Security Bulletin
Summary
SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS).
Vulnerability Details
CVE-ID: CVE-2014-3566
DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3
IBM Security Directory Server 6.3.1, 6.4
IBM Security Directory Suite 8.0.1
Remediation/Fixes
Insure that the version listed below is installed on the system.
|
Product Version | Fix level |
| IBM Security Directory Suite 8.0.1 | 8.0.1.0 (GA level) |
| IBM Security Directory Server 6.4 | 6.4.0.0 (GA level) |
| IBM Security Directory Server 6.3.1 | 6.3.1.8-ISS-ISDS-IF0008 |
| Tivoli Directory Server 6.3 | 6.3.0.34-ISS-ITDS-IF0034 |
| Tivoli Directory Server 6.2 | 6.2.0.41-ISS-ITDS-IF0041 |
| Tivoli Directory Server 6.1 | 6.1.0.65-ISS-ITDS-IF0065 |
| Tivoli Directory Server 6.0 | 6.0.0.73-ISS-ITDS-IF0073 |
- Though the above Fix levels provide necessary functionality to disable SSLv3, its important to use the latest recommended fix level of SDS/TDS 6.x or SDS 8.0.1. So based on your SDS / TDS version download the latest recommended fix level and install the same along with the latest related products.
Notes:
There are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers)
For TDS or SDS LDAP Servers:
TDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the server by adding the following line to the "cn=Front End, cn=Configuration" entry of the ibmslapd.conf file:
ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10
TDS version 6.3.0.34: SSLV3 can be directly disabled in the server by adding the following line to the "cn=Front End, cn=Configuration" entry of the ibmslapd.conf file:
ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10,TLS11,TLS12
SDS version 8.0.1.*, 6.4.0.* and 6.3.1.8 (and later fix levels): SSLV3 can be directly disabled in the server by adding the following lines to the "cn=SSL, cn=Configuration" entry of the ibmslapd.conf file. Make sure that "ibm-slapdSecurityProtocol: SSLV3" is NOT present.
ibm-slapdSecurityProtocol: TLS10
ibm-slapdSecurityProtocol: TLS11
ibm-slapdSecurityProtocol: TLS12
For TDS or SDS LDAP clients:
TDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.
export LDAP_OPT_SECURITY_PROTOCOL=TLS10
TDS version 6.3.0.34: SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.
export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12
SDS version 8.0.1.*, 6.4.0.* and 6.3.1.8 (and later fix levels) : SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.
export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12
Workarounds and Mitigations
IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.
There are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers)
NOTE: It is strongly recommended that you maintain the latest fix level of both the directory server and GSKit to be sure that you have fixes for all known vulnerabilities and defects as part of your overall security strategy. The latest available fix levels are documented in the technote Fixes by version for IBM Security Directory Server - v.r.m.f levels and build dates
For TDS or SDS LDAP Servers 8.0.1, 6.4 and 6.3.1.8 (and later fix levels):
A) Disable SSLv3 protocol
Enabling FIPS mode will disable SSLv3 on all versions of TDS/SDS. This can be done by setting the following options in the dn: cn=SSL, cn=Configuration entry of ibmslapd.conf and restarting the server:
ibm-slapdSslFIPSModeEnabled: true
ibm-slapdSslFIPSProcessingMode: true
Note: FIPS mode restricts the allowable ciphers for TLS 1.0 to AES (35), AES-128 (2F), and TripleDES-168 (0A). These should be enabled by default, but if you've disabled them, then TLS 1.0 connections will be rejected:
ibm-slapdSslCipherSpec: AES
ibm-slapdSslCipherSpec: AES-128
ibm-slapdSslCipherSpec: TripleDES-168
B) Enable TLS 1.2 and 1.1
TLS 1.0 is enabled by default. TLS 1.2 and 1.1 are only supported on TDS 6.3.0.17 or later, or SDS 6.3.1.0 or later (see note section at bottom), SDS 6.4.0.0 or later and SDS 8.0.1.0 or later. You can enable or disable specific protocols using the ibm-slapdSecurityProtocol attribute of the cn=SSL, cn=Configuration entry in ibmslapd.conf:
