https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/CONTROLLER-1354 controller <p>Various components of OpenDaylight are affected by the LOGJAM TLS downgrade vulnerability:</p> <p><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000" class="external-link" target="_blank" rel="nofollow noopener">https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000</a></p> <p>Operating System: All<br/> Platform: All</p> CONTROLLER-1354

[SECURITY] LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks CVE-2015-4000

Bug Resolved Done Maros Marsalek David Jorm Wed, 3 Jun 2015 02:59:48 +0000 Mon, 15 Jun 2015 08:15:42 +0000 Mon, 15 Jun 2015 08:15:42 +0000 Lithium karaf 0 5 <p>Looking for various vulnerable components, found these so far:</p> <ul class="alternate" type="square"> <li>PCEP - uses TLS transport option</li> <li>Openflow plugin - uses TLS transport option</li> <li>Jetty - jetty used by RESTCONF or karaf components such as webconsole can use ssl for transport</li> <li>Tomcat - in configuration folder there is a config file for tomcat with SSL enabled by default. This is for AD-SAL ?</li> </ul> <p>Started looking at PCEP and its cipher suits, listing default enabled cipher suits returns following list:</p> <p>ENABLED = [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256<br/> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256<br/> TLS_RSA_WITH_AES_128_CBC_SHA256<br/> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256<br/> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256<br/> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256<br/> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256<br/> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA<br/> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA<br/> TLS_RSA_WITH_AES_128_CBC_SHA<br/> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA<br/> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA<br/> TLS_DHE_RSA_WITH_AES_128_CBC_SHA<br/> TLS_DHE_DSS_WITH_AES_128_CBC_SHA<br/> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA<br/> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA<br/> SSL_RSA_WITH_3DES_EDE_CBC_SHA<br/> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA<br/> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA<br/> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br/> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA<br/> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA<br/> TLS_ECDHE_RSA_WITH_RC4_128_SHA<br/> SSL_RSA_WITH_RC4_128_SHA<br/> TLS_ECDH_ECDSA_WITH_RC4_128_SHA<br/> TLS_ECDH_RSA_WITH_RC4_128_SHA<br/> SSL_RSA_WITH_RC4_128_MD5<br/> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]</p> <p>There is no DHE with EXPORT among them so my question is, how to move on with this. Do we want to review this list and reorder/filter these ciphers and set this new list as enabled ciphers where SSL is used ?</p> <p>This contains RC4 which is banned by RFC7465 <a href="https://tools.ietf.org/html/rfc7465" class="external-link" target="_blank" rel="nofollow noopener">https://tools.ietf.org/html/rfc7465</a></p> <p>It will be good if we can pull crypto initialization into a utility class for all to use. Otherwise when people for example resolve 3554 <a href="https://bugs.opendaylight.org/show_bug.cgi?id=3554" class="external-link" target="_blank" rel="nofollow noopener">https://bugs.opendaylight.org/show_bug.cgi?id=3554</a> they will reintroduce the same problem once more.</p> <p>Yeah, we should provide a utility class for this. We need to find out exactly what will it do. First thing would be to disable RC4 ciphers (similar what patch for 3554 does). It should also disable EXPORT and NULL ciphers. What else ?</p> <p>Also we need to find a place for it somewhere, available for all projects.</p> <p>This would fix the vulnerabilities in the code started components, but we should also modify the xml configs for tomcat and jetty in a similar fashion.</p> <p>My proposal for a common "CryptoUtils" class:</p> <p><a href="https://git.opendaylight.org/gerrit/#/c/21880/" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/#/c/21880/</a></p> <p>Its located in the protocol framework in controller project for now.</p> <p>Adding Robert as a watcher, a testcase to verify his proposed approach will be attached shortly.</p> <p>Attached is a java cipher list example courtesy of Atlassian. </p> <p>If you specify RC4, etc in the disabled cipher list the security.properties they disappear from the list (good).</p> <p>However the actual ciphers involved in Logjam - the export 40 bit ones cannot be removed this way. While in theory that (rather badly documented) property should be able to take f.e. DES keylength &lt; 56 it does not. The cipher stays. Specifying DES40 also does not remove it.</p> <p>So unless I am missing a possible option on how to configure it, this approach does not work (besides it being documented as sun specific and not guaranteed to be supported across the board).</p> <p>Attachment Ciphers.java has been added with description: Java cipher list test courtesy of Atlassian</p> <p>Anton, can you show me the exact settings for <br/> jdk.tls.disabledAlgorithms<br/> jdk.certpath.disabledAlgorithms<br/> that you tested with ?</p> <p>Also, you are mentioning keylength, shouldnt it be keySize ?</p> <p>My final security.properties which seems to yield what we want is:</p> <p>jdk.tls.disabledAlgorithms=EXPORT, RC4, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, anon</p> <p>This works. The problem was that I had it scripted for testing and the -D argument ended up after the java file, not before. As a result the property was not being set. After fixing my testcase it all worked fine (with these settings).</p> <p>It works with OpenJDK, it works with Oracle JDK and it is honoured by IBM (if they ever decide to contribute something). That for me is good enough. We can close this one and leave the relevant settings to the actual packagers.</p> <p>Can we propose a patch which will add these properties to the base karaf-empty (or whichever) distribution, that way they will get picked up by integration as well per-project distros.</p> <p>I can do that tomorrow... if anyone else is interested in taking it, feel free.</p> <p><a href="https://git.opendaylight.org/gerrit/#/c/22261/" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/#/c/22261/</a></p> <p>This commit introduces custom odl.java.security config file and modifies the startup scripts to include this file by default.</p> <p>Thanks for the patch, Maros. It would be great if we can get this merged in time for GA of Lithium.</p> Blocks CONTROLLER-1353 CONTROLLER-1355 OPNFLWPLUG-485 Development External issue ID 3552 External issue URL Issue Type ODL SR Target Milestone Priority Rank 0|i02q1z: