IBMi v7r2 ROBOT ATTACK  Mitigation

The best way to mitigate the vulnerability is to disable all SSL protocols apart from TLS 1.2. This will mean users with out of date operating systems and browsers will no longer be able to use the site but those will likely be minimal.

The Vulnerability

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.

Using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.

https://robotattack.org/

From the 1st March 2018 Qualys SSL Labs will rate sites affected by ROBOT as F.

https://www.ssllabs.com/ssltest/analyze.html

Make the following changes to your servers http config. This can be done by editing the config file directly (EDTF) or starting the *ADMIN http server and editing from within IBM Web Administration for i (/HTTPAdmin)

The required changes should already be applied if using v7r3 and above. The changes can also be applied by changing the allowed ciphers system value (QSSLCSL) but is best to change for the application required and leave the system values to save hassle when the OS is updated (if value is not default the settings will carry over to the upgraded OS).

The following settings will allow an A+ grade on SSLlabs:-

ServerName (enables SNI) but requires SSLServerCert directive be set.

Header Strict-Transport-Security directive (required to enable HSTS – HTTP Strict Transport Security)

SSLCipherSpec directive – Must have allowed cipher for the denied ciphers to take effect.

Values which need to be changed in bold italics.

SSLEngine On
SSLAppName QIBM_HTTP_SERVER_[SERVERNAME]
SSLVersion TLSV1.2
SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_CBC_SHA
SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_CBC_SHA256
SSLCipherSpec ALL -TLS_RSA_WITH_AES_256_CBC_SHA
SSLCipherSpec ALL -TLS_RSA_WITH_RC4_128_MD5
SSLCipherSpec ALL -TLS_RSA_WITH_AES_128_GCM_SHA256
SSLCipherSpec ALL -TLS_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ServerName servername.com
SSLServerCert Certificate_Name_In_DCM
Header set Strict-Transport-Security “max-age=31536000;includeSubDomains;preload”