SHA2 Configuration
What to expect:SHA2 can be utilized in several applications in your IT infrastructure. Here are some of the examples:
- VPN: Message integrity is one of the security features of VPN. This could be provided by SHA2. All VPN protocols are handshake protocols and therefore an exchange of messages decide which encryption and hashing algorithms are selected for security.
- Digital Signatures: SHA2 is also used in digital certificates in "Digital Signatures". Your digital certificates could be used in VPN protocols or while serving a website from a server.
- Store Passwords: Passwords are never stored in plain text in a database for security reasons. Instead, hash of the passwords are stored. The algorithm that generates the hashes is therefore important too.
For the above settings, there have been examples mentioned below.
Concept: SHA2 is one of the recommended options for hashing. This is because there have been no security problems found in the protocol so far. Translating that to more technical terms, there hasn't been a collision found yet. It has to be ensured that all applications in your infrastructure run SHA2 at the least (among the SHA family).
Examples for Enabling SHA2 for VPN/HTTPS connections
We have categorized the examples into two sections:- Webservers and Browsers.
-
Webservers:
- Mac 11.8.2
- Windows 4.1 (std)
- Windows 3.4 (ent)
- Windows 8/RT (1.4)
-
Apache:
To add SHA2 you just need to make sure that your SSLCipherSuite has the following cipher in your ‘https virtual host’ configuration:
You may realize that there are other cipher suites that have nothing to do with SHA2. The reason why the list has been provided is to ease cross checks or fresh configuration with the most secure protocols.# Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some # require OpenSSL 1.1.0, which as of this writing was in pre-release. SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
A good read: Server Side TLS
Explanation:
Guide to reading cipher from configuration files:
One of the most popular formats look like this:
... ECDHE-RSA-AES128-GCM-SHA256 ...
The above example shows a cipher suite seperate by another one from the list with a ':'. The first cipher 'ECDHE-RSA' specifies ECDHE+RSA as the signature algorithm for TLS while the AESGCM specifies the encryption scheme with its mode of operation. SHA256 specifies the hashing standard.
-
Nginx:
By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf , /etc/nginx , or /usr/local/etc/nginx.... ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ...
Similar to the Apache config above, these cipher suites provide the best security for VPN. Do not forget to restart the services and before doing so, measure the possible consequences of downtime.
$sudo nginx -t $sudo service nginx restart -
Tomcat
The configuration file for Tomcat should be in
TOMCAT_HOME/conf/server.xml
Tomcat 5 & 6 (Prior to 6.0.38) Within the server.xml find the sslProtocols entry and make sure only secure cipher suites (with SHA2 as minimum security) are specified:
An example of server.xml is:
Example SSL Connector: (Tomcat 7 w/Java 7) <Connector port="443" maxHttpHeaderSize="8192" address="192.168.1.1" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keystoreFile="SomeDir/SomeFile.key" keystorePass="Poodle" truststoreFile="SomeDir/SomeFile.truststore" truststorePass="HomeRun" sslProtocol="TLSv1, TLSv1.1, TLSv1.2" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF "/>
Browsers:
It is important the client side is also protected against attacks where weak ciphers are negotiated with servers that you might not control. To ensure that the clients are protected, browsers should support SHA2. Almost every browser (if not all) support SHA2 as it has been around for a long time.
These are the browsers that current support SHA2:
Adobe Acrobat/Reader 7
Blackberry 5+
Chrome 26+
Chrome under Linux
Chrome under Mac from Mac OS X 10.5
Chrome under Windows Vista and higher
Firefox 1.5+
Internet Explorer 7+ and higher
Internet Explorer 7+ under Vista
Internet Explorer 6+ under Windows XP SP3 (patched)
Java 1.4.2+ based products
Konqueror 3.5.6+
Mozilla 1.4+
Mozilla products based on NSS 3.8+ (since April 2003)
Netscape 7.1+
Opera 9.0+
Products based on OpenSSL 0.9.8o+
Safari from Mac OS X 10.5+
Windows Phone 7+
Concept: There are no notable patches or upgrades that are present for any of the popular products using SHA2. But IT administrators should always keep a close watch on any patches or upgrade notifications from product vendors. The expectation is that these patches will not particularly target protocol vulnerabilities but rather implementation ones. For example, a software bug in Cisco product allows compromise of SHA2's security. Understanding a newly released patch or upgrade should be possible by reading its respective documentation and queries of any sort should be clarified with the product manufacturers to ensure a smooth process with no adverse impacts.
Upgrade/Patch Management
Note: Keep an eye out for this section as it will be kept up-to-date with any major patches that are released. </p>
Enabling SHA2 in Webservers is usually a matter of tweaking configuration. Providing the option to tweak VPN settings should contain an option to change the cipher suite or more specifically the hash algorithm. These are the list of Servers that support and do not support SHA2.
Servers – support SHA-256
Apache server and OpenSSL 0.9.8o+
Apache 2.0.63+ , OpenSSL 1.1.x
OpenSSL based servers - OpenSSL 0.9.8o+
Windows Server 2003+ with patch 938397
Windows Server 2003+ or XP client with patch 968730
Windows Server 2008+
Java based servers - 1.4.2+
Cisco ACE module software version A4(1.0)
Citrix Receiver models:
Oracle Wallet Manager 11.2.0.3+
IBM HTTP Server 8.5 (with Lotus Domino 9+)
Juniper Secure Access - SA 6.4R5, 6.5R3, and 7.0R1 and later releases.
Websphere application Server v8.0.0.4
Servers which reportedly DO NOT support SHA-256 in their entirety
Juniper SBR
IBM Domino
Citrix Receiver models
Linux 13.0
IOS 5.8.3
Android 3.4.13
Playbook 1.0
Blackberry 2.2 / BlackBerry 1.0 Tech Preview
Cisco ACE module software versions A2 and A3