ADD CERTIFICATE PRIVATE KEY EXPORT CAPABILITY TO SSL SERVER
APAR Identifier ...... PK75661 Last Changed ........ 10/03/09
ADD CERTIFICATE PRIVATE KEY EXPORT CAPABILITY TO SSL SERVER
Symptom ...... IN INCORROUT Status ........... CLOSED UR1
Severity ................... 4 Date Closed ......... 10/03/05
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 530 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice ATTENTION
Current Target Date .. Flags
SCP ................... NEW FUNCTION
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 530 : UK54940 available 10/03/09 (1000 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
The SSLADMIN EXPORT command provides a mechanism to extract a
certificate from a Linux-based SSL server certificate database,
but does so without associated keys.
To facilitate migration from a Linux-based SSL server to the
CMS-based SSL server introduced in z/VM 540, additional
SSLADMIN command capabilities are needed that will provide a
secure way to export a certificate with its associated private
key.
Additionally, CVE-2009-3555 identifies a weakness in the TLS and
SSL session renegotiation protocol. Updates to the IBM GSKit
library are required in order to mitigate this issue.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All customers running the z/VM SSL server. *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
This APAR provides an updated Linux SSL server module (sslserv),
along with administrative interface (SSLADMIN) and DTCUME
message repository changes, that add the ability to export a
server certificate with its private key.
In addition, an updated IBM GSKit RPM package is provided --
both to support the aforementioned export changes, and to
address the following problem:
Transport Layer Security (TLS) handshake renegotiation weak
security (CVE-2009-3555)
Links to detailed instructions for installation of the RPM files
provided with this APAR, as well as steps for exporting
certificates with their private keys, are available at the "SSL
Server Configuration" web page. The URL for this page is:
http://www.vm.ibm.com/related/tcpip/vmsslinf.html
PROBLEM CONCLUSION:
TEMPORARY FIX:
COMMENTS:
With this APAR, a new WITHKEY operand is added to the SSLADMIN
EXPORT command, allowing a server certificate with its private
key to be exported to a file in PKCS #12 format. This file
format allows the certificate and key to be transferred securely
to other hosts and to be imported into other certificate
databases, such as that used with the SSL server on z/VM 5.4
(and later) systems.
The revised information that follows will be included in any
future updates to the following publication(s):
================================================================
SC24-6125-03 -- z/VM: TCP/IP Level 530 Planning and
Customization
Chapter 22. "Configuring the SSL Server"
Section: "SSL Server Administration Commands"
Page(s): 635-636
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The SSLADMIN EXPORT command syntax is updated to include the
WITHKEY and 'password' operands:
>>--SSLadmin--EXPORT--fn--.----.---------------------------->
'-fm-'
>--.--CERTificate--label--.---------------------.--.-------><
| '--WITHKEY--password--' |
'--REQuest--label-------------------------------'
The 'Purpose' section is updated as follows:
Use the SSLADMIN EXPORT command to retrieve a certificate or
certificate request from the certificate database and store it
in a CMS file. Certificates with private keys also can be
retrieved using this command.
The 'Operands' section is updated with a revised 'fn' operand
description, and to include descriptions for the WITHKEY and
'password' operands:
fn
is the file name to be used when the exported certificate or
certificate request is stored as a CMS file. The target
file must not already exist.
* A certificate with no associated private key is stored
using the type: X509CERT
* A certificate with an associated private key is stored
using the file type: P12
* A certificate request is stored using a file type of:
CERTREQ
...
label
is the label associated with the certificate or certificate
request, exactly as it appears in the certificate database.
The SSLADMIN QUERY command can be used to determine how a
label has been specified in the certificate database.
...
WITHKEY
indicates that a certificate is to be retrieved with its
private key.
password
is the password that is to be used to protect an exported
server certificate and its private keys. The password you
provide is case sensitive, and can be comprised of multiple
tokens (with intervening blanks being significant). Leading
and trailing blanks are not significant -- these are removed
from the provided value prior to use.
The 'Usage Notes' section is updated as follows:
* Certificate requests and certificates exported without the
WITHKEY operand are stored in Base64-encoded DER format.
* Certificates exported using the WITHKEY operand are stored
in binary PKCS #12 format.
