Configuring OpenSSL for Intermapper

Overview

With the exposure of OpenSSL Heartbleed, penetration testing on the servers is more common. To some scanning software, Intermapper appears be vulnerable to certain OpenSSL attacks. This document describes the upgrade of OpenSSL support in Intermapper 5.8.2 or later to address vulnerabilities in SSL-based services.

Note: If you make changes to the ssl.conf file, be sure to restart the Intermapper and Intermapper DataCenter services.

OpenSSL (v1.0.1j)

Intermapper 5.8.2 uses OpenSSL (v1.0.1j). Because the OpenSSL library is statically linked, introducing newer OpenSSL shared libraries through operating system upgrades does not remediate vulnerabilities. A new version of Intermapper is required.

Intermapper Services

Intermapper contains three SSL-based servers:

• IM web server (port 443)
• IM Kali server (port 8181)
• IM DataCenter server (port 8182)

Versions prior to 5.8.2 supported only SSLv3 and TLSv1.0. Through upgrade to OpenSSL v1.0.1, version 5.8.2 adds support for TLSv1.1 and TLSv1.2. Intermapper supports SSLv3 and TLSv1.0 protocols by default. Intermapper's clients request TLSv1.2.

Configuring Intermapper's SSL Services

All of Intermapper's SSL-based servers use a single configuration file to control the SSL features supported by your particular Intermapper installation.

Here's what you can control:

• SSL protocols offered — You can disable protocols deemed vulnerable. For example, a common fix for the POODLE vulnerability is to disable SSLv3.
• SSL ciphers offered — Vulnerable ciphers can be blocked to mitigate future issues. For example, an alternative fix for the POODLE vulnerability, without disabling SSLv3, is to disable CBC-based ciphers and promote RC4-based ones.
• Behavior options — For example, you can disable client-initiated session renegotiation completely.

TLSv1.0 Is Still Required for 6.2.2 and earlier

These enhancements provide access to newer protocols (TLSv1.1 and TLSv1.2) and a number of new encryption schemes. If TLSv1.1 or TLSv1.2 is enabled, Intermapper's web interfaces (with an appropriate browser) and python clients for Intermapper DataCenter can take advantage of them. Intermapper's Mac and Windows installers include Java 7, which does not enable TLSv1.1 and TLSv1.2. For this reason, TLSv1.0 was still required for Intermapper's Java clients.

Intermapper started shipping Java 8 with version 6.0 The requirement to include TLS 1.0 has been removed for Intermapper 6.2.3 and newer.

SSL Configuration File (ssl.conf)

An example configuration file named "ssl.conf.example", is installed in the Intermapper_Settings directory.

If available (and readable), all Intermapper servers load "ssl.conf" during startup.

To activate SSL control using the configuration file:

1. Copy "ssl.conf.example" to "ssl.conf".
2. Make changes as described below to select the options you want.
3. Restart the Intermapper and Intermapper DataCenter servers.

The file contains three elements:

• Protocols — select SSL protocol versions to be offered by the server.
• Ciphers — select encryption cipher suites to be offered by the server.
• Options — control other security options for the servers.

Each requires a value in double-quotes:

Protocols "[configuration string]"
Ciphers "[configuration string]"		
Options "[configuration string]"		

Contents of ssl.conf.example:

#
#
# ssl.conf for Intermapper Server and Intermapper DataCenter
#
# The file 'ssl.conf' will be loaded on server startup if it is located in the
# root of the Intermapper_Settings folder. 
# It must be readable by the intermapper user.
#
#
# Protocols - select SSL/TLS protocol versions to support.
#
# Valid protocols are:
#    SSLv3    SSL version 3
#    TLSv1.0  TLS version 1.0
#    TLSv1.1  TLS version 1.1
#    TLSv1.2  TLS version 1.2
#    TLSv1    all TLS v1.x
#    ALL      all protocols
#

# This is the default:
# Protocols "ALL"
# To disable SSLv3:
# Protocols "ALL:-SSLv3"
#
# Ciphers - select ciphers to allow.
#
# See CIPHER STRINGS in https://www.openssl.org/docs/apps/ciphers.html
#
# This is the default for Intermapper server:
# Ciphers "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"


#
# Options - enable or disable SSL server behaviour
#
# Valid options are:
#    [+|-]ClientInitiatedRenegotiation
#                  - allow client-initiated session renegotiation
#    [+|-]CipherServerPreference
#                  - use server preferences for choice of cipher
# This is the default:
# Options "+ClientInitiatedRenegotiation:-CipherServerPreference"
		

Comment lines, beginning with "#", and empty lines are ignored.

