How To
Archived

FREAK SSL/TLS Vulnerability and OpenDJ

Last updated Jan 5, 2021

The purpose of this article is to provide information on protecting OpenDJ from the FREAK (Factoring Attack on RSA-EXPORT Keys) or CVE-2015-0204 SSL/TLS Vulnerability. This vulnerability may affect you if you have configured OpenDJ to use SSL and accept secure connections from LDAP clients (LDAPS).


Archived

This article has been archived and is no longer maintained by ForgeRock.

Background

The FREAK vulnerability is based on the weak SSL cipher configuration on the server side (where the server accepts RSA_EXPORT cipher suites) and a client which uses older OpenSSL versions (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k); see Vulnerability Summary for CVE-2015-0204 for further information. However, OpenDJ does not use OpenSSL (or any other OS security libraries) in any way.

OpenDJ uses the SSL implementation provided by the JVM and uses all the ciphers supported by the JVM by default. This issue is fixed in the following JVM versions:

  • JDK 8 - fixed version is jdk8u40
  • JDK 7 - fixed version is jdk7u76

Protecting OpenDJ

There are  a number of things you can do to protect OpenDJ from the FREAK SSL/TLS Vulnerability:

  • Upgrade your JVM. You should preferably upgrade to the latest version, but you must have one of the following versions at a minimum to ensure your JVM contains the Oracle® security fixes: 7u76 or 8u40.
  • Install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files that are applicable to your version of the JVM. These jars can be downloaded from the following link for Java 8 and earlier: Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download.
  • Restrict the allowed cipher suites with the dsconfig command. For example: $ ./dsconfig set-connection-handler-prop --hostname ds1.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --handler-name [handler_name] --add ssl-cipher-suite:[cipher_suite] --trustAll

See How do I prevent the use of weak SSL cipher suites on the DS (All versions) replication port? and How do I prevent the use of weak SSL cipher suites on the DS (All versions) administration port? for further information on preventing the use of weak cipher suites.

Example

This example configures the LDAP Connection Handler, LDAPS Connection Handler and the Admin Connector to only use the TLS_RSA_WITH_AES_256_CBC_SHA cipher. 

Remember that OpenDJ only exposes the ciphers available from your JVM. This process configures the instance to only use those ciphers you wish OpenDJ to expose; ciphers are not removed from the JVM.

  1. Start with a new OpenDJ instance with the default ciphers exposed by the JVM. In this case, there are 18 ciphers with this JVM: LDAP Ciphers (port 389) $ ./ldapsearch --port 389 --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers dn: supportedTLSCiphers: TLS_RSA_WITH_AES_256_CBC_SHA256 supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 supportedTLSCiphers: TLS_RSA_WITH_AES_256_CBC_SHA supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHA supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_256_CBC_SHA supportedTLSCiphers: TLS_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA supportedTLSCiphers: SSL_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_RSA_WITH_RC4_128_SHA supportedTLSCiphers: SSL_RSA_WITH_RC4_128_MD5 supportedTLSCiphers: TLS_EMPTY_RENEGOTIATION_INFO_SCSV LDAPS Ciphers (port 636) $ ./ldapsearch --port 636 --useSSL --trustAll --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers dn: supportedTLSCiphers: TLS_RSA_WITH_AES_256_CBC_SHA256 supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 supportedTLSCiphers: TLS_RSA_WITH_AES_256_CBC_SHA supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHA supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_256_CBC_SHA supportedTLSCiphers: TLS_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA supportedTLSCiphers: SSL_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_RSA_WITH_RC4_128_SHA supportedTLSCiphers: SSL_RSA_WITH_RC4_128_MD5 supportedTLSCiphers: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
  2. Now let's configure the instance to only use the TLS_RSA_WITH_AES_256_CBC_SHA cipher using the dsconfig commands, for example:
    • LDAP Connection Handler: $ ./dsconfig set-connection-handler-prop --hostname ds1.example.com --port 4444 --handler-name "LDAP Connection Handler" --bindDN "cn=Directory Manager" --bindPassword password --add "ssl-cipher-suite:TLS_RSA_WITH_AES_256_CBC_SHA" --trustAll --no-prompt
    • LDAPS Connection Handler: $ ./dsconfig set-connection-handler-prop --hostname ds1.example.com --port 4444 --handler-name "LDAPS Connection Handler" --bindDN "cn=Directory Manager" --bindPassword password --add "ssl-cipher-suite:TLS_RSA_WITH_AES_256_CBC_SHA" --trustAll --no-prompt
    • Admin Connector: $ ./dsconfig set-administration-connector-prop --hostname rep1.forgerock.com --port4444 --bindDN "cn=Directory Manager" --bindPassword password --set ssl-cipher-suite:TLS_RSA_WITH_AES_256_CBC_SHA --trustAll --no-prompt
  3. Restart the instance.
  4. Finally, let's re-check the ciphers that are exposed after these changes: LDAPS Ciphers (port 389) $ ./ldapsearch --port 389 --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers dn: supportedTLSCiphers: TLS_RSA_WITH_AES_256_CBC_SHA LDAPS Ciphers (port 636) $ ./ldapsearch --port 636 --useSSL --trustAll --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers dn: supportedTLSCiphers: TLS_RSA_WITH_AES_256_CBC_SHA As you can see, there is only one cipher now.
Note

If you install a new instance on this server, it will use all ciphers available from the JVM and you will need to complete this process again for the new instance.

See Also

Invalid Padding length error when attempting to connect to DS 5 or OpenDJ 3.x via LDAPS

POODLE SSL Vulnerability and OpenDJ

SSL in DS

Vulnerability Summary for CVE-2015-0204

Oracle Critical Patch Update Advisory - April 2015

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.