best practice tls for ibm domino

Best Practice Transport Layer Security (TLS) for IBM Domino using TLS 1.2Jared Roberts | Senior Consultant

primaxis.com.au

June 11th & 12th, Melbourne, AustraliaMeet.Share.Learn.Connect @AusLUG #@Inform2015

• This presentation represents my individual experiences, thoughts and opinions and do not represent of the views of my employer, Inform2016, AusLUG, IBM, IBM Business Partners or any other organisation or entity.

• This presentation may contain the following copyrighted, trademarked, and/or restricted terms:

• I (most likely) don’t know more about stuff than you do…. feel free to call me out on errors in my presentation & publicly humiliate me as you see fit.

Disclaimer

• IBM® Notes®

• IBM® Domino®

• IBM® Connections

• IBM® WebSphere®

• IBM® DB2

• IBM® AIX®

• Tivoli®

• Linux®

• Java®

• Microsoft®

• Windows®

• Red Hat®

• Skype®

• Twitter®

• Facebook®

March 10th & 11th, Sydney, AustraliaMeet.Share.Learn.Connect @AusLUG #@Inform2016

Speaker

Jared Roberts ● Senior Consultant – Primaxis

• From Melbourne

• 11-year rookie in IBM Collaboration Software

• Admin of many of the things we are here talking about

• I’m a fan of “The User”

• Business analysis, presales, consulting, security audits, design & delivery of Domino, Notes, Sametime, Traveler, Connections, TDI, SoftLayer and all the related bits they interact with

• Remarkably average but adequate and often completely useless developer

• Drummer in Desecrator (the best band you’ve never heard of)


SSL/TLS - Who Cares right?


SSL/TLS - Who Cares right?

• Encryption in not a ‘nice to have’ – it’s an absolute MUST

• Data can be intercepted while being transferred between clients and servers, or between servers ie:– Email– Payment Information– Credentials

• Now seeing the deprecation/planned deprecation of SSLv3 and SHA1 support in Browsers– IE (Jan 2017, code-signing Jan 2016)– Chrome (Jan 2017, version and cert date conditional)– FireFox (Jan 2017, phased)– Safari (same?)


Encryption

what is encryption?• The most effective way to achieve ‘data security’

– process of encoding information so only authorised parties can read it– data is ‘unrecognisable’ or unreadable unless you have the ‘key’ to decrypt

it– does not prevent interception

what are SSL certificates?• Small digital files that that authenticate the identity of a website

and encrypt information

• Binds the ‘key’ to the organisation’s details


SSL Certificate

• An SSL certificate holds the following info:– The certificate holder's name– The certificate's serial number and expiration date– A copy of the certificate holder's public key– The digital signature of the certificate-issuing authority


Acronyms!!!

SSL• Secure Sockets Layer

• A cryptographic protocol designed to provide communications security over a computer network

• 3 versions (version 1.0 never publicly released) all of which are now deprecated and considered insecure– SSLv1.0– SSLv2.0– SSLv3.0

• POODLE exploit was the nail in the coffin for SSLv3– replaced by TLS


Acronyms!!!

TLS• Transport Layer Security

• A cryptographic protocol same as SSL. It’s actually SSL’s ‘successor’– SSLv3.1 but was renamed to reflect open standard

• 3 versions – TLS1.0 (considered insecure due to ability to downgrade to SSLv3*)– TLS1.1– TLS1.2

• Updated constantly as required– version 1.3 in Draft now


Acronyms!!!

HTTPS• Method for secure communication over HyperText Transfer

Protocol (HTTP)

• Often referred to as HTTP Secure, HTTP over TLS/SSL

• Data transferred over HTTPS provides:– bidirectional encryption of data in transit– with correct implementation can protect against MIM attacks*, and a

level of confidence that you’re connecting with who you think you are connecting to!


Acronyms!!!

SHA1• Cryptographic hash function traditionally used in most SSL

certificates

• Widely used in many protocols (TLS and SSL, PGP, SSH, S/MIME, and IPsec)

• M$, G00gle and Mozilla have announced deprecation plans

SHA2• Family of cryptographic hash functions

• An updated version of SHA1– SHA1 found to be more insecure

• 6 hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256)


Acronyms!!!

AES• Advanced Encryption Standard

• Based on “Rijndael” cipher family - widely used as government standard

• Supersedes DES (Data Encryption Standard) which is now vulnerable to brute force attack

Ciphers• Algorithm for performing encryption and decryption

• Work on blocks of symbols usually of a fixed size (block ciphers), or on a continuous stream of symbols (stream ciphers)


What happened and keeps happening…

Man In The Middle Attack (MIM, MITM)



Man In The Middle Attack (MIM, MITM)• A type of attack where the attacker secretly intercepts, relays and

possibly alters communication between two parties who believe they are directly communicating with each other



POODLE• “Padding Oracle On Downgraded Legacy Encryption”

• An exploit that allowed attackers to trick a session to use SSL rather than TLS then during that session use a design flaw in SSL 3.0 to snoop on the session

What it did• It allowed attackers to perform a man in the middle attack

How it was stopped• We all turned off SSLv3 on the servers (then users screamed at us and

the browser war escalated)