Under normal installation conditions, the Intermapper Settings directory will be located at:

Mac /Library/Application Support/Intermapper Settings

Linux, Unix /var/local/Intermapper_Settings

Windows c:\ProgramData\Intermapper\Intermapper Settings

Protocols

This takes the form of a colon-delimited list of protocols that will be supported by the server, from the following:

• ALL - all protocols below
• SSLv3 - SSL version 3
• TLSv1 - all TLS v1.x protocols
• TLSv1.0 - TLS version 1.0
• TLSv1.1 - TLS version 1.1
• TLSv1.2 - TLS version 1.2

A prefix of + or - may be applied to enable or disable a protocol; + is assumed if neither is supplied. For example:

Protocols "ALL:-SSLv3"			

This enables support for TLSv1.0, TLSv1.1, TLSv1.2, equivalent to "TLSv1". Another example:

Protocols "ALL:-SSLv3:-TLSv1.0:-TLSv1.1"			

This disables support for SSLv3, TLSv1.0, and TLSv1.1, and supports a requirement for TLS 1.2.

The servers will negotiate the highest possible protocol version in common with client support. At least one protocol must be supported, or the servers will resort to default configuration (ALL).

Note that Java-based Intermapper clients such as the Intermapper Console and Intermapper RemoteAccess currently require TLSv1.0 support. Without it, they will fail to connect to the Intermapper server.

Ciphers

This is a colon-delimited list of OpenSSL cipher strings, as described in the sections CIPHER LIST FORMAT and CIPHER STRINGS in the document:

https://www.openssl.org/docs/apps/ciphers.html

The Intermapper server default is:

Ciphers "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"			

The --ciphers argument to the Intermapper server program can be used to list cipher suites. It is functionally equivalent to the 'openssl cipher -v ' command described in the above document. A cipherlist of ALL will show all supported ciphers, DEFAULT will show the Intermapper default (without further configuration), and anything else will be interpreted as a cipherlist to be decoded.

Here's the full list of cipher suites available at the server:

# /usr/local/bin/intermapperd --ciphers ALL
SSL library: OpenSSL 1.0.1j 15 Oct 2014 (SSLv3,TLSv1.0,TLSv1.1,TLSv1.2)
Showing all available ciphers:
  ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
  ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
  ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
  ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
  ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
  ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
  SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
  SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
  SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
  DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
  DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
  DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
  DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
  DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
  DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
  DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
  DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
  ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
  ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
  ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
  ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
  ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
  ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
  AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
  AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
  AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
  CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
  PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
  ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
  ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
  ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
  ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
  ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
  ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
  SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
  SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
  SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
  DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
  DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
  DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
  DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
  DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
  DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
  DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
  DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
  DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
  DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
  ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
  ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
  ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
  ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
  ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
  ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
  AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
  AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
  AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
  SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
  CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
  PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
  ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
  ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
  ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
  ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  Mac=SHA1
  RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
  RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
  PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
  ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
  ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
  SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
  SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
  SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=SRP  Enc=3DES(168) Mac=SHA1
  EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
  EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
  ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
  ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
  DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
  PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
  EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
  EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
  DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
  EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
  EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
  EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
  EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
  EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

 

This output comes direct from the OpenSSL library. The columns are: cipher suite, the minimum protocol version for that cipher suite, key exchange (Kx) algorithm, authentication (Au) algorithm and key size, hashing algorithm (Mac), and the final column indicates whether or not the scheme is an export version.

You can look at a potential Ciphers configuration by specifying it as a parameter to the --ciphers command-line option. On Mac, Linux and Unix, be sure to use single quotes to enclose the string, as shells will expand exclamation marks:

# /usr/local/bin/intermapperd --ciphers 'RC4:@STRENGTH'
SSL library: OpenSSL 1.0.1j 15 Oct 2014 (SSLv3,TLSv1.0,TLSv1.1,TLSv1.2)
Showing custom cipher list:
  ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
  ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
  AECDH-RC4-SHA           SSLv3 Kx=ECDH     Au=None Enc=RC4(128)  Mac=SHA1
  ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5
  ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
  ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  Mac=SHA1
  RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
  RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
  RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
  PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
  EXP-ADH-RC4-MD5         SSLv3 Kx=DH(512)  Au=None Enc=RC4(40)   Mac=MD5  export
  EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
  EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

