Difference between revisions of "OFTP2 information"

From OS4X
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Logjam ==
 
== Logjam ==
When communicating with an OFTP2 TLS server which is not offering a secure Diffie-Hellman key exchange, the following log message will be displayed if you are using an actual OS4X version:
+
When communicating with an OFTP2 TLS server which is not offering a secure Diffie-Hellman key exchange, the following log message will be displayed if you are using a recent OS4X version:
  
 
[[Image:Google ChromeScreenSnapz111.png]]
 
[[Image:Google ChromeScreenSnapz111.png]]
  
 
=== Why does this happen after updating to a recent version of OS4X?  ===
 
=== Why does this happen after updating to a recent version of OS4X?  ===
The situation has been rised since May 2015, when the Logjam attack became public. As a result, the minimum requirement for Diffie-Hellman keys in the TLS handshake has been rised to 768bits (valid until end-2015) up to 1024bits (since Janiuary 2016).
+
The situation has been rised since May 2015, when the Logjam attack became public. As a result, the minimum requirement for Diffie-Hellman keys in the TLS handshake has been rised to 768bits (valid until end-2015) up to 1024bits (since January 2016).
  
We are very keen about our objective to transmit files securely over the internet, and we cannot leave security behind just for cosmetic reasons. We live online security, so we want that our customers profit from a secure communication product.
+
We are very keen about our objective to transmit files securely over the internet, and we cannot leave security behind just for cosmetic reasons. We live online security, so we want our customers to profit from a secure communication product.
  
 
=== In real-life situation, what is happening here? ===
 
=== In real-life situation, what is happening here? ===
Line 14: Line 14:
 
- or -
 
- or -
 
*Elliptic curve Diffie–Hellman
 
*Elliptic curve Diffie–Hellman
your communication can be hijacked and decrypted offline, so all your information and data is insecure. Have a look at the following map which show the TCP/IP traffic from southern germany to Berlin: it takes a route through the USA.
+
your communication can be hijacked and decrypted offline, so all your information and data is insecure. The following map shows the TCP/IP traffic from southern Germany to Berlin: it takes a route through the USA.
  
 
[[Image:FirefoxScreenSnapz018.png]]
 
[[Image:FirefoxScreenSnapz018.png]]
Line 23: Line 23:
 
There are several ways to overcome this situation:
 
There are several ways to overcome this situation:
  
==== Best solution: your communication partner offers a Diffie-Hellman key in the TLS handshake of appropriate size, actually more than 1024bits. ====
+
==== Best solution: your communication partner offers a Diffie-Hellman key in the TLS handshake of appropriate size, currently more than 1024bits. ====
 
If the remote server uses a Diffie-Hellman key of at least 1024bits in size, you're actually safe and your communication cannot be decrypted as it is possible with a smaller key size. Perhaps the minimum value will rise in the future, so it's best to ask your partner for 1024bit and 2048bit DH keys.
 
If the remote server uses a Diffie-Hellman key of at least 1024bits in size, you're actually safe and your communication cannot be decrypted as it is possible with a smaller key size. Perhaps the minimum value will rise in the future, so it's best to ask your partner for 1024bit and 2048bit DH keys.
  
Line 29: Line 29:
 
The rather new ECDHE ciphers used in TLS sessions are supported by OS4X, so you'll be able to use them with a higher priority if the remote party supports them.
 
The rather new ECDHE ciphers used in TLS sessions are supported by OS4X, so you'll be able to use them with a higher priority if the remote party supports them.
  
==== '''On your own risk''': you disable all ciphers using Diffie-Hellman key exchange. ====
+
==== <u>On your own risk:</u> you disable all ciphers using Diffie-Hellman key exchange. ====
 
Use this option by activating the configuration parameter "Configuration" -> "TLS" -> "[[OS4X_Core_configuration#Allow_insecure_downgrade_of_TLS_cipher.3F|Allow insecure downgrade of TLS cipher]]". You will be asked for the CVE number of the Logjam attack, so you need to learn about this situation in order to better decide if this solution is what you want.
 
