Following up on test results from the new xmpp.net observatory, I’ve been trying to find a way to disable weak SSL/TLS ciphers in OpenFire.
According to the Observatory test, Openfire supports a number of really weak ciphers by default which I want to disable, but can’t seem to be able to configure anywhere:
Ciphers
Server does respect the client’s cipher ordering.
Cipher suite
Bitsize
Forward secrecy
ECDHE-RSA-AES128-SHA (0xc013)
128
Yes
ECDHE-RSA-RC4-SHA (0xc011)
128
Yes
DHE-RSA-AES128-SHA (0x33)
128
Yes
DHE-DSS-AES128-SHA (0x32)
128
Yes
RC4-MD5 (0x10080)
128
No
AES128-SHA (0x2f)
128
No
RC4-SHA (0x5)
128
No
ECDHE-RSA-DES-CBC3-SHA (0xc012) WEAK
112
Yes
EDH-RSA-DES-CBC3-SHA (0x16) WEAK
112
Yes
EDH-DSS-DES-CBC3-SHA (0x13) WEAK
112
Yes
DES-CBC3-SHA (0xa) WEAK
112
No
EDH-RSA-DES-CBC-SHA (0x15) VERY WEAK
56
Yes
EDH-DSS-DES-CBC-SHA (0x12) VERY WEAK
56
Yes
DES-CBC-SHA (0x9) VERY WEAK
56
No
EXP-EDH-RSA-DES-CBC-SHA (0x14) VERY WEAK
40
Yes
EXP-EDH-DSS-DES-CBC-SHA (0x11) VERY WEAK
40
Yes
EXP-RC4-MD5 (0x20080) VERY WEAK
40
No
EXP-DES-CBC-SHA (0x8) VERY WEAK
40
No
Anything less than 128 bit should preferably be disabled, but at the very least the 40 bit and 56 bit ones since those are terrible. How do I do this?
Also, it seems openfire doesn’t support 256 bit ciphers at all?
The thread you pointed to discusses having to hack the openfire code and rebuild it from source to exclude certain ciphers? Sorry but I’m really only interested in administering openfire, not coding/rebuilding it.
There should be a way to configure either openfire or the java back-end to use certain ciphers and not use others. The thread there doesn’t really help in that respect, and is confusing as to what is needed for which functionality.
The thread otherwise talks about disabling SSL to pass (automated) PCI compliance scans that don’t know XMPP/TLS and therefore not check for that.
Disabling SSL and http binding isn’t a good solution either and will still use weak ciphers for TLS. So it’s fighting a symptom, not the cause.
Preferably, I want to disallow weak ciphers regardless of connectivity method.
Since nobody seems to know in the community, I’ll see if I can get some answers from fellow OpenFire operators who get strong cipher scores in the observatory.
If anyone here has figured out a way around this problem yet, let me know? It seems setting the JRE parameters somewhere for TLS globally should be possible, but I just don’t know how to format it or where to put it…
I suspect jre/lib/security/java.security would be a good candidate?
I don’t think they disabled the support, though - I just checked the ciphers that my Openfire 3.9.1 supports and all the 40-bit and 56-bit ciphers are still there… like EXP-DES-CBC-SHA (0x8)
All good and nice if you’re a java programmer, but in OF it’s not clear where you can make this setting. Can you just set this property in “System properties” in the admin interface, or does it have to go into a config/preferences files on the server somewhere? Please think “operator” and not “dev” for a minute.
EDIT: poking some java-knowledgeable person here, it has to go into a file on the server, specifically jre/lib/security/java.security
Documentation of this parameter is really poor, no workable examples are given in the Oracle documentation. I’ll see if I can figure it out and when I have time, create a document for OF.
It is indeed a Java parameter and not specific to Openfire. It is indeed configured in java.security and one example is (not tested whether Openfire still works as expected and whether all weak ciphers are disabled):
The following info is based on web searching, I’m no expert at Java.
These values mentioned by LG are system-wide in JVM, stored in a file called java.security. On Debian it’s in /etc/java-6-openjdk/security/java.security
I think they’re in a separate namespace than Openfire properties so they can’t be changed from the web GUI.
EDIT: It looks like the security policy file can be overridden per-user. I’ve found these 2 lines in the default Debian policy:
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
Putting the config in the home directory may be more reliable, especially during updates. I try to avoid modifications of the standard jvm installation.
Note that in addition to other suggestions in this thread, Openfire supports configuration of TLS protocols and cipher suites (via the Admin Console) since the 4.0.0 release.
Use the latest version of openfire 4.+ and edit the advanced settings of your s2s-connection within the admin console. Maybe worth to mention, if you would like to have strong(er) chiphers you have to manually add them. I downloaded the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 and replaced them with the default files within openfire/bin directory (running on windows server). After a quick restart of openfire i was able to choose ciphers widely.