Support Policy      Security Notices
  1. DataStax Support
  2. DataStax Luna
  3. Security

FAQ - How to disable client initiated TLS renegotiation

Follow

Overview

This article provides instructions on how to configure Cassandra nodes to prevent client side renegotiation.

Applies to

  • Java 8
  • Java 11

Background

To avoid potential TLS Renegotiation Denial-of-Service attacks, client initiated TLS renegotiation can be disabled on each node in the cluster.

Steps

  • In the jvm.options* file on each node, add the following line

-Djdk.tls.rejectClientInitiatedRenegotiation=true

  • Perform a rolling restart of the cluster

* In DSE 6.8+, or Cassandra 4.0+, please use the appropriate version of the jvm.options file, i.e. jvm-server.options, jvm8-server.options, jvm11-server.options, etc...

 

Verification

Use the openssl s_client command to test renegotiation. Once connected, simply enter R + Enter For example below is a successful renegotiation initiated by the client:

$ openssl s_client -connect $(hostname -i):9042 -tls1_2
CONNECTED(00000003)
depth=2 C = US, ST = CA, O = DataStax, OU = Support, CN = rootCA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
 i:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
 1 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
 i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
 2 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
 i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGdDCCBFygAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwTzELMAkGA1UEBhMCVVMx
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
issuer=/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5233 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1.2
 Cipher : ECDHE-RSA-AES256-GCM-SHA384
 Session-ID: 5F04BC1701AAE3ABEE65B60B8E38BCE292E1062AAF8CEB002029E8E9C1A8EE21
 Session-ID-ctx:
 Master-Key: 7CF219CB440861C9873CD070DCE662213B95B2AE351FF327C0669EBCB0E7146AF2B62CD3FA568A1B497D4E3DFFF58FB5
 Key-Arg : None
 PSK identity: None
 PSK identity hint: None
 SRP username: None
 Start Time: 1594145815
 Timeout : 300 (sec)
 Verify return code: 19 (self signed certificate in certificate chain)
---
R
RENEGOTIATING
depth=2 C = US, ST = CA, O = DataStax, OU = Support, CN = rootCA
verify error:num=19:self signed certificate in certificate chain

After adding -Djdk.tls.rejectClientInitiatedRenegotiation=true and restarting the node, the renogatition will fail:

$ openssl s_client -connect $(hostname -i):9042 -tls1_2
CONNECTED(00000003)
depth=2 C = US, ST = CA, O = DataStax, OU = Support, CN = rootCA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
 i:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
 1 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
 i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
 2 s:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
 i:/C=US/ST=CA/O=DataStax/OU=Support/CN=rootCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGdDCCBFygAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwTzELMAkGA1UEBhMCVVMx
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=CA/O=DataStax/OU=Support/CN=node0
issuer=/C=US/ST=CA/O=DataStax/OU=Support/CN=intermediate
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5233 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1.2
 Cipher : ECDHE-RSA-AES256-GCM-SHA384
 Session-ID: 5F04BC1701AAE3ABEE65B60B8E38BCE292E1062AAF8CEB002029E8E9C1A8EE21
 Session-ID-ctx:
 Master-Key: 7CF219CB440861C9873CD070DCE662213B95B2AE351FF327C0669EBCB0E7146AF2B62CD3FA568A1B497D4E3DFFF58FB5
 Key-Arg : None
 PSK identity: None
 PSK identity hint: None
 SRP username: None
 Start Time: 1594145815
 Timeout : 300 (sec)
 Verify return code: 19 (self signed certificate in certificate chain)
---
R
RENEGOTIATING
140341621048984:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40
140341621048984:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:

Please be aware that s_client's output reporting Secure Renegotiation IS supported, should not be relied on for confirmation of whether or not client initiated TLS renegotiation is enabled, because that is reporting if s_client itself supports renegotiation.

See also

External doc - JDK-8073643

External doc - Tips for Securing SSL Renegotation

Created: 2020-07-07 18:41:56 UTC
Last Update: 2020-07-08 09:42:40 UTC

Related articles

Comments

0 comments

Please sign in to leave a comment.