II14533 - TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION VULNERABILITY

 APAR (Authorized Program Analysis Report)

Abstract

TRANSPORT LAYER SECURITY (TLS) HANDSHAKE RENEGOTIATION
VULNERABILITY

Error Description

<< April 2010 >>                                                
                                                               
The IETF has published RFC 5746 - Transport Layer Security (TLS)
Renegotiation Indication Extension.  RFC 5746 defines a        
mechanism to implement TLS/SSL handshake renegotiation securely.
This is the final solution to the weakness originally documented
in this information APAR January 2010.                          
                                                               
It will take time for RFC 5746 to be implemented across the    
industry.  There will be some implementations across the world  
that will never implement RFC 5746.  As a result, the interim  
fix provided in January 2010 will remain in place as a fall back
when negotiating with a peer that does not support RFC 5746.    
                                                               
IBM i System SSL supports RFC 5746 now with the PTF(s) listed  
below.                                                          
                                                               
<< End April 2010 >>                                            
                                                               
<< January 2010 >>                                              
                                                               
All customers using IBM i relying on Secure Socket Layer v3    
(SSLv3) or Transport Layer Security v1.0 (TLSv1) in support of  
secure communications between a client and server or between    
server and server are impacted by a recently discovered weakness
in the TLS and SSL v3 protocols.  SSLv2 is not affected.        
                                                               
The TLS/SSL weakness exists in multiple implementations of the  
Transport Layer Security (TLS) protocol, including SSL.        
                                                               
To address the weakness in the TLS/SSL handshake renegotiation,
IBM, along with the other members in the Industry Consortium for
the Advancement of Security on the Internet (ICASI), are working
together with the Internet Engineering Task Force (IETF) to    
enhance and strengthen the handshake renegotiation protocol in  
the TLS specification. This effort will take some time to      
complete.  The delivery outlook for inclusion of this enhanced  
handshake renegotiation capability in TLS protocol              
implementations is unknown at this time.                        
                                                               
In the interim, IBM i is delivering a fix to allow an          
installation to disable the TLS handshake renegotiation. The TLS
handshake renegotiation is rarely used. Disabling the TLS      
handshake renegotiation will block a remote attacker from      
attempting to exploit the weakness in the TLS protocol. After  
installing this fix, the default setting will disable the TLS  
handshake renegotiation. The fix also provides an option to    
re-enable renegotiation if warranted. TLS handshake            
renegotiation should be re-enabled only if absolutely necessary
and with a clear understanding and acceptance of the potential  
security risks.                                                
                                                               
<< End January 2010 >>                                          
                                                               
IBM i provides three distinct TLS/SSL protocol implementations.
Each implementation requires unique action for obtaining the RFC
5746 solution (which supersedes the interim fix) as well as the
method available to re-enable unsecured renegotiation or        
control RFC 5746 behaviors.  Not all implementations have      
RFC 5746 support at this time.                                  
                                                               
1) IBM i System SSL (as defined in IBM i information center)    
http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/index.js
p?topic=/rzain/rzainsystemssl.htm                              
                                                               
a) RFC 5746 is delivered by applying this PTF and its          
   requisites:                                                  
    5.4   - MF49170 which supersedes the interim fix MF48225    
    5.4.5 - MF49207 which supersedes the interim fix MF48292    
    6.1   - MF49214 which supersedes the interim fix MF48293    
    6.1.1 - MF49221 which supersedes the interim fix MF48295    
    7.1   - MF49131 (included in the GA cumulative package)    
                                                               
b) A customer can re-enable unsecured renegotiation by using    
System Service Tools.  This only has meaning when the peer does
not support RFC 5746.                                          
                                                               
To change the unsecured renegotiation ability of System SSL    
with the Start System Service Tools (STRSST) command, follow    
these steps:                                                    
                                                               
1. Open a character-based interface.                            
2. On the command line, type STRSST.                            
3. Type your service tools user name and password.              
4. Select option 1 (Start a service tool).                      
5. Select option 4 (Display/Alter/Dump).                        
6. Select option 1 (Display/Alter storage).                    
7. Select option 2 (Licensed Internal Code (LIC) data).        
8. Select option 14 (Advanced analysis).                        
9. Select option 1 (IPCONFIG).                                  
10. Enter one of the following three strings as shown below to  
change the unsecured renegotiation ability of System SSL to the
desired setting.                                                
                                                               
 -sslRenegotiation:NONE  - Default value with fix              
                                                               
   No unsecured handshake renegotiation is allowed              
                                                               
 -sslRenegotiation:ABBREVIATED                                  
                                                               
   Overrides and allows unsecured abbreviated handshake        
   during renegotiation when session continuity is proven.      
                                                               
 -sslRenegotiation:ALL   - Default prior to fix                
                                                               
   Overrides and allows unsecured full handshake and unsecured  
   abbreviated handshake during renegotiation                  
                                                               
c) A customer can force all negotiations to require the peer    
support RFC 5746.  This would only be practical after all of    
your potential communication partners have implemented RFC 5746.
                                                               
To change the RFC 5746 requirement for System SSL with the Start
System Service Tools (STRSST) command, follow this additional  
step:                                                          
                                                               
