Best Practice TLS for IBM Domino

Best Practice Transport Layer Security
(TLS) for IBM Domino using TLS 1.2
Jared Roberts | Senior Consultant
primaxis.com.au

June 11th & 12th, Melbourne, AustraliaMeet.Share.Learn.Connect @AusLUG #@Inform2015
• This presentation represents my individual experiences, thoughts and opinions
and do not represent of the views of my employer, Inform2016, AusLUG, IBM,
IBM Business Partners or any other organisation or entity.
• This presentation may contain the following copyrighted, trademarked, and/or
restricted terms:
• I (most likely) don’t know more about stuff than you do…. feel free to call me out on
errors in my presentation & publicly humiliate me as you see fit.
Disclaimer
• IBM® Notes®
• IBM® Domino®
• IBM® Connections
• IBM® WebSphere®
• IBM® DB2
• IBM® AIX®
• Tivoli®
• Linux®
• Java®
• Microsoft®
• Windows®
• Red Hat®
• Skype®
• Twitter®
• Facebook®

March 10th & 11th, Sydney, AustraliaMeet.Share.Learn.Connect @AusLUG #@Inform2016
Speaker
Jared Roberts ● Senior Consultant – Primaxis
• From Melbourne
• 11-year rookie in IBM Collaboration Software
• Admin of many of the things we are here talking
about
• I’m a fan of “The User”
• Business analysis, presales, consulting, security
audits, design & delivery of Domino, Notes,
Sametime, Traveler, Connections, TDI, SoftLayer
and all the related bits they interact with
• Remarkably average but adequate and often
completely useless developer
• Drummer in Desecrator (the best band you’ve never heard of)

SSL/TLS - Who Cares right?

SSL/TLS - Who Cares right?
• Encryption in not a ‘nice to have’ – it’s an absolute MUST
• Data can be intercepted while being transferred between clients
and servers, or between servers ie:
– Email
– Payment Information
– Credentials
• Now seeing the deprecation/planned deprecation of SSLv3 and
SHA1 support in Browsers
– IE (Jan 2017, code-signing Jan 2016)
– Chrome (Jan 2017, version and cert date conditional)
– FireFox (Jan 2017, phased)
– Safari (same?)

Encryption
what is encryption?
• The most effective way to achieve ‘data security’
– process of encoding information so only authorised parties can read it
– data is ‘unrecognisable’ or unreadable unless you have the ‘key’ to decrypt it
– does not prevent interception
what are SSL certificates?
• Small digital files that that authenticate the identity of a website
and encrypt information
• Binds the ‘key’ to the organisation’s details

SSL Certificate
• An SSL certificate holds the following info:
– The certificate holder's name
– The certificate's serial number and expiration date
– A copy of the certificate holder's public key
– The digital signature of the certificate-issuing authority

Acronyms!!!
SSL
• Secure Sockets Layer
• A cryptographic protocol designed to provide communications
security over a computer network
• 3 versions (version 1.0 never publicly released) all of which are
now deprecated and considered insecure
– SSLv1.0
– SSLv2.0
– SSLv3.0
• POODLE exploit was the nail in the coffin for SSLv3
– replaced by TLS

Acronyms!!!
TLS
• Transport Layer Security
• A cryptographic protocol same as SSL. It’s actually SSL’s
‘successor’
– SSLv3.1 but was renamed to reflect open standard
• 3 versions
– TLS1.0 (considered insecure due to ability to downgrade to SSLv3*)
– TLS1.1
– TLS1.2
• Updated constantly as required
– version 1.3 in Draft now

Acronyms!!!
HTTPS
• Method for secure communication over HyperText Transfer
Protocol (HTTP)
• Often referred to as HTTP Secure, HTTP over TLS/SSL
• Data transferred over HTTPS provides:
– bidirectional encryption of data in transit
– with correct implementation can protect against MIM attacks*, and a
level of confidence that you’re connecting with who you think you are
connecting to!

