Junction SSL Debugging With Wireshark

Size: px

Start display at page:

Download "Junction SSL Debugging With Wireshark"

Benjamin Maximilian Holland
5 years ago
Views:

Junction SSL Debugging With Wireshark IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio

For more information, visit: http://ibm.

1 Junction SSL Debugging With Wireshark IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu option. To ask a question by voice, you must either Call In or have a microphone on your device. You will not hear sound until the host opens the audio line. For more information, visit: 19 September 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING THE CALL, AS WELL AS TO IBM S USE OF SUCH RECORDING IN ANY AND ALL MEDIA, INCLUDING FOR VIDEO POSTINGS ON YOUTUBE. IF YOU OBJECT, PLEASE DO NOT CONNECT TO THIS CALL.

2 Junction SSL Debugging With Wireshark OAUTH 2.0 Jack Yarborough IBM Security L2 Support Nick Lloyd IBM Security L2 Support September19, 2017

3 Agenda Obtaining Wireshark Overview of TLS handshake Common issues What do they look like in Wireshark 3 IBM Security

4 Obtaining Wireshark Is it safe? Yes, it has become the de-facto Industry standard for TCP trace analysis. How much does it cost? Nothing, it is free to download and use. Why is it free if it is so good? You will see at the site various upsells and they have a sponsor which offers commercial services related to networking. 4 IBM Security

TLS Handshake Overview TLS Client Hello - Can be version SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.

5 TLS Handshake Overview TLS Client Hello - Can be version SSL 3.0, TLS 1.0, TLS 1.1, TLS Includes list of Ciphers it can use - Includes Extensions - May include SSL Session ID (if resuming) TLS Server Hello - Includes Certificate Public Key - Includes the desired Cipher - Includes Key Exchange - May include request for certificate (Mutual SSL) The TLS Client and Server negotiate which Cipher to use based on the Client s presented list of Ciphers and the Server s Cipher preference. The Client and Server then will negotiate the encryption keys and the Client will receive an SSL Session afterwards (which can be used to perform an abbreviated Handshake later) 5 IBM Security

Completed TLS Handshake From the above Wireshark snippet you can see the following : 1) The socket is initiated with the TCP Handshake ([SYN] -> [SYN,ACK] ->[ACK]) 2) The Client then sends a Client

6 Completed TLS Handshake From the above Wireshark snippet you can see the following : 1) The socket is initiated with the TCP Handshake ([SYN] -> [SYN,ACK] ->[ACK]) 2) The Client then sends a Client Hello 3) The Server Responds with the Server Hello, in addition to Certificate and Server Hello Done 4) The Client Responds with the Client Key Exchange, Change Cipher Spec and Encrypted Message 5) The Server Responds with Change Cipher Spec, Encrypted Handshake Message 6) The TLS Handshake Completes and the server sends Application Data which is encrypted data 6 IBM Security

TLS Client Hello Version Information The TLS Client Hello has two versions : a) The Record Layer itself has a version b) The Client Hello has a version A mismatch in

7 TLS Client Hello Version Information The TLS Client Hello has two versions : a) The Record Layer itself has a version b) The Client Hello has a version A mismatch in versions will normally not cause an issue (NIST/FIPS servers may have issues). You can understand the effective version to be the Handshake Type version 7 IBM Security

TLS Client Hello Cipher Suites 8 IBM Security Above is a partial list of Ciphers that the Client has sent to the server. As per RFC 5246 Section 7.4.1.

8 TLS Client Hello Cipher Suites 8 IBM Security Above is a partial list of Ciphers that the Client has sent to the server. As per RFC 5246 Section : This is a list of the cryptographic options supported by the client, with the client's first preference first. *Refer to our Reference slide for applicable technotes in setting Client Ciphers

9 TLS Client Hello - Extensions Finally, the Client Hello can send extensions. Here are a few of the extensions that can be sent that affect how the server will respond - Signature Algorithms helps determine what kind of certificate will be accepted by the client - Server Name Indication helps determine which certificate to use if multiple are available 9 IBM Security

10 TLS Server Hello Handshake Protocol The TLS Server Hello will often be a record layer containing multiple handshake messages, as indicated in the TLSv1.2 Record Layer The TLS Server Hello Handshake Protocol Server Hello will contain : 1) The derived SSL Session ID 2) The desired Cipher Suite 3) Allowable Signature Algorithms (If Client Certificate Authentication is enabled) 10 IBM Security

11 TLS Server Hello - Certificate The TLS Server Hello will also contain a Certificate Public Key used for encryption. The certificate record contains all the data needed to verify against the Client held public key 11 IBM Security

12 The trace in Wireshark Packets Network Layers Raw Data 12 IBM Security

13 Common Issues (No Matching Protocol) The Client Hello does not have matching protocol. This is an immediately failure. Use a good filter to take out the other noise. Ephemeral Port (50169) TCP 3-way Client will use up to SSLv3. Make sure server supports it. 13 IBM Security

14 Common Issues (Server-side shutdown) The TCP 3-way is good. ClientHello has protocol and ciphers. Server sends FIN and shuts it down. Contact the server admins. In this case the server is configured with an expired certificate so it will not even send a ServerHello. 14 IBM Security

15 Common Issues (No Overlapping Ciphers) Client fixed to TLS 1.2 Check list of Cipher Suites. Server at 9443 does not support this cipher so shuts down. 15 IBM Security

16 Common Issue (Signature not valid for protocol I) Taken client-side on ISAM Appliance so we can see the alert. Why is the cert bad? 16 IBM Security

17 Common Issue (Signature not valid for protocol II) Let s look at the cert: 1) Is the signature algorithm valid? 2) Has the signer been imported? 3) The notbefore date? 4) The notafter date? 17 IBM Security

18 Common Issue (Signature not valid for protocol III) We see the ClientHello contains the signature_algorithms extension. This client is not willing to accept a cert with a signature of md5rsa so it throws a BadCertificate alert. Is the cert really bad? No, it may work for other clients but not for this one. 18 IBM Security

19 Common Issue (Reissued cert causes Bad Certificate) Same subjectdn of CN=LEVEL2,OU=ISS,O=IBM,C=US but note the different AuthorityKeyIdentifiers 19 IBM Security

20 Common Issue (Missing signature_algorithms Extension) In this flow, the Client Hello is met with an immediate RST packet - This is common when creating junctions to Microsoft Servers (IIS/LDAP) As you can see, the Client Hello is missing the signature_algorithms extension 20 IBM Security

21 Things to check before opening a PMR: Will the Client and Server support the same protocol? Will the Client and Server support a common cipher? Is TLS 1.2 or NIST enabled? Check signature algorithms. Neither allow md5rsa. Check ciphers Is either the client or server sending custom extensions? Ensure signers have been imported All signers along the chain must be imported? All signers must meet critieria. That is, a cert may have a signature of SHA2 but if it s signer is md5rsa it does not satisfy NIST. 21 IBM Security

Things to check before opening a PMR II: Has a cert been reissued / renewed? Check the cert s authority key info. Check the serial number. Check the public key. Is the cert valid for the operation?

22 Things to check before opening a PMR II: Has a cert been reissued / renewed? Check the cert s authority key info. Check the serial number. Check the public key. Is the cert valid for the operation? Check the certificates allowed usage. For example, a cert that does not have Proves your identity cannot be used for client cert auth. This will cause mutual SSL junctions to fail. 22 IBM Security

23 ISAM GSKIT Error Messages gsk_secure_soc_init, failed error: GSK_ERROR_NO_CIPHERS. No common protocol. No common ciphers gsk_secure_soc_init, failed error: e GSK_ERROR_BAD_CERT. Check signature algorithm extension. Check for all signer certificates. gsk_secure_soc_init, failed error: a4 GSK_ERROR_SOCKET_CLOSED. Means what it means. Something (usually server) shut the connection down. Check server logs. Possibly network related. gsk_secure_soc_init, failed error: bf GSK_ERROR_CERTIFICATE_INVALIDSIGALG. Means what it means. 23 IBM Security

24 Wireshark gotchas Using a non-standard port for SSL/TLS? You need to use the Decode As feature. Right-click on any frame to bring up the menu. Select Decode As, select the server port instead of the ephemeral, save. Now traffic will be decoded as TLS. 24 IBM Security

25 TLS Tuning Technotes Tuning Preferred Ciphers (Client and Server) for the Browser Channel : - Tuning the signature_algorithms extension for Browser/LDAP Connections - *Note : use ldap-ssl-set-extn-sigalg in the [ldap] stanza of a configuration file to tune the LDAP Channel. This information will be added to the existing technote and this entry uses the same value syntax as the above technote. An example would be : [ldap] ldap-ssl-set-extn-sigalg = GSK_TLS_SIGALG_RSA_WITH_SHA256,GSK_TLS_SIGALG_ECDSA_WITH_SHA256,GSK_TLS_ SIGALG_RSA_WITH_SHA224,GSK_TLS_SIGALG_ECDSA_WITH_SHA224,GSK_TLS_SIGALG_R SA_WITH_SHA1,GSK_TLS_SIGALG_DSA_WITH_SHA1,GSK_TLS_SIGALG_ECDSA_WITH_SHA1 Supported and Documented GSKit Attributes : f/reference/ref_gskit_attributes.html 25 IBM Security

26 TLS Troubleshooting Technotes GSKit Tracing for Web Components : - SSL Tracing for AAC/Federation Components : - To set LMI SSL Tracing (from and above) : - Manage System Settings -> Administrator Settings -> LMI Tracing : SSL=ALL:SSLChannel=ALL 26 IBM Security

27 Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Raise your hand by clicking Raise Hand. The Raise Hand icon appears next to your name in the Attendees panel on the right in the WebEx Event. The host will announce your name and unmute your line. or Type a question in the box below the Ask drop-down menu in the Q&A panel. Select All Panelists from the Ask drop-down-menu. Click Send. Your message is sent and appears in the Q&A panel. To ask a question after this presentation: You are encouraged to participate in the dw Answers forum: < 27 IBM Security

28 IBM Security Learning Academy New content published daily! Learning at no cost! Learning Videos Hands-on Labs Live Events 28 IBM Security

29 Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Raise your hand by clicking Raise Hand. The Raise Hand icon appears next to your name in the Attendees panel on the right in the WebEx Event. The host will announce your name and unmute your line. or Type a question in the box below the Ask drop-down menu in the Q&A panel. Select All Panelists from the Ask drop-down-menu. Click Send. Your message is sent and appears in the Q&A panel. To ask a question after this presentation: You are encouraged to participate in the dw Answers forum: < 29 IBM Security

THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2017. All rights reserved.

30 THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com youtube/user/ibmsecuritysolutions Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

ISAM Advanced Access Control

ISAM Advanced Access Control CONFIGURING TIME-BASED ONE TIME PASSWORD Nicholas J. Hasten ISAM L2 Support Tuesday, November 1, 2016 One Time Password OTP is a password that is valid for only one login session