 -sslRfc5746NegotiationRequiredClient:On  (defaults to Off)    
                                                               
   Causes the SSL Client to only connect if the SSL Server      
   indicates support for RFC 5746 Renegotiation.                
   Warning - setting this to 'On' will cause                    
   interoperability problems with servers that have not        
   been updated.                                                
                                                               
 -sslRfc5746NegotiationRequiredServer:On (defaults to Off)      
                                                               
   Causes the SSL Server to only connect if the SSL Client      
   indicates support for RFC 5746 Renegotiation.                
   Warning - setting this to 'On' will cause                    
   interoperability problems with servers that have not        
   been updated.                                                
                                                               
2) IBM pure Java Secure Socket Extensions (JSSE)                
(IBMJSSEProvider2)                                              
2.a) RFC 5746 support with the Classic JVM is delivered by      
applying the most recent Java Group PTF for your release,      
then installing the appropriate PTFs for the JDK and JVM        
version used on your system.  Load all of the PTFs if you are  
uncertain as to what combinations are used on your system.  The
PTF cover letter special instructions describe the properties  
that control how restrictive IBM JSSE2 is in the enforcement    
of RFC 5746.                                                    
                                                               
5.4 Classic JVM JDK 6.0   - SI40796 supersedes interim SI37210  
5.4 Classic JVM JDK 5.0   - SI40566 supersedes interim SI37319  
5.4 Classic JVM JDK 1.42  - SI40564 supersedes interim SI37331  
                                                               
6.1 Classic JVM JDK 6.0   - SI40798 supersedes interim SI37216  
6.1 Classic JVM JDK 5.0   - SI40573 supersedes interim SI37320  
6.1 Classic JVM JDK 1.42  - SI40567 supersedes interim SI37327  
                                                               
2.b)The J9 JVM interim fix is delivered by applying the most    
recent Java Group PTF for your release, then installing the    
appropriate PTFs for the JDK and JVM version used on your      
system.  Load all of the PTFs if you are uncertain as to what  
combinations are used on your system.                          
                                                               
5.4 J9 JVM JDK 6.0 32 bit - SI36930                            
5.4 J9 JVM JDK 5.0 32 bit - SI37297                            
                                                               
6.1 J9 JVM JDK 6.0 32 bit - SI36936                            
6.1 J9 JVM JDK 6.0 64 bit - SI36931                            
6.1 J9 JVM JDK 5.0 32 bit - SI37300                            
6.1 J9 JVM JDK 5.0 64 bit - SI37299                            
6.1 J9 JVM JDK 1.42 64 bit - SI37605                            
                                                               
2.b.1) A customer can re-enable unsecured renegotiation by      
changing the following new system property:                    
                                                               
com.ibm.jsse2.renegotiate - default NONE                        
                                                               
ALL - allow both abbreviated and unabbreviated (full)          
renegotiation handshakes                                        
NONE - allow no renegotiation handshakes (this is the new      
default setting)                                                
ABBREVIATED - allow only abbreviated renegotiation handshakes  
                                                               
Note: The original IBM JSSE has been deprecated by IBM JSSE2 and
will not have a fixed version.  If using the deprecated JSSE, it
is recommended that you switch to the fixed IBM JSSE2 version.  
                                                               
To switch to the newer provider, make a one line change in the  
appropriate java.security file for your environment.  The change
is as follows:                                                  
                                                               
security.provider.n=com.ibm.jsse.IBMJSSEProvider                
is changed to this:                                            
security.provider.n=com.ibm.jsse2.IBMJSSEProvider2              
where .n is the existing number for the entry.                  
                                                               
3) OpenSSL - An open source implementation shipped with 5733-SC1
- IBM Portable Utilities for i5/OS.                            
http://www-03.ibm.com/servers/enable/site/porting/tools/openssh.
html                                                            
                                                               
a) The interim fix is delivered by applying these PTFs:        
   5.4 5733SC1 SI36891                                          
   6.1 5733SC1 SI36892                                          
                                                               
b) A customer can re-enable unsecured renegotiation by removing
the PTF:                                                        
                                                               
If the PTF has been perm applied, reinstall Option 1 of 5733SC1
                                                               
Additional Considerations                                      
                                                               
1) IBM i WebSphere MQ customers:                                
A customer using IBM WebSphere MQ may need to install APAR      
IZ64859. After installing the TLS/SSL renegotiation disablement
fixes, MQ SSL Secret Key Reset function - controlled by the QMGR
attribute SSLRKEYC or equivalent WMQ client variables - will no
longer function until APAR IZ64859 has been installed.          

Problem Summary

Problem Conclusion

Temporary Fix

Comments

Information APAR                                                

Circumvention


PTFs Available

Affected Modules

         

Affected Publications

Summary Information

Status............................................ CLOSED CAN
HIPER........................................... No
Component..................................
Failing Module..........................
Reported Release................... R540
Duplicate Of..............................




System i Support

    IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

Rate this page:

(0 users)Average rating

Document information


More support for:

i family

Software version:

V5R4M0

Operating system(s):

OS/400

Reference #:

II14533

Modified date:

2010-08-18

Translate my page

Machine Translation

Content navigation