How To
Summary
This article describes how to disable certain TLS cipher suites used by Java applications such as Liberty, Solr and Zoopkeeper. The suites in question use Diffie-Hellman key exchange with keys less than 2,048 bits in size. These keys are vulnerable to attack.
Objective
When a TLS client (such as a browser, or a .NET application) tries to connect to a TLS server (such as IBM Liberty), they negotiate a mutually available encryption suite to use. The client offers a list of its available cipher suites, the client responds with its list of available cipher suites, and they select the most secure, mutually available suite.
One family of encryption cipher suites used in TLS uses Diffie-Hellman key exchange.
Cipher suites using Diffie-Hellman key exchange are vulneable to attacks, such as Logjam, when the key length is less that 2,048 bits. For example, see this discussion in Communications of the ACM:
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
https://cacm.acm.org/magazines/2019/1/233523-imperfect-forward-secrecy/fulltext
https://cacm.acm.org/magazines/2019/1/233523-imperfect-forward-secrecy/fulltext
For maximum security, it might be considered desirable to disable these cipher suites, so there is no chance they will be selected in Production.
Environment
i2 Analyze does not interact directly with TLS security at all. Nothing can be configured in the i2 Analyze code to change TLS behaviour.
Rather, TLS security is managed by the Java JVM which runs Liberty, Solr and Zookeeper. The changes are made in the Java JVM configuration. From there, they are automatically acquired by applications running on the JVM - such as Liberty and hence, i2 Analyze.
TLS encryption algorithms, including cipher suites, are disabled by adding them to the jdk.tls.disabledAlgorithms entry in the JVM's java.security file.
On Windows, this file is typically located at C:\IBM\i2analyze\deploy\java\jre\lib\security\java.security
On Linux, it is typically located at /opt/IBM/i2analyze/deploy/java/jre/lib/security/java.security
Steps
Open the java.security file in a text editor.
Locate the line starting with " jdk.tls.disabledAlgorithms"
By default in Java 8, this line has the value:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Change this line to:
jdk.tls.disabledAlgorithms=SSLv3,TLSv1.0, TLSv1.1, RC4, DES, \
MD5withRSA, \
DH keySize < 2048, \
EC keySize < 224, \
3DES_EDE_CBC, \
anon, \
NULL, \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
MD5withRSA, \
DH keySize < 2048, \
EC keySize < 224, \
3DES_EDE_CBC, \
anon, \
NULL, \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Save the changes to java.security.
Restart any applications running in the JVM.
Now the applications will not use any of the disabled algorithms.
Additional Information
It would be possible to leave the cipher suites which use Diffie-Hellman key exchange enabled, and extend their key size from the default 1,024 bits to 2,048 bits. This would protect against Logjam and similar attacks. However, calculating a 2,048 key size is about 5 times more computationally intensive than a 1,024 bit key size. As a result, TLS traffic using these ciphers with 2,048 bit keys would drop in throughput, by roughly 80%. As of 2020, all major Internet browsers and other TLS clients can use Elliptical Curve key exchange. This will give better performance at lower computational overhead. So it is better to disable all TLS_DHE_* ciphers, altogether.
To verify what cipher suites are being offered by the JVM which runs Liberty, run this command:
C:\IBM\i2EIA\toolkit\scripts>D:\IBM\i2Analyze\deploy\java\bin\jrunscript.exe -e "java.util.Arrays.asList(javax.net.ssl.SSLServerSocketFactory.getDefault().getSupportedCipherSuites()).stream().forEach(println)" > TLSCiphers.txtThe resulting TLSCiphers.txt text file will contain a list of the ciphers in use.If you are using OpenSSL in your environment, note that OpenSSL and Java use slightly different naming conventions for TLS cipher suites. Java uses the IANA names for cipher suites, as defined here:
Transport Layer Security (TLS) Parameters
For example, OpenSSL refers to cipher suite 0x6b as DHE-RSA-AES256-SHA256. The IANA name for the same suite is TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
You must use the IANA names for cipher suites, in the java.security file.
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXVTH","label":"i2 Analyze"},"ARM Category":[{"code":"a8m0z000000cwkBAAQ","label":"i2 Enterprise Insight Analysis->Deployment"}],"ARM Case Number":"TS005141364","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Historical Number
TS005141364
Was this topic helpful?
Document Information
Modified date:
15 March 2021
UID
ibm16430131