================================================================
Documentation for the new messages that follow will be included
in any future updates to the following publication:
GC24-6124-02 -- z/VM: TCP/IP Level 530 Messages and Codes
Chapter 19. SSL Messages
Page(s): 382, 391
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DTCSSL321I Export successful; created file: <pathname>
Explanation:
The EXPORT CERTIFICATE WITHKEY command completed
successfully, and the Linux certificate-with-key file listed
in the message has been created.
System Action:
Server operations continue.
System Programmer Response:
None.
DTCSSL322I Export of expired certificate successful;
created file: <pathname>
Explanation:
The EXPORT CERTIFICATE WITHKEY command completed
successfully, and the Linux certificate-with-key file listed
in the message has been created. However, while processing
this command, the server determined that the requested
certificate now is expired, which might prevent it from
being imported for use in a different certificate database.
System Action:
Server operations continue.
System Programmer Response:
None.
DTCSSL400E Export error detected.
Explanation:
The EXPORT CERTIFICATE WITHKEY command did not complete
successfully, the reason for which is explained by an
additional message.
System Action:
Processing of the subject command stops. Server operations
continue.
System Programmer Response:
This message likely results from having attempted an export
of a certificate for which there is no associated private
key, or of a certificate that does not exist in the
certificate database. Confirm that the label has been
specified with the correct case, and that it matches that
for a server certificate that resides in the certificate
database (the SSLADMIN QUERY CERTIFICATE command can be used
for this purpose). Adjust the label value or specify a
different one when the command is next issued.
DTCSSL2461W Certificate <label> has expired
Explanation:
The EXPORT CERTIFICATE WITHKEY command completed
successfully. However, while processing this command, the
server determined that the requested certificate now is
expired, which might prevent it from being imported for use
in a different certificate database.
System Action:
Command processing continues.
System Programmer Response:
None.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The codes that follow are added to:
"Table 3. SSL Server Return Codes"
Page(s): 393
---------------------------------------------------------------
Code Meaning
111 There is no private key in the key record.
Explanation:
There was no private key associated with the
certificate label submitted with this command.
System Programmer Response:
Specify a certificate label for a certificate with a
private key associated with it (e.g., a 'Server'
certificate).
---------------------------------------------------------------
233 The target already exists.
Explanation:
The certificate to be exported already exists in the
directory which maintains the certificate database,
and it cannot be automatically removed.
System Programmer Response:
Access the certificate database directory in the SSL
Server virtual machine. Manually remove the exported
certificate file, then retry the original command.
================================================================
In addition to the previously described changes for exporting
certificates with private keys, the updated IBM GSKit RPM
packages provided with this APAR address CVE-2009-3555.
This problem and the changes implemented to address it, are
described in more detail here:
All customers using the TCP/IP for z/VM SSL server, relying on
Secure Socket Layer v3 (SSLv3) or any of the multiple versions
of Transport Layer Security (TLS) in support of secure
communications between a client and server or between server and
server are impacted by a recently discovered weakness in the TLS
and SSL v3 protocols. SSLv2 is not affected.
The TLS/SSL weakness exists in multiple implementations of the
Transport Layer Security (TLS) protocol, including SSL.
To address the weakness in the TLS/SSL handshake renegotiation,
IBM, along with the other members in the Industry Consortium for
the Advancement of Security on the Internet (ICASI), are working
together with the Internet Engineering Task Force (IETF) to
enhance and strengthen the handshake renegotiation protocol in
the TLS specification. This effort will take some time to
complete. The delivery outlook for inclusion of this enhanced
handshake renegotiation capability in TLS protocol
implementations is unknown at this time.
In the interim, TCP/IP for z/VM is delivering an updated GSKit
RPM that incorporates updates which disable the TLS handshake
renegotiation. By disabling TLS handshake renegotiation, which
rarely is used, a remote attacker will be blocked from
attempting to exploit the weakness in the TLS protocol.
NOTE:
After installing the PTF for this APAR, the z/VM SSL server
will rely upon default GSKit settings will be used that disable
TLS handshake renegotiation. These settings cannot be changed.
MODULES/MACROS: DTCUME DTCUMEB IBMGSK IBMGSKX SSLADMIN
VMSR4 VMSR4S VMSR4X VMSR4XS VMSS9 VMSS9S VMSS9X
VMSS9XS
SRLS: SC24612503 GC24612402
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: