Earlier solution for Transport Layer Security (TLS) Renegotiation Issue
A weakness exists in some implementations of Transport Layer Security (TLS) handshake negotiation. IBM addressed this vulnerability in updates to the IBM® SDK. In service refresh 6, fix pack 25, the solution changed to match the reference implementation. For information about the new solution, see Transport Layer Security (TLS) Renegotiation Issue. Continue reading this topic only if you are using an earlier release of the SDK.
Overview
See CVE-2009-3555 for details of the vulnerability. IBM implements RFC 5746, which contains additional function to address the security of TLS handshake renegotiation.
Content
The IETF has published RFC 5746 Transport Layer Security (TLS) - Renegotiation Indication Extension. RFC 5746 defines a mechanism to implement TLS/SSL handshake renegotiation securely. Use of RFC 5746 replaces the industry-wide interim solution of disabling all renegotiation that is implemented after the weakness was discovered.
IBM JSSE2 allows SSL V3 or TLS V1 session
renegotiation with peers that have implemented RFC 5746. Session renegotiation with peers that do
not support RFC 5746 reverts to the interim disablement solution. By default, unsecured
renegotiation is not allowed. Use the system property com.ibm.jsse2.renegotiate
to
control how unsecured negotiations are handled by IBM JSSE2.
Read RFC 5746 for additional details if interested in the underlying TLS protocol changes to correct the weakness.
- com.ibm.jsse2.extended.renegotiation.indicator=[BOTH | CLIENT | OPTIONAL | SERVER]
- Use this property to force all negotiations to require RFC 5746, not just renegotiations. This
negotiation would be practical only after all the required communication partners have implemented
RFC 5746. The default setting is OPTIONAL.
- com.ibm.jsse2.extended.renegotiation.indicator=BOTH
- Causes the IBM JSSE2 Server or IBM JSSE2 client to connect only if the peer
indicated support for RFC 5746 renegotiation. Note: Setting the property to BOTH causes interoperability problems with clients or servers that have not been updated to support RFC 5746.
- com.ibm.jsse2.extended.renegotiation.indicator=CLIENT
- Causes the IBM JSSE2 Client to connect
only if the server indicated support for RFC 5746 Renegotiation. Note: Setting the property to CLIENT causes interoperability problems with servers that have not been updated to support RFC 5746.
- com.ibm.jsse2.extended.renegotiation.indicator=OPTIONAL
- This setting is the default. Using this option means that the IBM JSSE2 Server or IBM JSSE2 Client do not require the renegotiation indicator during the initial handshake.
- com.ibm.jsse2.extended.renegotiation.indicator=SERVER
- Causes the IBM JSSE2 Server to connect
only if the client indicated support for RFC 5746 Renegotiation. Note: Setting the property to SERVER causes interoperability problems with clients that have not been updated to support RFC 5746.
- com.ibm.jsse2.renegotiate=[ABBREVIATED | ALL | DISABLED | NONE]
- Use this property to change the renegotiation ability of IBM JSSE2. The default value is NONE.
- com.ibm.jsse2.renegotiate=ABBREVIATED
- This setting overrides and allows unsecured abbreviated handshake during renegotiation when session continuity is proven. RFC 5746 renegotiations are allowed.
- com.ibm.jsse2.renegotiate=ALL
- This setting overrides and allows unsecured full handshake, and unsecured abbreviated handshake, during renegotiation. RFC 5746 renegotiations are allowed.
- com.ibm.jsse2.renegotiate=DISABLED
- This setting overrides and disables all unsecure and RFC 5746 renegotiations.
- com.ibm.jsse2.renegotiate=NONE
- This setting is the default. No unsecured handshake renegotiation is allowed. Only RFC 5746 renegotiations are allowed.
- com.ibm.jsse2.renegotiation.peer.cert.check=[OFF | ON]
- Use this property to change the renegotiation ability of IBM JSSE2 to require the peer support that is specified in RFC 5746. This
requirement is only practical after all the required communication partners have implemented RFC
5746. The default value is OFF.
- com.ibm.jsse2.renegotiation.peer.cert.check=OFF
- This setting is the default. It stops the IBM JSSE2 Client or IBM JSSE2 Server performing an identify check against the certificate from the peer. The result is to allow the peer certificate to change during renegotiation.
- com.ibm.jsse2.renegotiation.peer.cert.check=ON
- This setting causes the IBM JSSE2 Client or IBM JSSE2 Server to perform a comparison against the certificate from the peer. The reason is to ensure that the certificate does not change during renegotiation. The comparison is applicable to both secure and non-secure renegotiations.
- jdk.tls.allowUnsafeServerCertChange=false
- This is the default setting. The server certificate change in renegotiation after a session-resumption abbreviated initialhandshake is restricted. The server certificate can be changed only to certificates that can represent the same identity.
- jdk.tls.allowUnsafeServerCertChange=true
- If the system property is set to true explicitly, the restriction on server certificate change in renegotiation is disabled.