unfeasible to read the data in a reasonable timeframe.

❖ What are Certificates?

❖ Digital Certificates are a way of trying to prove that the security “key” they contain actually belong to the person they were issued to.

❖ This is done via a trusted third party that both parties in communication can rely on.

Let’s Talk Acronyms

SSL❖ Stands for Secure Socket Layer

❖ A cryptographic protocol (A set of agreed rules for coding and decoding messages so as to keep those messages secure)

❖ Each version was replaced by another version due to security flaws and now is completely deprecated ( June 2015 by RFC 7568)

❖ Its death knell was the block cipher attack used by Poodle (see later slide) in 2014

❖ Replaced by...

TLS❖ “Transport Layer Security”

❖ Like SSL it is cryptographic protocol (A set of agreed rules for coding and decoding messages so as to keep those messages secure)

❖ The successor to SSL (TLS 1.0 is actually SSL 3.1 but was renamed to mark the change to an open standard rather than Netscape's protocol)

❖ Currently has 3 versions 1.0, 1.1, 1.2 (1.3 in Draft)

❖ Like SSL it is a constantly changing protocol

S/MIME❖ This is another protocol, this time for allowing email in the

MIME format (basically all SMTP mail) to be both signed or/and encrypted

❖ Signed: To ensure to your email recipients that you actually sent the email

❖ Encrypted: To protect the content from being read by other entities than the intended recipients.

❖ Just about the only intersystem security standard that all vendors can agree on.

HTTPS❖ This is the transfer of data using the Hypertext Transfer

Protocol over a link secured be either SSL or TLS

❖ Provides:

❖ Bidirectional encryption of your data in transit

❖ A reasonable guarantee that you are talking to who you think you are.

❖ Defends against "Man in the Middle" and third party snooping attacks.

SHA2❖ An upgrade to the popular hashing algorithm used by the

majority of SSL certificates

❖ Its predecessor SHA1 was found to be more insecure that was previously thought (not broken just not as secure)

❖ Microsoft Google and Mozilla all announced deprecation plans for SHA1

❖ When people talk about "SHA256" they are talking about one of the 6 hash functions with digests that make up the SHA2 family

AES❖ “Advanced Encryption Standard”

❖ Based on 3 members of the Rijndael cipher family (developed by Joan Daemen and Vincent Rijmen) each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

❖ Used worldwide and a federal government standard

❖ It supersedes DES (Data Encryption Standard) which you can now brute force attack

What Went Wrong … and keeps going wrong

Man in the Middle Attack

❖ An attack where someone intercepts communication between two systems and acts as a proxy between the parties without either of them knowing

Betty knows the internet is scary. She always clicks the link

She likes to shop and bank online

This is Betty

Betty gets emails telling her to click on a link and give her password

Hank knows Betty will click on the link

.. and that it will be his fault if her money goes missing

This is Hank

Hank owns a bank He needs to keep Betty’s money safe.

Jazz is cool

Jazz has to keep corporate data secure whilst keeping access simple & staying ahead of

hackers

Jazz is a system administrator

Jazz doesn’t sleep much

This is Jazz

Harry is a jerk with no morals

He only cares about getting money and causing disruption

This is Harry

Hi Betty ! Hi Betty !

181939FJFUETJDAJGDAKSGDAJKL1GDAJKGADJKGLD90FD9184053290532AJKGPAURWE

OU4

It’s all about the key. How strong is it? How secure is it? Is it even the right key?

Encryption

Man in the middle

Hi Betty ! Bye Betty!

181939FJFUETJDAJGDAKSGDAJKL1GDAJKGADJKGLD90FD9184053290532AJKGPAURWEOU4181939FJFUETJDAJGDAKSGDAJKL1GDAJKGADJKGLD90FD9184053290532AJKGPAURWEOU4181939FJFUETJDAJGDAKSGDAJKL1GDAJKG

ADJKGLD90FD9184053290532AJKGP

AURWEOU4

Bye BettyHi Betty !

With SHA2 & Strong Keys

Hi Betty ! Hi Betty!

181939FJFUETJDAJGDAKSGDAJKL1GDAJKGADJKGLD90FD9184053290532AJKGPAURWEOU4181939FJFUETJDAJGDAKSGDAJKL1GDAJKGADJKGLD90FD9184053290532AJKGPAURWEOU4181939FJFUETJDAJGDAKSGDAJKL1GDAJKG

ADJKGLD90FD9184053290532AJKGP

AURWEOU4

!