Acronyms!!!
SHA1
• Cryptographic hash function traditionally used in most SSL
certificates
• Widely used in many protocols (TLS and SSL, PGP, SSH, S/MIME, and IPsec)
• M$, G00gle and Mozilla have announced deprecation plans
SHA2
• Family of cryptographic hash functions
• An updated version of SHA1
– SHA1 found to be more insecure
• 6 hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256)

Acronyms!!!
AES
• Advanced Encryption Standard
• Based on “Rijndael” cipher family - widely used as government
standard
• Supersedes DES (Data Encryption Standard) which is now
vulnerable to brute force attack
Ciphers
• Algorithm for performing encryption and decryption
• Work on blocks of symbols usually of a fixed size (block ciphers),
or on a continuous stream of symbols (stream ciphers)

What happened and keeps
happening…
Man In The Middle Attack (MIM, MITM)

happening…
Man In The Middle Attack (MIM, MITM)
• A type of attack where the attacker secretly intercepts, relays and
possibly alters communication between two parties who believe
they are directly communicating with each other

happening…
POODLE
• “Padding Oracle On Downgraded Legacy Encryption”
• An exploit that allowed attackers to trick a session to use SSL
rather than TLS then during that session use a design flaw in SSL
3.0 to snoop on the session
What it did
• It allowed attackers to perform a man in the middle attack
How it was stopped
• We all turned off SSLv3 on the servers (then users screamed at us and
the browser war escalated)

happening…
SLOTH
• “Security Loss due to the use of Obsolete and Truncated Hash
constructions”
• SLOTH relies on the ability to exploit older hash techniques
• If the hash technique isn’t sophisticated enough a “collision” of a
hash for two different messages can be generated
• OpenSSL 1.0.1.e and earlier are affected
• Any servers using TLS 1.2 and MD5 encryption are affected

happening…
FREAK
• “Factoring RSA Export Keys”
• A vulnerability cased by the growth of cheap computing power
• A "512-bit export-grade key“ now be broken with a bit of math's
called the "Number Field Sieve algorithm"* and about ~ $150 of
cloud computing
What it did
• Allowed the attacker to perform a man in the middle attack
How it was stopped
• Disabled "TLS export cipher suites" either by updating browsers,
disabling the feature in servers or updating libraries that used
them

happening…
HEARTBLEED
A "buffer over-read" vulnerability in the TLS heartbeat extension of
OpenSSL caused by a missing input validation check
What it did
• Allowed an attacker to read up to 64 kilobytes of the servers active
memory for each attack, memory that was very likely to contain
secure information
How it was stopped
• Updated all clients/servers to a patched version of OpenSSL
• Reissued all certificates where there was any chance they could
have been compromised

happening…
• BEAST
• LOGJAM
• CRIME
• BREACH
• DROWN
• BERSERK
• KOMODIA
• …......more

Creating a Certificate
CERTIFICATE STRUCTURE
• Certificate Authority (CA)
• Private Key
• Trusted Roots (root and intermediate certificates)
• To generate a certificate and key store
– key file
– certificate request with the details of your certificate
– trusted roots and intermediates (or your CA)
– signed certificate from your CA

The key – creating the identity

TLS Handshake - validation
• How validation works (the TLS handshake)

TLS Handshake - validation

Structure of Certificates
• Personal Information Exchange Format (PKCS#12)
– .pfx
– .p12
• Cryptographic Message Syntax Standard (PKCS#7)
– .p7b
– .p7r
• Base64-encoded X.509
– .cer
– .crt
• DER-encoded binary X.509
– .cer
– .crt
– .der
• Privacy-enhanced Electronic Mail
– .pem
• Certificate Signing Request
– .csr
• OpenSSL can convert most certificate forms to most other forms
Certificate formats

SHA2 - Getting it done in Domino
What you need:
• OpenSSL
– An open source library of SSL and TLS cryptography
– Available for most platforms
– Developed and managed by https://www.openssl.org
– Create, convert & extract certificates and keystores
• Domino KYR Tool
– Tool to create SHA2 key stores for Domino
• Certificate Signing Authority

