System Configuration - SSL and SSH - SSL - SSL Configuration

MOVEit DMZ uses Microsoft's (FIPS 140-1) SSL libraries when establishing HTTP over SSL and FTP over SSL connections. By default, these libraries allows the negotiated use of three versions of SSL: SSL version 2, SSL version 3 and TLS version 1. (TLS is basically SSL version 4.) Also by default, these libraries allow the client and server to negotiate which symmetric encryption algorithm both sides will use during the SSL session from a list which includes RC4, DES3 and others.

There are three reasons why sites want to change the default behavior.

1. They wish to disable SSL version 2 and/or PCT version 1, which have been shown to be vulnerable to man-in-the-middle attacks. *
2. They wish to only use TLS, the latest incarnation of SSL.
3. They wish to specify the algorithms used to secure data transport, especially in the case where the transport algorithm must adhere to FIPS-140.

* (It is unlikely modern clients would use SSL version 2 or PCT version 1, as most clients tend to try establishing SSL connections with TLS, then SSL3 and finally SSL2 as a fallback. However, the risk of using these protocols is still there if a client can be forced to avoid SSL3 or TLS.)

Everything sites need to change the default behavior of the SSL libraries is covered in this document. It is worth noting here, however, that a system REBOOT is REQUIRED after any SSL change before it will take effect.

Selecting SSL Versions

As per the instructions from Microsoft's Knowledge Base Article #187498 (April 23, 2004), this the proper procedure to disable a particular SSL version.

1. Click the Start menu, point to Run, and type "regedt32" or "regedit" (without the quotation marks) in the Run dialog box.
2. Click OK.
3. In the Registry Editor, locate the appropriate registry key, similar to the following:

   HKey_Local_Machine\System\CurrentControlSet\Control\
   	SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server

   NOTE: The valid names for "Protocol" subkeys are "PCT 1.0", "SSL 2.0", "SSL 3.0" and "TLS 1.0"
4. In the Edit menu, click Add Value.
5. In the Data Type drop-down list, choose REG_BINARY.
6. In the Value Name text box, type "Enabled" (without the quotation marks) and click OK. NOTE: If this value is already present, double click on the value to edit its current value and proceed with step 7.
7. In the Binary Editor, set the new keys value to equal 0 by entering the following string: 00000000.
8. Click OK and then restart the computer.

Selecting SSL Encryption Methods

Microsoft splits the rest of its SSL encryption settings into three different registry subtrees. According to Microsoft's registry settings, the "cipher" is the symmetric encryption algorithm used to transfer data during an SSL session. The "hash" is the one-way encryption algorithm used to provide integrity checks. The "KeyExchangeAlgorithm" is the method used by both client and server to exchange their keys. Also, Microsoft means "SHA-1" when it specifies "SHA" in the registry, not "SHA-0", "SHA-256" or any other SHA variant.

As per the information from Microsoft's Knowledge Base Article #187498 (August 22, 2003), this the proper procedure to disable a particular SSL cipher.

1. Click the Start menu, point to Run, and type "regedt32" or "regedit" (without the quotation marks) in the Run dialog box.
2. Click OK.
3. In the Registry Editor, locate the appropriate registry key, similar to the following:

   HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
   	SecurityProviders\SCHANNEL\ciphers\DES 56/56

   NOTE: The valid names for "SCHANNEL" subkeys are "ciphers", "hashes" and "KeyExchangeAlgorithms"
   The valid names for "cipher" subkeys are "DES 56/56", "NULL", "RC2 128/128", "RC2 40/128", "RC2 56/128", "RC4 128/128", "RC4 40/128", "RC4 56/128", "RC4 64/128" and "Triple DES 168/168"
   The valid names for "hashes" subkeys are "MD5" and "SHA"
   The valid names for "KeyExchangeAlgorithms" subkeys are "PKCS" and "Diffie-Hellman"
4. In the Edit menu, click Add Value.
5. In the Data Type drop-down list, choose REG_BINARY.
6. In the Value Name text box, type "Enabled" (without the quotation marks) and click OK. NOTE: If this value is already present, double click on the value to edit its current value and proceed with step 7.
7. In the Binary Editor, set the new keys value to equal 0 by entering the following string: 00000000.
8. Click OK and then restart the computer.