***

POODLE ❖ "Padding Oracle On Downgraded Legacy Encryption“

❖ An exploit that allowed attackers to trick a session to use SSL rather than TLS then during that session use a design flaw in SSL 3.0 to Snoop on the session

❖ What it did

❖ It allowed attackers to perform a man in the middle attack

❖ How it was stopped

❖ We all turned off SSL V3.0 on the servers (and were then grumbled at by people who used old browsers)

ShellShock or Bashdoor❖ An Bug from the original version of Bash* allowed you

to launch child instances of Bash but supply your own variables

❖ What it did

❖ It allowed an attacker to execute bash commands on the target server

❖ How it was stopped

❖ Patched all servers running Bash

*A program that all lot of Unix-based systems use to execute command lines and command scripts

Heartbleed❖ A "buffer over-read" vulnerability in the TLS heartbeat extension of OpenSSL

caused by a missing input validation check (but really by not enough peer review)

❖ What it did?

❖ Allowed an attacker to read up to 64 kilobytes of the servers active memory for each attack, memory that was very likely to contain secure information.

❖ How it was stopped?

❖ We updated all clients/servers to a patched version of OpenSSL

❖ Reissued all certificates where there was any chance they could have been compromised.

Freak - “Factoring RSA Export Keys”❖ A vulnerability cased by the growth of cheap commuting power

❖ A "512-bit export-grade key“ now be broken with a bit of math's called the "Number Field Sieve algorithm"* and about ~ $150 of cloud computing

❖ What it did?

❖ Allowed the attacker to perform a man in the middle attack

❖ How it was stopped?

❖ We disabled "TLS export cipher suites" either by updating browsers, disabling the feature in servers or updating libraries that used them (such as OPENSSL to versions that did not)

*https://en.wikipedia.org/wiki/General_number_field_sieve

Why Is This A Growing Problem?

What’s Next?

❖ Who knows!! the important thing we have all learnt is that just because something has been around for a while is no guarantee of it being bomb proof.

❖ No system is perfect

❖ Open source software is a great concept, but relies on ACTIVE members picking at each others code and performing peer review.

❖ Closed Source relies on the competency of hidden processes and testers not succumbing to pressure to “Ship now”.

❖ Just remember there is always someone cleverer than you.

So We Need The Strongest Certificate That Uses The Best Algorithm & Is Kept Up To Date

How Do We Do That?

Certificate Structures❖ Certificate authorities

❖ Private keys

❖ Trusted roots

❖ Generating a certificate

❖ You’ll need a keyfile

❖ You’ll need a request with all the details of your certificate

❖ You’ll need the trusted roots and intermediate certificates or your CA

❖ You’ll need the final certificate itself

File Extensions For Certificates❖ More Acronyms

❖ Certificate formats

❖ PEM (….. BEGIN CERTIFICATE….)

❖ CRT

❖ CER

❖ KEY

❖ DER binary

❖ PFX or P12

❖ ….CSR (certificate signing request)

❖ OpenSSL can convert most certificate forms to most others

OpenSSL❖ An open source library of SSL and TLS cryptography

❖ Available for most platforms

❖ Developed and managed by https://www.openssl.org

❖ repository for downloads on https://github.com/openssl/openssl

❖ Create certificates

❖ Convert certificates

❖ Extract certificates

HERE BE TIGERS

Installing OpenSSL - For the brave❖ https://www.openssl.org/source/

❖ ftp://ftp.openssl.org/source/ previous version

❖ ftp://ftp.openssl.org/source/old older versions

❖ Download the compressed file and extract

❖ Read the ReadME for instructions e.g run

❖ INSTALL Linux, Unix, etc.

❖ INSTALL.W32 Windows (32bit)

❖ INSTALL.W64 Windows (64bit)

❖ https://wiki.openssl.org/index.php/Compilation_and_Installation

Installing OpenSSL Under Windows❖ I found the easiest solution (as an Admin)

is to install the pre built Windows executable from Shining Light - there are other’s out there

❖ https://slproweb.com/products/Win32OpenSSL.html

❖ Download the most recent “lite” version

❖ Currently 1.0.2h (Win32OpenSSL_Light-1_0_2h)

Installing OpenSSL For Linux

❖ For Linux many distros come with a pre compiled version of OpenSSL

❖ yum install openssl

❖ each OS may have its own method for configuration

Let’s Create Some Certificates

Domino – Creating A SHA2 Certificate❖ Domino no longer uses the Secure Server Certificate

database to generate keyfiles or merge certificates

❖ We use a combination of OpenSSL and an IBM utility for Domino called kyrtool

❖ download kyrtool from IBM Fixcentral http://ibm.co/1SAYX5E

❖ copy it to your Notes or Domino program directory

❖ The program files must be 9.0.1 FP3 or higher

Domino – Creating A SHA2 Certificate❖ We need to decide the size of the key pair we want to create