Use this option by activating the configuration parameter "Configuration" -> "TLS" -> "[[OS4X_Core_configuration#Allow_insecure_downgrade_of_TLS_cipher.3F|Allow insecure downgrade of TLS cipher]]". You will be asked for the CVE number of the Logjam attack, so you need to learn about this situation in order to better decide if this solution is what you want.
In this case, you disable all DH ciphers in the TLS handshake. A non-suppressable warning message will occur in every created session if a non-ECDHE cipher will be used in these TLS sessions.
+
In this case, you disable all DH ciphers in the TLS handshake. A non-suppressible warning message will occur in every created session if a non-ECDHE cipher will be used in these TLS sessions.
 +
 
 +
==== Seeburger products ====
 +
If your remote partner uses a Seeburger product (which is based on Java), he may disable all Diffie-Hellman ciphers by changing the following variable in his JRE security settings:
 +
jdk.tls.disabledAlgorithms = DHE
  
 
=== External links ===
 
=== External links ===
Line 41: Line 45:
  
 
Additional information is available from these resources:
 
Additional information is available from these resources:
*[https://www.odette.org/news/story/latest-updates-to-the-oftp2-protocol Odette's statement of Q3/2016 about PFS in TLS]
+
*[https://www.odette.org/news/story/latest-updates-to-the-oftp2-protocol Odette's statement of Q3/2015 about PFS in TLS]
 
*[https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ openSSL's fast reaction on the Logjam attack]
 
*[https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ openSSL's fast reaction on the Logjam attack]
 
*[https://www.openssl.org/news/secadv/20160128.txt openSSL's release notes starting with requirements of at least 1024bit DH keys]
 
*[https://www.openssl.org/news/secadv/20160128.txt openSSL's release notes starting with requirements of at least 1024bit DH keys]

Latest revision as of 08:16, 13 November 2017

Logjam

When communicating with an OFTP2 TLS server which is not offering a secure Diffie-Hellman key exchange, the following log message will be displayed if you are using a recent OS4X version:

Google ChromeScreenSnapz111.png

Why does this happen after updating to a recent version of OS4X?

The situation has been rised since May 2015, when the Logjam attack became public. As a result, the minimum requirement for Diffie-Hellman keys in the TLS handshake has been rised to 768bits (valid until end-2015) up to 1024bits (since January 2016).

We are very keen about our objective to transmit files securely over the internet, and we cannot leave security behind just for cosmetic reasons. We live online security, so we want our customers to profit from a secure communication product.

In real-life situation, what is happening here?

If your system does not use a TLS cipher with

  • Diffie-Hellman key exchange with a key size of at least 1024bits

- or -

  • Elliptic curve Diffie–Hellman

your communication can be hijacked and decrypted offline, so all your information and data is insecure. The following map shows the TCP/IP traffic from southern Germany to Berlin: it takes a route through the USA.

FirefoxScreenSnapz018.png

You may check your IP communication with traceroutes, resolve the hop IPs to geolocations and you'll get an impression about where your data packages are hijackable.

Solutions

There are several ways to overcome this situation:

Best solution: your communication partner offers a Diffie-Hellman key in the TLS handshake of appropriate size, currently more than 1024bits.

If the remote server uses a Diffie-Hellman key of at least 1024bits in size, you're actually safe and your communication cannot be decrypted as it is possible with a smaller key size. Perhaps the minimum value will rise in the future, so it's best to ask your partner for 1024bit and 2048bit DH keys.

Your communication partner offers a TLS cipher with Elliptic Curve Diffie-Hellman key exchange, which is not affected by this situation.

The rather new ECDHE ciphers used in TLS sessions are supported by OS4X, so you'll be able to use them with a higher priority if the remote party supports them.

On your own risk: you disable all ciphers using Diffie-Hellman key exchange.

Use this option by activating the configuration parameter "Configuration" -> "TLS" -> "Allow insecure downgrade of TLS cipher". You will be asked for the CVE number of the Logjam attack, so you need to learn about this situation in order to better decide if this solution is what you want. In this case, you disable all DH ciphers in the TLS handshake. A non-suppressible warning message will occur in every created session if a non-ECDHE cipher will be used in these TLS sessions.

Seeburger products

If your remote partner uses a Seeburger product (which is based on Java), he may disable all Diffie-Hellman ciphers by changing the following variable in his JRE security settings:

jdk.tls.disabledAlgorithms = DHE

External links

Our small explaining video is available at Youtube:

The full explanation about this situation is available here:

Additional information is available from these resources:

Some external websites can be used to check if a weak DH key is in use with an OFTP2 server, if it's publically available over the internet, paste in the hostname like "my.oftp2-server.biz:6619":