Creating a SHA2 Certificate in Domino
• SHA2 Support introduced in 2015
• Domino must be 9.0.1 FP3 or higher
• Notes must be 9.0.1 FP3 or higher

Installing OpenSSL
• Shining Light Productions download
– https://slproweb.com/download/Win64OpenSSL_Light-1_0_2g.exe
• Available for most platforms
• Only need the Lite version for this application

Installing OpenSSL

• Firstly decide on the key size
– May be decided by business or legal requirements
– Larger the better – harder to decrypt
– Not all systems support larger key sizes
• Set the OPEN_SSL_Conf environment variable (Windows only)
– Set OpenSSL_Conf=c:opensslopenssl.cfg

• Verify the file has been created

• Create a key of length 4096*
– openssl genrsa –out pmxsrver.key 4096

• Create a Certificate Signing Request (CSR)
• You send this to your Certificate Authority (CA)
– either on-premise or purchase
• The CSR is checked and verified the the CA.
• Any errors – you can recreate the request

• openssl req -new -sha256 –key pmxserver.key –out pmxserver.csr

• Send to the signing fairies
– Company CA
– Third Party CA (VeriSign, Symantec, GeoTrust, RapidSSL)

• Domino KYR Files
– Traditionally used the Server Certificate Admin application (certsrv.nsf)
– Certsrv.nsf not used any more
– Domino KYR Tool (must be 9.0.1 FP2 IF1 and above)
– Creates a SHA2 keystore that is recognised by Domino
• Download the KYR Tool from Fix Central
– http://ibm.co/1SAYX5E
• Unpack & place kyrtool.exe in Notes/Domino Program directory
• **opinion**
Please don’t run the kyrtool on your Domino server – use a Notes client !

• Create the KYR keystore
– kyrtool create -k c:IBMNotesdatapmxwildserver.kyr -p somethingstrongplease

• This will create 2 files
– Domino KYR key store (.kyr)
– Key store password stash file (.sth)

• Collect your files
– Server Private Key
– Server Certificate Request
– Server Certificate (signed and returned to you by CA)
– Root and Intermediate certificates
– Key store file and stash file
• Root and Intermediate certs – order matters

• Now need to install all of the root, intermediate, server and keys
into the key store.
• 2 options
– Use OpenSSL to merge the roots, inters, server certs and keys into
one text file before importing into the KYR file
– Import the certificates individually

Import using combined file
• concatenate all certificates to a text file
– type pmxserver.key pmxserver.crt intermediate1.crt intermediate2.crt root.crt >
pmxallcerts.txt

• Verify the certificate chain
– kyrtool verify C:TLSpmxallcerts.txt
Successfully read 4096 bit RSA private key
INFO: Successfully read 4 certificates
INFO: Private key matches leaf certificate
INFO: IssuerName of cert 0 matches the SubjectName of cert 1

• Import the text file to the KYR
– kyrtool import all -k C:TLSpmxwildserver.kyr -i C:TLSpmxallcerts.txt

Import individually
• Issue series of import commands to merge the root, intermediates,
server cert and server key into the key ring file
– kyrtool import roots -i C:TLSGeoTrust_Global_CA.cer -k C:TLSpmxwildserver.kyr
– kyrtool import roots -i C:TLSintermediate1.txt -k C:TLSpmxwildserver.kyr
– kyrtool import roots -i C:TLSintermediate2.txt -k C:TLSpmxwildserver.kyr
– kyrtool import keys -i C:TLSpmxserver.key -k C:TLSpmxwildserver.kyr
– kyrtool import certs -i C:TLSpmxcert.crt -k C:TLSpmxwildserver.kyr

• Verify! Verify!
– kyrtool show keys -k C:TLSpmxwildserver.kyr
– kyrtool show certs -k C:TLSpmxwildserver.kyr

SHA2 - Using it in Domino
• Install to servers & configure internet site documents
• Can be used in the following:
– ANY web site (iNotes, apps, etc)
– Traveler
– S/MIME (encrypted mail)
– Mail Protocols (SMTP, IMAP, POP3)
– LDAP
– DIIOP (must have 9.0.1 FP5)

Best Practice
• Disable SSLv3
– Notes.ini - DISABLE_SSLV3=1
• Disable TLS1.0 (if required)
– Notes.ini - SSL_DISABLE_TLS_10
• Cipher configuration...