❖ the larger the key pair the harder it is to decrypt

❖ not all software systems support the largest key pairs

❖ If using Windows set the environment variable for OpenSSL first

❖ Set OpenSSL_Conf=c:\openssl\bin\openssl.cfg

❖ verify openssl.cfg actually exists in that directory

❖ To create a 4096 key pair

❖ c:\openssl\bin\openssl genrsa -out mynewserver.key 4096

Create a Certificate Signing Request ❖ When buying a new certificate this sends to your CA

❖ openssl req -new -sha256 -key mynewserver.key -out mynewserver.csr

❖ note that we are requesting a SHA2 certificate

❖ the CSR will be verified by the CA when you submit it so you can check that it’s right

❖ if not you can recreate it by running the command again

MyNewServer.CSR❖ -----BEGIN CERTIFICATE REQUEST-----

❖ MIIEvjCCAqYCAQAweTELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEjMCEG

❖ A1UECgwaVGhlIFR1cnRsZSBQYXJ0bmVyc2hpcCBMdGQxCzAJBgNVBAsMAklUMScw

❖ JQYDVQQDDB50cmF2ZWxlci50dXJ0bGVwYXJ0bmVyc2hpcC5jb20wggIiMA0GCSqG

❖ SIb3DQEBAQUAA4ICDwAwggIKAoICAQDG5S3l7CtwiZQDHPXPxZMt3tQa8styCuZ+

❖ CyipKAyqAKvaurqGfb232kYjLdR9hDh/TAswAeG40+DuQN4LKW4efWB91tQTKyZp

❖ R9Kt5y6hVgKLjWbkZUqJcBRq60w7E1x+ufAqADLlhQAH0Q5fVe8aLhkYc5qIz4u/

❖ JIm1Y+RgO3M/80v4xl85s6R/wEUSOdynKjrpBOsgWXUWu6pkCmxQOTD0lZfII5Lj

❖ GztF9m7It8KcUojV4IdlsBNGlmOwdRgRwV1oqR0C3wdK9325xEbZcQgBnLBYprcN

❖ GxZTwQpkIkv9tHVs7jhmrJsIYCRv7uDgIVpd3VXcTpGJXdBNgAxy7zW2q/EBlFMe

❖ nPoavA8yyEID4tRHAQwCsDd4aoM/y3ZJRdU9ZyJE6fbcja2lDoB1r0dQWzA17UTC

❖ o4qFgdLqJ94IKlEhnkYF7Dotj3lt0tBpNLRdL3MQwMdpGpetYYhLATQRNaXaOz9n

❖ IsSFI/kIb5KKmFJX39vX7LjeAi9uRe4TbUBWBIWl+kmIT8n4xjUbjIeLrFWYUD4E

❖ Aft6qEmXyScIRufqorbWMz88juuC9Svkcm3zjGcLFjGSuxXOhrrMA6LpCqQJXHI1

❖ 5NCjZMdh/1xD1K39JhcYvSdfcpEtOe3CIXMpmkmJK0kANWrUOgeajoz7xC1vsUcE

❖ H4btBohD7B6fiqdozsOsvN1s

❖ -----END CERTIFICATE REQUEST-----

Now Comes The Domino Bit❖ We have to create a keyring file in a format Domino will be able to read

❖ For that we use the kyrtool we downloaded from FixCentral

❖ From your Notes program directory

❖ kyrtool  create -k c:\notes\data\mynewserver.kyr -p <passwordyouwanttouse>

❖ this will create two files

❖ mynewserver.kyr

❖ mynewserver.sth (this is the stashed password that unlocks the keyring)

Nearly There…❖ We have our keyring file

❖ We have sent our request for a certificate, generated off our new key pair to our CA

❖ When the CA sends the certificate back we can merge the new certificate into our keyring file

❖ we need to merge ALL the certificates, root, intermediate and server into a single “key” file

❖ c:\openssl\bin\type mynewserver.key server.crt intermediate.crt root.crt >mynewserver.txt

Last Step

❖ We now add our new txt file with all the certificates in it into our new Domino keyring

❖ c:\ibm\notes\kyrtool import all -k c:\notes\data\mynewserver.kyr -i c:\openssl\bin\mynewserver.txt

❖ That’s it. We now have a shiny keyring pair to use with our Domino server

Installing A SHA2 Certificate Under Domino

❖ Install Using Internet Site Documents

❖ The first keyring file in the Internet Site docs view that matches the server configuration “wins”.

