Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)

Summary

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS).

Vulnerability Details

CVE-ID: CVE-2014-3566 **
DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3

IBM Security Directory Server 6.3.1, 6.4

IBM Security Directory Suite 8.0.1

Remediation/Fixes

Insure that the version listed below is installed on the system.

Product Version

| Fix level
—|—
IBM Security Directory Suite 8.0.1| 8.0.1.0 (GA level)
IBM Security Directory Server 6.4| 6.4.0.0 (GA level)
IBM Security Directory Server 6.3.1| 6.3.1.8-ISS-ISDS-IF0008
Tivoli Directory Server 6.3| 6.3.0.34-ISS-ITDS-IF0034
Tivoli Directory Server 6.2| 6.2.0.41-ISS-ITDS-IF0041
Tivoli Directory Server 6.1| 6.1.0.65-ISS-ITDS-IF0065
Tivoli Directory Server 6.0| 6.0.0.73-ISS-ITDS-IF0073

Notes:

1. Though the above Fix levels provide necessary functionality to disable SSLv3, its important to use the latest recommended fix level of SDS/TDS 6.x or SDS 8.0.1. So based on your SDS / TDS version download the latest recommended fix level and install the same along with the latest related products.

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.

There are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers)

For TDS or SDS LDAP Servers:

TDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the server by adding the following line to the “cn=Front End, cn=Configuration” entry of the ibmslapd.conf file:

ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10

TDS version 6.3.0.34: SSLV3 can be directly disabled in the server by adding the following line to the “cn=Front End, cn=Configuration” entry of the ibmslapd.conf file:

ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10,TLS11,TLS12

SDS version 8.0.1., 6.4.0. and 6.3.1.8 (and later fix levels): SSLV3 can be directly disabled in the server by adding the following lines to the “cn=SSL, cn=Configuration” entry of the ibmslapd.conf file. Make sure that “ibm-slapdSecurityProtocol: SSLV3” is NOT present.

ibm-slapdSecurityProtocol: TLS10
ibm-slapdSecurityProtocol: TLS11
ibm-slapdSecurityProtocol: TLS12

For TDS or SDS LDAP clients:

TDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.

export LDAP_OPT_SECURITY_PROTOCOL=TLS10

TDS version 6.3.0.34: SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.

export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12

SDS version 8.0.1., 6.4.0. and 6.3.1.8 (and later fix levels) : SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries.

export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12

Workarounds and Mitigations

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.

There are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers)

NOTE: It is strongly recommended that you maintain the latest fix level of both the directory server and GSKit to be sure that you have fixes for all known vulnerabilities and defects as part of your overall security strategy. The latest available fix levels are documented in the technote Fixes by version for IBM Security Directory Server - v.r.m.f levels and build dates

For TDS or SDS LDAP Servers 8.0.1, 6.4 and 6.3.1.8 (and later fix levels):

A) Disable SSLv3 protocol

Enabling FIPS mode will disable SSLv3 on all versions of TDS/SDS. This can be done by setting the following options in the dn: cn=SSL, cn=Configuration entry of ibmslapd.conf and restarting the server:
ibm-slapdSslFIPSModeEnabled: true
ibm-slapdSslFIPSProcessingMode: true
Note: FIPS mode restricts the allowable ciphers for TLS 1.0 to AES (35), AES-128 (2F), and TripleDES-168 (0A). These should be enabled by default, but if you’ve disabled them, then TLS 1.0 connections will be rejected:
ibm-slapdSslCipherSpec: AES
ibm-slapdSslCipherSpec: AES-128
ibm-slapdSslCipherSpec: TripleDES-168
B) Enable TLS 1.2 and 1.1

TLS 1.0 is enabled by default. TLS 1.2 and 1.1 are only supported on TDS 6.3.0.17 or later, or SDS 6.3.1.0 or later (see note section at bottom), SDS 6.4.0.0 or later and SDS 8.0.1.0 or later. You can enable or disable specific protocols using the ibm-slapdSecurityProtocol attribute of the cn=SSL, cn=Configuration entry in ibmslapd.conf:
# ibm-slapdSecurityProtocol: SSLV3 <- (disable this, enable the rest)
ibm-slapdSecurityProtocol: TLS10
ibm-slapdSecurityProtocol: TLS11
ibm-slapdSecurityProtocol: TLS12
For TLS 1.2 to work, you may add one or more of the following TLS 1.2 ciphers to the cn=SSL, cn=Configuration entry of ibmslapd.conf and restart the server, If none of the TLS 1.2 ciphers are present, then SDS/TDS will initialize a default set of TLS 1.2 ciphers:
# ciphers supported in FIPS mode and used by TDS client
ibm-slapdSslCipherSpec: TLS_RSA_WITH_3DES_EDE_CBC_SHA
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_GCM_SHA256
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_GCM_SHA384
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# ciphers supported in FIPS mode but NOT used by TDS client
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
For TDS or SDS LDAP clients:

Enabling FIPS mode in client applications will also disable SSLv3 the same as on the server. The command line clients which ship with TDS and SDS use the ‘-x’ command line option to enable FIPS mode. However, there is no environment variable to directly control this in the ldap client libraries. FIPS mode can only be enabled by calling the C client API ldap_ssl_set_fips_mode_np(). Third party applications will have different ways to expose this feature (if at all).

If you’re using TDS 6.3.0.17 or later clients (see note section at bottom), you can set the environment variable LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12 to disable SSLV3. But this option is not supported on TDS 6.2 or earlier. And like FIPS mode, it is only recognized by TDS or SDS client applications, not directly by the ldap client libraries. Third party applications will have different ways to expose this feature (if at all).
Web Administration Tool:

To disable SSLV3 in the web administratio tool and the embedded Websphere Application Server (eWAS) included with TDS, please see technote #1694300: Disabling SSLv3 for Directory Server Web Admin Tool. at <http://www.ibm.com/support/docview.wss?uid=swg21694300&gt;

Iinformation on disabling SSLV3 in the full Websphere Application Server (WAS) can be found at http://www.ibm.com/support/docview.wss?uid=swg21687173

Support for TLS 1.0 was added to webadmin version 6.2.0.22 with APAR IO15734, and 6.3.0.11 with APAR IO16024. The webadmin tool for TDS 6.1 and earlier does not support TLS.
HTTP clients (web browsers):

Please refer to the documentation from your browser vendor:

Internet Explorer: <https://technet.microsoft.com/en-us/library/security/3009008.aspx&gt;
FireFox: <http://kb.mozillazine.org/Security.tls.version.*&gt;
Chrome: <http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html&gt;
NOTE:

More detailed documentation of TLS 1.2 support and configuration refer “Support for NIST SP 800-131A” section in the following documentation links.
* TDS 6.3.0.17 and later: Tivoli Directory Server support for NIST SP 800-131A
* SDS 6.3.1: http://www.ibm.com/support/knowledgecenter/SSVJJU_6.3.1.5/com.ibm.IBMDS.doc_6.3.1.5/ds_ag_srv_adm_secure_dir_comm.html
* SDS 6.4: <https://www.ibm.com/support/knowledgecenter/SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_secure_dir_comm.html&gt;
* SDS 8.0.1: <https://www.ibm.com/support/knowledgecenter/SS3Q78_8.0.1/com.ibm.IBMDS.doc_8.0.1/ds_ag_srv_adm_secure_dir_comm.html&gt;