Ciphers – what are they again?
• Algorithm for performing encryption and decryption
• Combination of authentication, encryption, message
authentication code (MAC) and key exchange algorithms used
to negotiate the security settings for a network connection

Ciphers
• TLS delivered as IF prevented updates to Admin client
• Cipher configuration via UI no longer used
• Notes.ini parameter SSLCipherSpec to control ciphers
– example: SSLCipherSpec=C030009F009D

RSA_WITH_AES_256_GCM_SHA384 (009D)
RSA_WITH_AES_128_GCM_SHA256 (009C)
RSA_WITH_AES_256_CBC_SHA256 (003D)
RSA_WITH_AES_256_CBC_SHA (0035)
RSA_WITH_AES_128_CBC_SHA256 (003C)
RSA_WITH_AES_128_CBC_SHA (002F)
RSA_WITH_3DES_EDE_CBC_SHA (000A)
RSA_WITH_RC4_128_SHA (0005)
ECDHE_RSA_WITH_AES_256_GCM_SHA384 (C030)
DHE_RSA_WITH_AES_256_GCM_SHA384 (009F)
ECDHE_RSA_WITH_AES_128_GCM_SHA256 (C02F)
DHE_RSA_WITH_AES_128_GCM_SHA256 (009E)
ECDHE_RSA_WITH_AES_256_CBC_SHA384 (C028)
DHE_RSA_WITH_AES_256_CBC_SHA256 (006B)
ECDHE_RSA_WITH_AES_256_CBC_SHA (C014)
DHE_RSA_WITH_AES_256_CBC_SHA (0039)
ECDHE_RSA_WITH_AES_128_CBC_SHA256 (C027)
DHE_RSA_WITH_AES_128_CBC_SHA256 (0067)
ECDHE_RSA_WITH_AES_128_CBC_SHA (C013)
Cipher List – TLS1.2

Transferrable to WebSphere?
• A 4096 certificate can generate an error when attempting to add to
WebSphere
• “RSA premaster secret” error
• You need to add the unrestricted policy files to WebSphere for the
4096 certificate length to be imported
- ibm.co/1JZGs3z

• OpenSSL
– use to create p12/jks keystore and import cert & private key
• IBM HTTP Server
– open existing kdb key store and import from p12
• Make sure your roots and intermediate certs are up to date!

• Mail, Traveler, Connections, Sametime all using same certificate

Development
• Where possible – try and implement production certificates into
the development environment
• If not possible – create a self-signed certificate with the same
parameters
• Keep documentation up to date!

SSL Labs test

Summary
• Hackers across the internet are working around the clock to bust
encryption
• Every week there are vulnerabilities discovered
• You need to understand where the vulnerabilities are, how to
watch for them and how to protect against them

THANK YOU !!
http://auslug.org/survey2016

Resources
• https://www-10.lotus.com/ldd/dominowiki.nsf/dx/3rd_Party_SHA-2_with_OpenSSL_and_kyrtool
• https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_1.2
• http://www.slideshare.net/gabturtle/1086-the-ssl-problem-and-how-to-deploy-sha2-certificates-with-
mark-myers?ref=http://turtleblog.info/
• http://www-10.lotus.com/ldd/dominowiki.nsf
• http://wikipedia.org/

Best Practice TLS for IBM Domino

More Related Content

What's hot

Viewers also liked

Similar to Best Practice TLS for IBM Domino

Recently uploaded

In this document

Best Practice TLS for IBM Domino