On Windows, use double-quotes to enclose the string:

C:\>"\Program Files\Intermapper\Intermapper.exe" --ciphers "ALL:!ADH:!AES:!MD5:!DES:!RC4:!CAMELLIA:!CBC3:!PSK:!SRP"
SSL library: OpenSSL 1.0.1j 15 Oct 2014 (SSLv3,TLSv1.0,TLSv1.1,TLSv1.2)
Showing custom cipher list:
  DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
  DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
  SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
  ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
  ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
  EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
  EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
  AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
  ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
  ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
  DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

Note that you must configure at least one cipher that is available for your chosen protocol list (i.e. there's no point limiting yourself to ciphers only available with TLSv1.2 if you are not enabling, or will not always connect with, that protocol).

Options

This is a colon-delimited list of Intermapper-specific settings.

Two options are currently available:

• ClientInitiatedRenegotiation — this controls the ability of the client to initiate renegotiation of security settings for the connection. Some scanners regard this as a vulnerability. It is enabled by default.
• CipherServerPreference — in choosing encryption for the connection, normally the client preferences are used. This option allows the server configuration to take preference. It is disabled by default.

The defaults are:

Options "+ClientInitiatedRenegotiation:-CipherServerPreference"

Comparison to Apache Configuration

Security advice available on the web often describes Apache (mod_ssl) configuration directives to mitigate vulnerabilities. Here we discuss how they map to our ssl.conf settings.

SSLProtocol

Quite similar to Protocols, but note:

• we use TLSv1 to indicate all TLSv1.x schemes, rather than just TLSv1.0;
• we have an explicit TLSv1.0 token;
• we delimit elements using ':' rather than space;
• we do not support SSLv2.

SSLCipherSuite

• Identical to Ciphers. This is the OpenSSL cipher list format.

SSLHonorCipherOrder

• This is equivalent to our CipherServerPreference option.

SSLInsecureRenegotiation

• Not supported (i.e. "off").

SSLCompression

• Not supported (i.e. "off"). We disable SSL compression to guard against the CRIME attack.

Log Messages

A few words about some of the new log entries you might see in the various log files.

Intermapper Server

Warning: SSL protocol configuration does not enable TLSv1.0. Connections from Intermapper clients may fail.

In Intermapper 6.2.2 and earlier, our Java UIs (IM Console and IMRA) require TLSv1.0.
Check that it is not disabled in ssl.conf.

SSL library: OpenSSL 1.0.1j 15 Oct 2014
Use Certificate: /C=US/ST=Minnesota/L=Eden Prairie/O=HelpSystems, LLC/OU=Demo Certificate (insecure)/CN=low-security.helpsystems.com/[email protected]
Not Before: Aug 8 14:47:19 2014 GMT, Not After: Aug 8 14:47:19 2015 GMT
SSL server protocols: TLSv1.0 TLSv1.1 TLSv1.2
Using custom SSL server cipher list ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

The above, in the Debug log, is a typical startup sequence. Here we have overridden the default protocols to disable SSLv3, and we have explicitly defined a cipher list.

SSL server preference for cipher selection enabled
SSL client initiated session renegotiation disabled

Here we have reversed the defaults for both supported entries in Options in ssl.conf.

Error setting custom SSL cipher list (invalid ciphers)
Using default SSL server cipher list ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

Indicates that the Ciphers list in ssl.conf was rejected by the underlying SSL support, and the default cipher list was used in place.

09:40:09 SSLError(1) - 336109835 = error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
09:40:09 SSLError(1) - 336027900 = error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
09:40:09 SSLError(1) - 336109761 = error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

These are not new messages, but they show failures by a client to connect to the Intermapper server. In this case it was due to an SSLv3-only client attempting to connect when SSLv3 had been disabled in ssl.conf. Check Protocols and Ciphers in ssl.conf.

16:22:15 SSLError(1) - 336130329 = error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
16:22:15 SSLError(1) - 336027900 = error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Similar to the above. These two together are typical of the case where a client which only supports earlier SSL/TLS protocol versions, attempts to connect to a server where those versions have been disabled in favour of later protocol versions. To fix: re-enable protocols in ssl.conf.

