How do I disable weak encryption ciphers in Openfire?

Moonchild · November 1, 2013, 4:03pm

Following up on test results from the new xmpp.net observatory, I’ve been trying to find a way to disable weak SSL/TLS ciphers in OpenFire.

According to the Observatory test, Openfire supports a number of really weak ciphers by default which I want to disable, but can’t seem to be able to configure anywhere:

Ciphers

Server does respect the client’s cipher ordering.

Cipher suite
Bitsize
Forward secrecy
ECDHE-RSA-AES128-SHA (0xc013)
128
Yes
ECDHE-RSA-RC4-SHA (0xc011)
128
Yes
DHE-RSA-AES128-SHA (0x33)
128
Yes
DHE-DSS-AES128-SHA (0x32)
128
Yes
RC4-MD5 (0x10080)
128
No
AES128-SHA (0x2f)
128
No
RC4-SHA (0x5)
128
No
ECDHE-RSA-DES-CBC3-SHA (0xc012) WEAK
112
Yes
EDH-RSA-DES-CBC3-SHA (0x16) WEAK
112
Yes
EDH-DSS-DES-CBC3-SHA (0x13) WEAK
112
Yes
DES-CBC3-SHA (0xa) WEAK
112
No
EDH-RSA-DES-CBC-SHA (0x15) VERY WEAK
56
Yes
EDH-DSS-DES-CBC-SHA (0x12) VERY WEAK
56
Yes
DES-CBC-SHA (0x9) VERY WEAK
56
No
EXP-EDH-RSA-DES-CBC-SHA (0x14) VERY WEAK
40
Yes
EXP-EDH-DSS-DES-CBC-SHA (0x11) VERY WEAK
40
Yes
EXP-RC4-MD5 (0x20080) VERY WEAK
40
No
EXP-DES-CBC-SHA (0x8) VERY WEAK
40
No

Anything less than 128 bit should preferably be disabled, but at the very least the 40 bit and 56 bit ones since those are terrible. How do I do this?

Also, it seems openfire doesn’t support 256 bit ciphers at all?

Jason60 · November 1, 2013, 7:35pm

This thread may be of use to you: http://community.igniterealtime.org/message/194222#194222

Moonchild · November 1, 2013, 7:49pm

Thanks, but that really doesn’t help me much.

The thread you pointed to discusses having to hack the openfire code and rebuild it from source to exclude certain ciphers? Sorry but I’m really only interested in administering openfire, not coding/rebuilding it.

There should be a way to configure either openfire or the java back-end to use certain ciphers and not use others. The thread there doesn’t really help in that respect, and is confusing as to what is needed for which functionality.

The thread otherwise talks about disabling SSL to pass (automated) PCI compliance scans that don’t know XMPP/TLS and therefore not check for that.

Disabling SSL and http binding isn’t a good solution either and will still use weak ciphers for TLS. So it’s fighting a symptom, not the cause.

Preferably, I want to disallow weak ciphers regardless of connectivity method.

Moonchild · January 4, 2014, 3:13pm

Since nobody seems to know in the community, I’ll see if I can get some answers from fellow OpenFire operators who get strong cipher scores in the observatory.

If anyone here has figured out a way around this problem yet, let me know? It seems setting the JRE parameters somewhere for TLS globally should be possible, but I just don’t know how to format it or where to put it…

I suspect jre/lib/security/java.security would be a good candidate?

It has a few ssl related entries there.

Moonchild · February 6, 2014, 1:30pm

Openfire 3.9.0 solves this issue! Thanks for your hard work

GDR · February 10, 2014, 1:33pm

Where is this option placed in 3.9?

Moonchild · February 10, 2014, 1:40pm

It’s not an option/not configurable. 3.9.* simply does not include support for the really weak 40 and 56-bit ciphers.

256-bit cipher support can be added to 3.9.* by grabbing the JCE unlimited strength jurisdiction policy files http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.ht ml

GDR · February 10, 2014, 1:56pm

Thank you.

I don’t think they disabled the support, though - I just checked the ciphers that my Openfire 3.9.1 supports and all the 40-bit and 56-bit ciphers are still there… like EXP-DES-CBC-SHA (0x8)

Moonchild · February 10, 2014, 3:05pm

I think it depends on which JRE you use, then? 3.9 saw an update from 6 to 7

LG1 · February 10, 2014, 6:15pm

Java 7 supports jdk.tls.disabledAlgorithms - this should work.

Moonchild · February 11, 2014, 12:56am

Where, exactly, would you use jdk.tls.disabledAlgorithms? What is the format that should be used?

LG1 · February 11, 2014, 1:18pm

This is the official documentation: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide .html#DisabledAlgorithms

Please ask Google or Bing for more specific examples.

Moonchild · February 11, 2014, 1:26pm

All good and nice if you’re a java programmer, but in OF it’s not clear where you can make this setting. Can you just set this property in “System properties” in the admin interface, or does it have to go into a config/preferences files on the server somewhere? Please think “operator” and not “dev” for a minute.

EDIT: poking some java-knowledgeable person here, it has to go into a file on the server, specifically jre/lib/security/java.security

Documentation of this parameter is really poor, no workable examples are given in the Oracle documentation. I’ll see if I can figure it out and when I have time, create a document for OF.

LG1 · February 11, 2014, 2:50pm

It is indeed a Java parameter and not specific to Openfire. It is indeed configured in java.security and one example is (not tested whether Openfire still works as expected and whether all weak ciphers are disabled):

jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048

An Openfire (JVM) restart is required and then one may want to run a penetration test to make sure that only strong ciphers are supported.

GDR · February 11, 2014, 3:10pm

The following info is based on web searching, I’m no expert at Java.

These values mentioned by LG are system-wide in JVM, stored in a file called java.security. On Debian it’s in /etc/java-6-openjdk/security/java.security

Aparently there’s a way to create a separate java.security file to be used by certain applications like Openfire, if you’re willing to modify the init scripts: http://blog.eyallupu.com/2012/11/how-to-overriding-java-security.html

I think they’re in a separate namespace than Openfire properties so they can’t be changed from the web GUI.

EDIT: It looks like the security policy file can be overridden per-user. I’ve found these 2 lines in the default Debian policy:

# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

LG1 · February 11, 2014, 5:28pm

Putting the config in the home directory may be more reliable, especially during updates. I try to avoid modifications of the standard jvm installation.

guus · February 2, 2016, 10:04am

Note that in addition to other suggestions in this thread, Openfire supports configuration of TLS protocols and cipher suites (via the Admin Console) since the 4.0.0 release.

Jabber-Server.de · February 3, 2016, 1:56pm

Use the latest version of openfire 4.+ and edit the advanced settings of your s2s-connection within the admin console. Maybe worth to mention, if you would like to have strong(er) chiphers you have to manually add them. I downloaded the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 and replaced them with the default files within openfire/bin directory (running on windows server). After a quick restart of openfire i was able to choose ciphers widely.