# ibm-slapdSecurityProtocol: SSLV3 <- (disable this, enable the rest)
ibm-slapdSecurityProtocol: TLS10
ibm-slapdSecurityProtocol: TLS11
ibm-slapdSecurityProtocol: TLS12
For TLS 1.2 to work, you may add one or more of the following TLS 1.2 ciphers to the cn=SSL, cn=Configuration entry of ibmslapd.conf and restart the server, If none of the TLS 1.2 ciphers are present, then SDS/TDS will initialize a default set of TLS 1.2 ciphers:
# ciphers supported in FIPS mode and used by TDS client
ibm-slapdSslCipherSpec: TLS_RSA_WITH_3DES_EDE_CBC_SHA
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_GCM_SHA256
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_GCM_SHA384
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# ciphers supported in FIPS mode but NOT used by TDS client
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
For TDS or SDS LDAP clients:
Enabling FIPS mode in client applications will also disable SSLv3 the same as on the server. The command line clients which ship with TDS and SDS use the '-x' command line option to enable FIPS mode. However, there is no environment variable to directly control this in the ldap client libraries. FIPS mode can only be enabled by calling the C client API ldap_ssl_set_fips_mode_np(). Third party applications will have different ways to expose this feature (if at all).
If you're using TDS 6.3.0.17 or later clients (see note section at bottom), you can set the environment variable LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12 to disable SSLV3. But this option is not supported on TDS 6.2 or earlier. And like FIPS mode, it is only recognized by TDS or SDS client applications, not directly by the ldap client libraries. Third party applications will have different ways to expose this feature (if at all).
Web Administration Tool:
To disable SSLV3 in the web administratio tool and the embedded Websphere Application Server (eWAS) included with TDS, please see technote #1694300: Disabling SSLv3 for Directory Server Web Admin Tool. at http://www.ibm.com/support/docview.wss?uid=swg21694300
Iinformation on disabling SSLV3 in the full Websphere Application Server (WAS) can be found at http://www.ibm.com/support/docview.wss?uid=swg21687173
Support for TLS 1.0 was added to webadmin version 6.2.0.22 with APAR IO15734, and 6.3.0.11 with APAR IO16024. The webadmin tool for TDS 6.1 and earlier does not support TLS.
HTTP clients (web browsers):
Please refer to the documentation from your browser vendor:
Internet Explorer: https://technet.microsoft.com/en-us/library/security/3009008.aspx
FireFox: http://kb.mozillazine.org/Security.tls.version.*
Chrome: http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE:
- TDS 6.3.0.17 and later: Tivoli Directory Server support for NIST SP 800-131A
- SDS 6.3.1: http://www.ibm.com/support/knowledgecenter/SSVJJU_6.3.1.5/com.ibm.IBMDS.doc_6.3.1.5/ds_ag_srv_adm_secure_dir_comm.html
- SDS 6.4: https://www.ibm.com/support/knowledgecenter/SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_secure_dir_comm.html
- SDS 8.0.1: https://www.ibm.com/support/knowledgecenter/SS3Q78_8.0.1/com.ibm.IBMDS.doc_8.0.1/ds_ag_srv_adm_secure_dir_comm.html
More detailed documentation of TLS 1.2 support and configuration refer "Support for NIST SP 800-131A" section in the following documentation links.
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
21 October 2014: Original Version Published
29 January 2015: corrected instructions under "For TDS or SDS LDAP clients" in the Remediation section
30 January 2015: corrected instructions in the Remediation section
19 March 2018: Added information and clarifications about 6.4 and 8.0.1.
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
<01/13/2015 SB Replaced IC URL with KC URL
Web Administration Tool
http://pic.dhe.ibm.com/infocenter/asehelp/v8r8m0/index.jsp?topic=%2Fcom.ibm.ase.help.doc%2Ftopics%2Ft_enable_fips_websphere.htmlhttp://www.ibm.com/support/knowledgecenter/SSW2NF_8.8.0/com.ibm.ase.help.doc/topics/t_enable_fips_websphere.html>
Historical Number
44446
Product Synonym
LDAP IDS ITDS TDS ISDS SDS
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21687611