10:07:13 SSL: rejecting client session renegotiation attempt from 127.0.0.1:43552

A client connection has been closed because it attempted to perform session renegotiation, with the ClientInitiatedRenegotiation option disabled in ssl.conf.

Intermapper DataCenter

2014-11-05 09:44:25 INFO Loading SSL configuration from /var/local/Intermapper_Settings/ssl.conf

Indicates that the SSL configuration file ssl.conf has been located and will be loaded.

2014-11-05 09:49:30 WARNING Ignoring unrecognised token MISSPELT in SSL configuration line 25

Indicates an error in the ssl.conf configuration file.

2014-11-05 09:51:01 REASON Technical Information: <class 'OpenSSL.SSL.Error'> [('SSL routines', 'SSL_CTX_set_cipher_list', 'no cipher match')] ['Traceback (most recent call last):\n', ' File "/imdc/main.py", line 404, in \n', ' File "/imdc/server.py", line 209, in __init__\n', ' File "/imdc/server.py", line 366, in loadCertificateServer\n', "Error: [('SSL routines', 'SSL_CTX_set_cipher_list', 'no cipher match')]\n"]
2014-11-05 09:51:01 CRITICAL Sorry, IMDC can't recover from the above problem, and must shut down.

This indicates a more serious problem with ssl.conf. Here, the Ciphers list was rejected by the underlying SSL support services because the list did not resolve to any supported ciphers. Check both Protocols and Ciphers configuration.

2014-11-05 09:44:46 INFO SSL: rejecting client session renegotiation attempt from 10.4.1.129:53421

A client connection has been closed because it attempted to perform session renegotiation, with the ClientInitiatedRenegotiation option disabled in ssl.conf.

Notes For Selected Vulnerabilities

Further information on SSL vulnerabilities may be found at:

  https://www.openssl.org/news/vulnerabilities.html

We now use OpenSSL v1.0.1j in both Intermapper Server and Intermapper DataCenter.

Low Grade Cipher Suites, Encryption Strength

The Intermapper server default is to disallow low grade encryption schemes, through use of "!LOW:!EXP" in the cipher list.

IMDC server uses the OpenSSL default which includes low grade encryption schemes. To upgrade it to the default level of Intermapper server, use the following suggested default in ssl.conf:

Ciphers "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"			

SSLv2 (Multiple)

Not vulnerable as we do not support SSLv2.

POODLE (CVE-2014-3566)

Customers concerned about this vulnerability can address it by disabling SSLv3 in the ssl.conf file, which is the simplest and most compatible fix.

Protocols "ALL:-SSLv3"			

This configuration is compatible with older Intermapper clients — which will continue to use TLSv1.0.

Heartbleed (CVE-2014-0160)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1g.

CCS (CVE-2014-0224)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1h.

Session Renegotiation (CVE-2009-3555)

The version of OpenSSL we now use has support for secure session renegotiation (RFC5746). However, this will not be supported by older clients, and some scanners might complain that client-initiated session renegotiation is supported at all. Such renegotiation may be completely disabled through the following configuration in ssl.conf:

Options "-ClientInitiatedRenegotiation"			

At the time of writing, Intermapper does not require client-initiated session renegotiation, so the feature may be disabled and still preserve compatibility with older Intermapper clients.

CRIME, TLS (CVE-2012-4929)

Not vulnerable as SSL compression is disabled.

BREACH

Not vulnerable as HTTP-level compression is disabled.

BEAST (CVE-2011-3389)

Consider the following opinion:

https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat

It is possible to mitigate this threat by disabling SSLv3 and TLSv1.0. However, our current Java UI clients (IM Console and IM RemoteAccess) require TLSv1.0 support.

There are alternative methods, such as favouring stream ciphers such as RC4, but this is no longer recommended due to vulnerabilities in RC4 schemes.

Weak keying material (CVE-2014-0224)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1g.

DTLS DoS (CVE-2014-0221)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1g.

DTLS fragmentation buffer overrun (CVE-2014-0195)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1g.

ECDH DoS (CVE-2014-3470)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1g.

ECDSA nonce recovery (CVE-2014-0076)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1f.

Buffer release bugs (CVE-2014-0198, CVE-2014-5928)

Not vulnerable as we now use a version of OpenSSL greater than 1.0.1g.