SLOTH• “Security Loss due to the use of Obsolete and Truncated Hash

constructions”

• SLOTH relies on the ability to exploit older hash techniques

• If the hash technique isn’t sophisticated enough a “collision” of a hash for two different messages can be generated

• OpenSSL 1.0.1.e and earlier are affected

• Any servers using TLS 1.2 and MD5 encryption are affected



FREAK• “Factoring RSA Export Keys”

• A vulnerability cased by the growth of cheap computing power

• A "512-bit export-grade key“ now be broken with a bit of math's called the "Number Field Sieve algorithm"* and about ~ $150 of cloud computing

What it did• Allowed the attacker to perform a man in the middle attack

How it was stopped• Disabled "TLS export cipher suites" either by updating browsers,

disabling the feature in servers or updating libraries that used them



HEARTBLEEDA "buffer over-read" vulnerability in the TLS heartbeat extension of OpenSSL caused by a missing input validation check

What it did• Allowed an attacker to read up to 64 kilobytes of the servers active

memory for each attack, memory that was very likely to contain secure information

How it was stopped• Updated all clients/servers to a patched version of OpenSSL

• Reissued all certificates where there was any chance they could have been compromised



• BEAST

• LOGJAM

• CRIME

• BREACH

• DROWN

• BERSERK

• KOMODIA

• …......more


Creating a Certificate

CERTIFICATE STRUCTURE• Certificate Authority (CA)

• Private Key

• Trusted Roots (root and intermediate certificates)

• To generate a certificate and key store– key file– certificate request with the details of your certificate– trusted roots and intermediates (or your CA)– signed certificate from your CA


The key – creating the identity


TLS Handshake - validation

• How validation works (the TLS handshake)


TLS Handshake - validation


Structure of Certificates

• Personal Information Exchange Format (PKCS#12)– .pfx– .p12

• Cryptographic Message Syntax Standard (PKCS#7)– .p7b– .p7r

• Base64-encoded X.509– .cer– .crt

• DER-encoded binary X.509– .cer– .crt– .der

• Privacy-enhanced Electronic Mail– .pem

• Certificate Signing Request– .csr

• OpenSSL can convert most certificate forms to most other forms

Certificate formats


SHA2 - Getting it done in Domino

What you need:

• OpenSSL– An open source library of SSL and TLS cryptography– Available for most platforms– Developed and managed by https://www.openssl.org– Create, convert & extract certificates and keystores

• Domino KYR Tool– Tool to create SHA2 key stores for Domino

• Certificate Signing Authority



Creating a SHA2 Certificate in Domino

• SHA2 Support introduced in 2015

• Domino must be 9.0.1 FP3 or higher

• Notes must be 9.0.1 FP3 or higher


Installing OpenSSL

• Shining Light Productions download– https://slproweb.com/download/Win64OpenSSL_Light-1_0_2g.exe

• Available for most platforms

• Only need the Lite version for this application


Installing OpenSSL



• Firstly decide on the key size– May be decided by business or legal requirements– Larger the better – harder to decrypt– Not all systems support larger key sizes

• Set the OPEN_SSL_Conf environment variable (Windows only)– Set OpenSSL_Conf=c:\openssl\openssl.cfg



• Verify the file has been created



• Create a key of length 4096*– openssl genrsa –out pmxsrver.key 4096



• Create a Certificate Signing Request (CSR)

• You send this to your Certificate Authority (CA)– either on-premise or purchase

• The CSR is checked and verified the the CA.

• Any errors – you can recreate the request



• openssl req -new -sha256 –key pmxserver.key –out pmxserver.csr



• Verify the file has been created



• Send to the signing fairies– Company CA– Third Party CA (VeriSign, Symantec, GeoTrust, RapidSSL)



• Domino KYR Files– Traditionally used the Server Certificate Admin application (certsrv.nsf)– Certsrv.nsf not used any more– Domino KYR Tool (must be 9.0.1 FP2 IF1 and above)– Creates a SHA2 keystore that is recognised by Domino

• Download the KYR Tool from Fix Central– http://ibm.co/1SAYX5E

• Unpack & place kyrtool.exe in Notes/Domino Program directory

• **opinion**Please don’t run the kyrtool on your Domino server – use a Notes client !



• Create the KYR keystore– kyrtool create -k c:\IBM\Notes\data\pmxwildserver.kyr -p somethingstrongplease



• This will create 2 files– Domino KYR key store (.kyr)– Key store password stash file (.sth)



• Collect your files– Server Private Key– Server Certificate Request– Server Certificate (signed and returned to you by CA)– Root and Intermediate certificates– Key store file and stash file

• Root and Intermediate certs – order matters



• Now need to install all of the root, intermediate, server and keys into the key store.

