IBM Support

IBM HTTP Server and Sweet32: Birthday attack (CVE-2016-2183)

Flashes (Alerts)


Abstract

IBM HTTP Server and Sweet32:Birthday attack in TLS. (CVE-2016-2183)

Content

CVE-2016-2183 describes a confidentiality leak when Triple-DES (3DES) 64-bit block cipher is negotiated and used to transmit hundreds of gigabytes of information. Your IBM HTTP Server (IHS) needs to be evaluated to see if you are affected.


How is IBM HTTP Server affected?

In short, IBM HTTP Server supports 3DES by default but does not prefer 3DES by default.

By default, all in-service IBM HTTP Server releases use 3DES as a "last resort" cipher to be negotiated if no other ciphers are shared between client and server. This arrangement already complies with the recommendation from the security researchers behind CVE-2016-2183. 3DES is not preferred by IHS.

UPDATE: As of the following IBM HTTP Server fixpacks: 9.0.0.6, 8.5.5.13, 8.0.0.15 and 7.0.0.45, the 3DES ciphers will be removed from the default ciphers by PI84868 as a result of updated guidance regarding 3DES ciphers.

IBM HTTP Server does not limit the amount of data that can be transmitted over a 3DES TLS connection.

Action is required to make sure the IHS configuration has not been modified to prefer 3DES.

What do I need to do?

  • Step 1: Review your IBM HTTP Server configuration files (httpd.conf) to determine if the default TLS cipher lists are being used.
    • For each SSLEnable directive, if there is no SSLCipherSpec in the same context, no action is required for Step 1 (3DES is not preferred by default and is not included in the defaults after the fixpacks containing PI84868)
    • If SSLCipherSpec is present, but not with a parameter of '3A', 'C008', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', or 'SSL_RSA_WITH_3DES_EDE_CBC_SHA', no action is required for Step 1 (3DES is not preferred).
    • If SSLCipherSpec has explicitly named one of the parameters above, then new guidance is that this statement should be removed. At a minimum, if it is not the last SSLCipherSpec in the configuration stanza, it should be moved so that it is is the last SSLCipherSpec in the stanza.
  • Step 2: If you want to remove 3DES entirely (now recommended by researchers, but this may break very old clients)
    • Version 7 and earlier (and z/OS prior to 9.0.0.3, 8.5.5.12, and 8.0.0.14, and 7,0,0.43)
      • Remove all instances of SSLCipherSpec from the configuration file.
      • After each configurations stanza with SSLEnable, append the following two lines:

        • SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
          SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
    • Version 8 and later (excluding z/OS prior to 9.0.0.3, 8.5.5.12, and 8.0.0.14, and 7,0,0.43)
      • Remove '3A', 'C008', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', or 'SSL_RSA_WITH_3DES_EDE_CBC_SHA' from any existing SSLCipherSpec directive.
      • At the bottom of each configuration stanza with SSLEnable, append the following line:

        • SSLCipherSpec ALL -SSL_RSA_WITH_3DES_EDE_CBC_SHA -TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • Step 3: If you want to leave 3DES enabled, but enable data transfer limits on 3DES:
    • On Distributed only: Version 8.0.0.4 and later, Version 8.5.0.1 and later or Version 9.0.0.0 and later
    • Append the following line to each configuration stanza with SSLEnable:


        SSLAttributeSet 463 1

      The connection will be abruptly terminated around the 32 gigabyte mark.

In IBM HTTP Server Version 8.0 and newer PI47605 is required for the Microsoft Windows version, you can use the following commands to check what protocols and ciphers will be used for your configuration:

For non-Windows platforms: apachectl -t -DDUMP_SSL_CONFIG

For Windows platform: apache -t -DDUMP_SSL_CONFIG

Change History:

03 October 2016: original document published

08 March 2017: updated step 3 to include fixpack levels

19 September 2017: clarified platform specific information

21 December 2017: updated guidance concerning 3DES ciphers

23 January 2018: updated SSLcipherspec stanza

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.5.5;8.5;8.0;7.0;6.1","Edition":""}]

Document Information

Modified date:
15 June 2018

UID

swg21991548