Also, as per Microsoft's recommendations, it is suggested that ALL "ciphers", "hashes" and "KeyExchangeAlgorithms" keys be DISABLED to achieve alignment with FIPS 140 EXCEPT:

• Ciphers\Triple DES 168/168
• Hashes\SHA
• KeyExchangeAlgorithms\PKCS

How to Test SSL Changes

To test SSL changes, first obtain a copy of OpenSSL. You can get OpenSSL.exe from the OpenSSL Project. Consult the following examples which show how to use this client and understand the information it provides.

(You need to type the commands in purple. Look for the results in green.)

Using OpenSSL to verify SSL 3 is running on a remote server

This test was performed against our moveit.stdnet.com support server. It shows that a connection using SSL version 3, using a negotiated symmetric encryption algorithm called "RC4" and a "hash" algorithm called "MD5".

D:\OSOmissions>openssl s_client -connect moveit.stdnet.com:443 -ssl3
Loading 'screen' into random state - done
CONNECTED(000002AC)
depth=0 /C=US/ST=Wisconsin/L=Madison/O=Standard Networks/OU=MOVEit Site/CN=movei
t.stdnet.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Wisconsin/L=Madison/O=Standard Networks/OU=MOVEit Site/CN=movei
t.stdnet.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Wisconsin/L=Madison/O=Standard Networks/OU=MOVEit Site/CN=movei
t.stdnet.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Wisconsin/L=Madison/O=Standard Networks/OU=MOVEit Site/CN=moveit.s
tdnet.com
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification S
ervices Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAk2gAwIBAgIDCeniMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMzAx
MTQxOTI0MDlaFw0wNTAyMDcyMjA0MThaMIGBMQswCQYDVQQGEwJVUzESMBAGA1UE
CBMJV2lzY29uc2luMRAwDgYDVQQHEwdNYWRpc29uMRowGAYDVQQKExFTdGFuZGFy
ZCBOZXR3b3JrczEUMBIGA1UECxMLTU9WRWl0IFNpdGUxGjAYBgNVBAMTEW1vdmVp
dC5zdGRuZXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCncZmY8wgl
6avPENjI3b7CDrIBVVYlBXs8eA+dZGXBQ6NfS2pP3bAG2Mi4atFp49EY4WKwz/CV
tyrPeTdyZOxkuIZkiC5wH+iAFJg3J6DwpzkkVPMI4lXxiOnd6cke4ZZupwUPR/4R
w/CW2WWClQlELxv2FgOzEkqFPazzpMEWcQIDAQABoyUwIzATBgNVHSUEDDAKBggr
BgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAK7JtOFt5fW3
fEBc14waYvuzKVTSh+zBuskRSVt3C4uUtxLqMBbswUmx3n29TpHInmNoL+iXZJz2
IZEaGkMwLMXJxB0MwD19mlrK9EhZDAOI9ZUNWnZ+1gWep4SpFODFP7UOSzuU0s1z
34xKpkqtN3nzR5iRkSEZU7nxPyl29CM0
-----END CERTIFICATE-----
subject=/C=US/ST=Wisconsin/L=Madison/O=Standard Networks/OU=MOVEit Site/CN=movei
t.stdnet.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification
 Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 904 bytes and written 304 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5
    Session-ID: F50400000B9D20B4B6D0605AE6BE88573A3A4D7503D861281CF0691B0FDAFC62

    Session-ID-ctx:
    Master-Key: B556889277515F16889D048A003B1C827BF0F7DF01E2EAEEE7BD45F518912B24
F1FE19762809BA770E215C8FFA99C330
    Key-Arg   : None
    Start Time: 1075827324
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
(ctrl+c)
DONE

Using OpenSSL to verify SSL 3 is NOT running on a remote server

(This test was performed against an internal IIS server after SSL3 was manually disabled.)

D:\OSOmissions>openssl s_client -connect localhost:443 -ssl3
Loading 'screen' into random state - done
CONNECTED(000002AC)
1484:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:./ssl/s3
_pkt.c:529:

Logging SSL Connection Events and Errors to the Event Log

By default, Microsoft SSL only logs serious SSL connection errors to the event log. However, you can change the level of SSL connection information logged here by making a Windows registry change. First, make sure the following REG_DWORD registry entry exists. (Add it if it does not.)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
               SecurityProviders\SCHANNEL\EventLogging

One of the following values should be used in this field.

• 0 - No logging.
• 1 - Errors only. (Default)
• 3 - Errors and warnings.
• 7 - Errors, warnings and informational messages (e.g., every connection).

You will need to restart your computer for this value to take effect. More information can be found on Microsoft's Support site under the "How to enable schannel event logging" topic (#260729)