• 2 options– Use OpenSSL to merge the roots, inters, server certs and keys into

one text file before importing into the KYR file– Import the certificates individually



Import using combined file

• concatenate all certificates to a text file– type pmxserver.key pmxserver.crt intermediate1.crt intermediate2.crt root.crt >

pmxallcerts.txt




• Verify the certificate chain– kyrtool verify C:\TLS\pmxallcerts.txt

Successfully read 4096 bit RSA private keyINFO: Successfully read 4 certificatesINFO: Private key matches leaf certificateINFO: IssuerName of cert 0 matches the SubjectName of cert 1INFO: IssuerName of cert 1 matches the SubjectName of cert 2INFO: IssuerName of cert 2 matches the SubjectName of cert 3




• Import the text file to the KYR– kyrtool import all -k C:\TLS\pmxwildserver.kyr -i C:\TLS\pmxallcerts.txt



Import individually

• Issue series of import commands to merge the root, intermediates, server cert and server key into the key ring file

– kyrtool import roots -i C:\TLS\GeoTrust_Global_CA.cer -k C:\TLS\pmxwildserver.kyr – kyrtool import roots -i C:\TLS\intermediate1.txt -k C:\TLS\pmxwildserver.kyr – kyrtool import roots -i C:\TLS\intermediate2.txt -k C:\TLS\pmxwildserver.kyr – kyrtool import keys -i C:\TLS\pmxserver.key -k C:\TLS\pmxwildserver.kyr – kyrtool import certs -i C:\TLS\pmxcert.crt -k C:\TLS\pmxwildserver.kyr



• Verify! Verify!– kyrtool show keys -k C:\TLS\pmxwildserver.kyr– kyrtool show certs -k C:\TLS\pmxwildserver.kyr


SHA2 - Using it in Domino

• Install to servers & configure internet site documents

• Can be used in the following:– ANY web site (iNotes, apps, etc)– Traveler– S/MIME (encrypted mail)– Mail Protocols (SMTP, IMAP, POP3)– LDAP– DIIOP (must have 9.0.1 FP5)



Best Practice

• Disable SSLv3– Notes.ini - DISABLE_SSLV3=1

• Disable TLS1.0 (if required)– Notes.ini - SSL_DISABLE_TLS_10

• Cipher configuration...


Ciphers – what are they again?

• Algorithm for performing encryption and decryption

• Combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate the security settings for a network connection




Ciphers• TLS delivered as IF prevented updates to Admin client

• Cipher configuration via UI no longer used

• Notes.ini parameter SSLCipherSpec to control ciphers– example: SSLCipherSpec=C030009F009D



RSA_WITH_AES_256_GCM_SHA384 (009D)

RSA_WITH_AES_128_GCM_SHA256 (009C)

RSA_WITH_AES_256_CBC_SHA256 (003D)

RSA_WITH_AES_256_CBC_SHA (0035)

RSA_WITH_AES_128_CBC_SHA256 (003C)

RSA_WITH_AES_128_CBC_SHA (002F)

RSA_WITH_3DES_EDE_CBC_SHA (000A)

RSA_WITH_RC4_128_SHA (0005)

ECDHE_RSA_WITH_AES_256_GCM_SHA384 (C030)

DHE_RSA_WITH_AES_256_GCM_SHA384 (009F)

ECDHE_RSA_WITH_AES_128_GCM_SHA256 (C02F)

DHE_RSA_WITH_AES_128_GCM_SHA256 (009E)

ECDHE_RSA_WITH_AES_256_CBC_SHA384 (C028)

DHE_RSA_WITH_AES_256_CBC_SHA256 (006B)

ECDHE_RSA_WITH_AES_256_CBC_SHA (C014)

DHE_RSA_WITH_AES_256_CBC_SHA (0039)

ECDHE_RSA_WITH_AES_128_CBC_SHA256 (C027)

DHE_RSA_WITH_AES_128_CBC_SHA256 (0067)

ECDHE_RSA_WITH_AES_128_CBC_SHA (C013)

Cipher List – TLS1.2


Transferrable to WebSphere?

• A 4096 certificate can generate an error when attempting to add to WebSphere

• “RSA premaster secret” error

• You need to add the unrestricted policy files to WebSphere for the 4096 certificate length to be imported- ibm.co/1JZGs3z



• OpenSSL– use to create p12/jks keystore and import cert & private key

• IBM HTTP Server– open existing kdb key store and import from p12

• Make sure your roots and intermediate certs are up to date!



• Mail, Traveler, Connections, Sametime all using same certificate


Development

• Where possible – try and implement production certificates into the development environment

• If not possible – create a self-signed certificate with the same parameters

• Keep documentation up to date!


SSL Labs test


Summary

• Hackers across the internet are working around the clock to bust encryption

• Every week there are vulnerabilities discovered

• You need to understand where the vulnerabilities are, how to watch for them and how to protect against them


THANK YOU !!

http://auslug.org/survey2016


Resources

• https://www-10.lotus.com/ldd/dominowiki.nsf/dx/3rd_Party_SHA-2_with_OpenSSL_and_kyrtool

• https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_1.2

• http://www.slideshare.net/gabturtle/1086-the-ssl-problem-and-how-to-deploy-sha2-certificates-with-mark-myers?ref=http://turtleblog.info/

• http://www-10.lotus.com/ldd/dominowiki.nsf

• http://wikipedia.org/

best practice tls for ibm domino

Technology