Firstly, I generated a signer certificate using the IBM Global Security Toolkit (GSK) with a key length of 2048 bits using the Secure Hashing Algorithm (SHA) as the signature algorithm and Rivest-Shamir-Adleman (RSA) as the encryption algorithm.
This is how I did it: -
/opt/ibm/HTTPServer/bin/gskcapicmd -cert -create -db /opt/ibm/HTTPServer/ssl/keystore.kdb -pw passw0rd -size 2048 -dn "cn=wasdemo.uk.ibm.com,dc=uk,dc=ibm,dc=com" -label "wasdemo.uk.ibm.com" -default_cert yes -sigalg SHA256WithRSA
Having done this, and validated it: -
Having done this, and validated it: -
/opt/ibm/HTTPServer/bin/gskcapicmd -cert -details -db /opt/ibm/HTTPServer/ssl/keystore.kdb -pw passw0rd -label "wasdemo.uk.ibm.com"
...
Key Size : 2048
Version : X509 V3
...
Version : X509 V3
...
Public Key Type : RSA (1.2.840.113549.1.1.1)
Fingerprint : SHA1 :
41 BB 35 E5 6B 21 01 01 4E B4 5E 4B FC 09 BE B5
B2 FD 7B A2
Fingerprint : MD5 :
AC D8 C2 E0 2B E1 23 24 3A DF E8 4A 5E 74 CC CA
Fingerprint : SHA256 :
4D 6D A5 5F 72 6E 35 32 AC DA DE AD 65 E9 6A A1
F8 3B AB A3 B3 08 DC 43 4D 15 4C 3E 78 23 F5 A6
...
Fingerprint : SHA1 :
41 BB 35 E5 6B 21 01 01 4E B4 5E 4B FC 09 BE B5
B2 FD 7B A2
Fingerprint : MD5 :
AC D8 C2 E0 2B E1 23 24 3A DF E8 4A 5E 74 CC CA
Fingerprint : SHA256 :
4D 6D A5 5F 72 6E 35 32 AC DA DE AD 65 E9 6A A1
F8 3B AB A3 B3 08 DC 43 4D 15 4C 3E 78 23 F5 A6
...
Signature Algorithm : SHA256WithRSASignature (1.2.840.113549.1.1.11)
...
...
I then reconfigured the IHS configuration - httpd.conf - for TLS: -
...
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 8443
<VirtualHost *:8443>
SSLFIPSEnable
SSLProtocolEnable TLSv12
SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11
SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_256_CBC_SHA256SSLEnable
</VirtualHost>
KeyFile /opt/ibm/HTTPServer/ssl/keystore.kdb
SSLCacheErrorLog /opt/ibm/HTTPServer/logs/sidd_log
SSLCachePortFilename /opt/ibm/HTTPServer/logs/siddport
ScriptSock logs/cgisock
SSLDisable
...
Listen 8443
<VirtualHost *:8443>
SSLFIPSEnable
SSLProtocolEnable TLSv12
SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11
SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_256_CBC_SHA256SSLEnable
</VirtualHost>
KeyFile /opt/ibm/HTTPServer/ssl/keystore.kdb
SSLCacheErrorLog /opt/ibm/HTTPServer/logs/sidd_log
SSLCachePortFilename /opt/ibm/HTTPServer/logs/siddport
ScriptSock logs/cgisock
SSLDisable
...
I've highlighted the four pertinent lines, one of which enforces a specific cipher - TLS_RSA_WITH_AES_256_CBC_SHA256.
I then validated the SSL/TLS configuration: -
/opt/ibm/HTTPServer/bin/apachectl -DDUMP_SSL_CONFIG
SSL configuration:
Default server
Server name: wasdemo.uk.ibm.com:8080
SSL enabled: NO
SSL server defined at: /opt/ibm/HTTPServer/conf/httpd.conf:858
Server name: wasdemo.uk.ibm.com:8443
SSL enabled: YES
FIPS enabled: 1
Keyfile: /opt/ibm/HTTPServer/ssl/keystore.kdb
Protocols enabled: TLSv12
Ciphers for SSLV2: (protocol disabled)
Ciphers for SSLV3: (protocol disabled)
Ciphers for TLSv10: (protocol disabled)
Ciphers for TLSv11: (protocol disabled)
Ciphers for TLSv12: TLS_RSA_WITH_AES_256_CBC_SHA256(3D)
Syntax OK
which looked A-OK.
I then started IHS: -
/opt/ibm/HTTPServer/bin/apachectl -k start -f /opt/ibm/HTTPServer/conf/httpd.conf
I then monitored the error log: -
tail -f /opt/ibm/HTTPServer/logs/error_log
[Mon Oct 05 13:55:36 2015] [notice] Using GSKit version 8.0.50.34
[Mon Oct 05 13:55:36 2015] [notice] WebSphere Plugins loaded.
[Mon Oct 05 13:55:36 2015] [notice] Bld version: 8.5.5
[Mon Oct 05 13:55:36 2015] [notice] Bld date: Oct 30 2014, 11:39:36
[Mon Oct 05 13:55:36 2015] [notice] Webserver: IBM_HTTP_Server
[Mon Oct 05 13:55:36 2015] [notice] Using config file /opt/ibm/HTTPServer/conf/httpd.conf
[Mon Oct 05 13:55:36 2015] [notice] IBM_HTTP_Server/8.5.5.4 (Unix) configured -- resuming normal operations
[Mon Oct 05 13:55:36 2015] [notice] Core file limit is 0; core dumps will be not be written for server crashes
[Mon Oct 05 13:55:36 2015] [notice] Using GSKit version 8.0.50.34
[Mon Oct 05 13:55:36 2015] [notice] WebSphere Plugins loaded.
[Mon Oct 05 13:55:36 2015] [notice] Bld version: 8.5.5
[Mon Oct 05 13:55:36 2015] [notice] Bld date: Oct 30 2014, 11:39:36
[Mon Oct 05 13:55:36 2015] [notice] Webserver: IBM_HTTP_Server
[Mon Oct 05 13:55:36 2015] [notice] Using config file /opt/ibm/HTTPServer/conf/httpd.conf
[Mon Oct 05 13:55:36 2015] [notice] IBM_HTTP_Server/8.5.5.4 (Unix) configured -- resuming normal operations
[Mon Oct 05 13:55:36 2015] [notice] Core file limit is 0; core dumps will be not be written for server crashes
and tested IHS using a variety of browsers ( on my Mac, whilst IHS runs on Linux ): -
Interestingly, I got a variety of responses, none of them good: -
Firefox 41.0.1
An error occurred during a connection to wasdemo.uk.ibm.com:8443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
Chrome 45.0.2454.101
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Opera 32.0
This webpage is not available
A secure connection cannot be established because this site uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Opera 32.0
This webpage is not available
A secure connection cannot be established because this site uses an unsupported protocol.
Interestingly, Apple Safari had a completely different result: -
Safari Version 9.0 (10601.1.56.2)
It just worked :-)
I checked the IHS error log, and saw: -
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd9780028d0] [123070] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51689 -> 192.168.1.80:8443] [13:58:41.000261206] 0ms
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd9800028d0] [123106] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51690 -> 192.168.1.80:8443] [13:58:41.000268287] 0ms
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd97c0008c0] [123070] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51691 -> 192.168.1.80:8443] [13:58:41.000611417] 0ms
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd9840008c0] [123106] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51692 -> 192.168.1.80:8443] [13:58:41.000632584] 0ms
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd9800028d0] [123106] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51690 -> 192.168.1.80:8443] [13:58:41.000268287] 0ms
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd97c0008c0] [123070] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51691 -> 192.168.1.80:8443] [13:58:41.000611417] 0ms
[Mon Oct 05 13:58:41 2015] [warn] [client 192.168.1.77] [7fd9840008c0] [123106] SSL0222W: SSL Handshake Failed, No ciphers specified. [192.168.1.77:51692 -> 192.168.1.80:8443] [13:58:41.000632584] 0ms
After some digging, consideration and further digging, I concluded that it's all my fault :-)
In essence, I've chosen a cipher that the three "failing" browsers do not support, and I've "told" IHS to only use that one cipher.
There were a few mitigations: -
(1) Amend httpd.conf and relax the need to only use that one cipher: -
SSLCipherSpec TLSv12 +TLS_RSA_WITH_AES_256_CBC_SHA256
( in other words, I added a single plus + character to the beginning of the cipher name )
This is validated thusly: -
/opt/ibm/HTTPServer/bin/apachectl -DDUMP_SSL_CONFIG
SSL configuration:
Default server
Server name: wasdemo.uk.ibm.com:8080
SSL enabled: NO
SSL server defined at: /opt/ibm/HTTPServer/conf/httpd.conf:858
Server name: wasdemo.uk.ibm.com:8443
SSL enabled: YES
FIPS enabled: 1
Keyfile: /opt/ibm/HTTPServer/ssl/keystore.kdb
Protocols enabled: TLSv12
Ciphers for SSLV2: (protocol disabled)
Ciphers for SSLV3: (protocol disabled)
Ciphers for TLSv10: (protocol disabled)
Ciphers for TLSv11: (protocol disabled)
Ciphers for TLSv12: TLS_RSA_WITH_AES_128_GCM_SHA256(9C),TLS_RSA_WITH_AES_256_GCM_SHA384(9D),TLS_RSA_WITH_AES_128_CBC_SHA256(3C),TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A),TLS_RSA_WITH_AES_256_CBC_SHA256(3D)
Syntax OK
(2) Choose another cipher IF I wish to only offer one up: -
SSLCipherSpec TLSv12 TLS_RSA_WITH_AES_256_CBC_SHA
Note how similar that is to the one that I had previously chosen: -
Old / non-working TLS_RSA_WITH_AES_256_CBC_SHA256
Working TLS_RSA_WITH_AES_256_CBC_SHA
/opt/ibm/HTTPServer/bin/apachectl -DDUMP_SSL_CONFIG
SSL configuration:
Default server
Server name: wasdemo.uk.ibm.com:8080
SSL enabled: NO
SSL server defined at: /opt/ibm/HTTPServer/conf/httpd.conf:858
Server name: wasdemo.uk.ibm.com:8443
SSL enabled: YES
FIPS enabled: 1
Keyfile: /opt/ibm/HTTPServer/ssl/keystore.kdb
Protocols enabled: TLSv12
Ciphers for SSLV2: (protocol disabled)
Ciphers for SSLV3: (protocol disabled)
Ciphers for TLSv10: (protocol disabled)
Ciphers for TLSv11: (protocol disabled)
Ciphers for TLSv12: TLS_RSA_WITH_AES_256_CBC_SHA(35b)
Syntax OK
Default server
Server name: wasdemo.uk.ibm.com:8080
SSL enabled: NO
SSL server defined at: /opt/ibm/HTTPServer/conf/httpd.conf:858
Server name: wasdemo.uk.ibm.com:8443
SSL enabled: YES
FIPS enabled: 1
Keyfile: /opt/ibm/HTTPServer/ssl/keystore.kdb
Protocols enabled: TLSv12
Ciphers for SSLV2: (protocol disabled)
Ciphers for SSLV3: (protocol disabled)
Ciphers for TLSv10: (protocol disabled)
Ciphers for TLSv11: (protocol disabled)
Ciphers for TLSv12: TLS_RSA_WITH_AES_256_CBC_SHA(35b)
Syntax OK
My conclusion is four-fold: -
(i) Obviously Firefox, Chrome and Opera don't support TLS_RSA_WITH_AES_256_CBC_SHA256 whereas TLS_RSA_WITH_AES_256_CBC_SHA is OK
(ii) Do I really need to only expose a single cipher ? What happens if a client pitches up who just can not support that ?
(iii) If not (ii), then the use of the + symbol allows the browser to negotiate an agreed cipher within a fairly limited range
(iv) Safari rocks :-)
Interestingly, there was obviously nothing wrong with TLS_RSA_WITH_AES_256_CBC_SHA256 as I was able to successfully validate the configuration: -
/opt/ibm/HTTPServer/bin/apachectl configtest
Syntax OK
However, once I moved to a single AND supported/working cipher - - the browsers were all happy: -
Opera
Chrome
Firefox
Safari
So I couldn't find a way to get Safari to display a padlock for certain sites, including this one :-(
And Finally
For the record, I also validated the secure connection using openssl from the Red Hat CLI, as follows: -
openssl s_client -connect wasdemo.uk.ibm.com:8443
CONNECTED(00000003)
depth=0 DC = com, DC = ibm, DC = uk, CN = wasdemo.uk.ibm.com
verify error:num=18:self signed certificate
verify return:1
depth=0 DC = com, DC = ibm, DC = uk, CN = wasdemo.uk.ibm.com
verify return:1
---
Certificate chain
0 s:/DC=com/DC=ibm/DC=uk/CN=wasdemo.uk.ibm.com
i:/DC=com/DC=ibm/DC=uk/CN=wasdemo.uk.ibm.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDfjCCAmagAwIBAgIIWz28JlZ2dN4wDQYJKoZIhvcNAQELBQAwXTETMBEGCgmS
JomT8ixkARkTA2NvbTETMBEGCgmSJomT8ixkARkTA2libTESMBAGCgmSJomT8ixk
ARkTAnVrMR0wGwYDVQQDExRuZW1kZW1vLm5ic25ldC5jby51azAeFw0xNTEwMDIw
NTU4MDlaFw0xNjEwMDIwNTU4MDlaMF0xEzARBgoJkiaJk/IsZAEZEwNjb20xEzAR
BgoJkiaJk/IsZAEZEwNpYm0xEjAQBgoJkiaJk/IsZAEZEwJ1azEdMBsGA1UEAxMU
bmVtZGVtby5uYnNuZXQuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDDYlZ/rqMSk8VYTSc0SjaReE75vK5wE+Bn7UAk4tU4VOGV760Gb66norBt
YK/RaoSqfrpxXFapNwXl6w1N37a4tECbtN+hn/6cS312DD4fXVR/bTBJwbxb9Jy3
N2SUlfzEgCfWyopTtNa0BID7M4aWS3F5/D52eCRMVszfJhpm/NCDF1FWCSk+UN1I
dbHnv91tMAGLGVrZ79YMhQH9wyU8Wpujr3/mGU3JuejCDFAXLhtxe7/59FvRLsWw
DGbIrEGbwp9tiGpKUBQT7xt3tr4j/DhZNLz1seS+I3jgFcuF416u3HsVj6Iv4C1j
OAEaC7Jvnkv0p++ceNGW/7ipkBWNAgMBAAGjQjBAMB0GA1UdDgQWBBS+o2rAAIZl
ydjc3Tvr2GssMllXdDAfBgNVHSMEGDAWgBS+o2rAAIZlydjc3Tvr2GssMllXdDAN
BgkqhkiG9w0BAQsFAAOCAQEAaSa8+jdSnp6YaMqjtRtJmRBKkXgFRnvM+/CBEZGg
EP26wmg7QJHmcou8neL9sQoE+73JuBiW4WlUfb2Ah/So5RJIGJJT4dXemj0DFaSN
7FtZBIIeeQosBYkddqR7Hs5AvKtUK3m0l9axlLRPRIMcgzGrtw81A9BhJjTo+2J6
YmFF6aSOHIoYbFLfjxdswGVxR//nomikQCIp+MEBvMKC9yvj/mIR6MN0ajJhspNc
nS9+9M1pPJoakxaEwJvH7J2m78PaCelZKmJIT/tuYQyvFkkY7wPa5wKhEM3ygyCK
wCYU3gndC/O649huI6PqvNeXIaYZW4UNTerMK+yN+RjUuA==
-----END CERTIFICATE-----
subject=/DC=com/DC=ibm/DC=uk/CN=wasdemo.uk.ibm.com
issuer=/DC=com/DC=ibm/DC=uk/CN=wasdemo.uk.ibm.com
---
No client certificate CA names sent
---
SSL handshake has read 1073 bytes and written 591 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA Session-ID: E3E101009910CB491F45C7B8645FBE55D98F6B0258585858AC87125600000042
Session-ID-ctx:
Master-Key: DFB1AE0092F7EE2A0815C803E0BF80DC9520E9657B4670F8311DAF40B79170F5D91D4D8B4C389BE110CED221F090FB7E
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1444054956
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
*UPDATE 6 October 2015*
This section of the IBM Knowledge Center: -
SSL cipher specifications
was also extremely useful.
*UPDATE 6 October 2015*
No comments:
Post a Comment