❖ Avoid too many wildcard or duplicate Internet Site Documents

❖ What can you use it for

❖ HTTPS (Traveler, Websites)

❖ S/MIME (encrypted mail)

❖ TLS (HTTP/HTTPS, LDAP/LDAPS, SMTP, IMAP, and POP3)

❖ DIIOP as of 9.0.1 FP5

More Domino SSL

❖ Remove weak ciphers from the site documents

❖ Add Disable_SSLV3=1 to the notes.ini on the server

❖ Domino support TLS 1.2 now

❖ SSL_DISABLE_TLS_10

❖ https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_1.2

Working With WebSphere Certificates❖ WebSphere installs with its own keystores for each cell

and node you add

❖ The keystores are created and owned by IBM and have the hostname of the server you’re installing onto by default

❖ The cell keystores are found in

❖ /profiles/Dmgr01/config/cells/{cellname}/trust.p12

❖ /profiles/Dmgr01/config/cells/{cellname}/key.p12

Accessing The SSL Configuration❖ Login to the WebSphere ISC

❖ Security - SSL Certificate and Key Management

Adding A New Certificate To WebSphere❖ Go to the CellDefaultTrustStore if the certificate existing on another server

already you can “Retrieve from port”

❖ Add your root and intermediate certificates here

Personal Certificate Request❖ The simplest way to generate a

WAS certificate

❖ create a CSR in WAS

❖ “receive” it into WAS when sent from the CA

❖ you can’t “receive” a certificate you didn’t request

WebSphere and 4096 Key Length Certificates

❖ A 4096 certificate can generate an error when attempting to add to WebSphere

❖ “RSA premaster secret”

❖ You need to add the unrestricted policy files to WebSphere for the 4096 certificates to be imported

The Unrestricted Policy Files

❖ ibm.co/1JZGs3z

Exporting A Certificate From WebSphere

❖ Export a WAS certificate so that it can be imported onto other systems

❖ Such as a keyfile database generated by ikeyman and used by IBM HTTP Server

Working With Ikeyman❖ There are different versions of ikeyman that create

keyfile databases recognised by different products

❖ Look in the program directory for your installed product to find the right one

❖ For IBM HTTP Server the file is in /IBM/HTTPServer/bin

❖ On Linux you’ll need to configure X11 forwarding if you don’t have a graphical interface

Working With IKeyMan - Signer Certificates

❖ Import the WebSphere certificate we extracted earlier

❖ Add root and intermediate certificates

Working With IKeyman - Personal Certificates

Editing httpd.conf to add SSL configuration❖ Example content

❖ LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

❖ Listen 0.0.0.0:443

❖ <VirtualHost *:443>

❖ SSLEnable

❖ SSLProtocolDisable SSLv2

❖ </VirtualHost>

❖ KeyFile /opt/IBM/HTTPServer/Plugins/config/webserver1/plugin-cfg.kdb

❖ SSLDisable

❖ Restart IHS - use netstat to see if 443 is active and listening

❖ Check IHS logs for SSL errors

❖ If WebSphere doesn’t have a copy of the IHS certificate and IHS doesn’t have a copy of the WebSphere certificate or they don’t share a trusted root, they won’t be able to communicate

SSL and Development

❖ Despite the initial pain see if you can get a proper production SSL certificate to use on your development environment.

❖ If you can not (for cost reasons) ensure you create a self cert that is EXACTLY the same type as your production environment

❖ Identify ALL your third party libraries to your Admins as well as any changes in versions in a proper release document. particularly if you are overriding an existing library on the server

Testing SSL On Your Site❖ https://www.ssllabs.com/ssltest/

❖ You can’t stay ahead of the hackers but you must be vigilant and keep up

❖ Have a plan for monitoring

❖ Have a plan for lock down at the first appearance of exposure

❖ Have a plan to fix the vulnerability

❖ Have a plan to identify what information may be compromised

❖ Have a plan to make that information of as little value as possible

What Else?

Resources

❖ Working with OpenSSL https://www.feistyduck.com/books/openssl-cookbook/

❖ Creating SHA2 For Domino http://turtleblog.info/2015/06/22/creating-sha-2-4096-ssl-certificates-for-domino/

❖ Unrestricted policy files for WebSphere http://www-01.ibm.com/support/docview.wss?uid=swg21663373