Wednesday Sep 21, 2011

More about PKCS11 Bypass in Oracle iPlanet Web Server 7.0

More about PKCS11 Bypass in Oracle iPlanet Web Server 7.0

Jyri's blog explains the concepts about PKCS11 Bypass in Oracle iPlanet Web server 7.0.

    By default in Oracle iPlanet Web Server 7.0, PKCS11Bypass is enabled. To know if PKCS11 Bypass is actually enabled or disabled in your server instance, run the server instance in <log-level>fine</log-level> and check the error log for lines containing the words "PKCS11 bypass". 

When PKCS11 Bypass is enabled When PKCS11 Bypass is disabled
server.xml

<pkcs11>
   <allow-bypass>true</allow-bypass>
</pkcs11>

<pkcs11>
   <allow-bypass>false</allow-bypass>
</pkcs11>

Error log

fine: PKCS#11 bypass is enabled

fine: PKCS#11 bypass is disabled

    Even though PKCS11 Bypass is enabled in server.xml, it is possible that that check of "SSL_CanBypass" fails in that case PKCS11 Bypass is not enabled. So its essential to check error log contents.

    Lets use DTrace scripts to see what's going on at function call level when PKCS11 Bypass is enabled or disabled. Lets analyse the scenario where AES cipher suite is negotiated in SSL Handshake. We know that  "AES_Encrypt" will be called in that case. So we write a script to print stack when "AES_Encrypt" function is called.

#!/usr/sbin/dtrace -s
#pragma D option quiet

pid$1::AES_Encrypt*:entry
{
    printf("thread %d:  stack is : \n", tid);
    ustack();
}

Note that if in SSL Handshake, others cipher suites were negotiated,  for example if RC4 is negotiated, "RC4_Encrypt" function will be called instead of "AES_Encrypt" and so on... Ideally we need a script with the full list of freebl algorithms but for our simple testing this will serve the purpose.

We run this D script and pass the the highest webservd pid as the first argument. Now send a (HTTPS) request via browser to the Web Server instance, here is the stack we get in both the cases (when PKCS11 Bypass is enabled and disabled).


User stack when PKCS11 Bypass is enabled

User stack when PKCS11 Bypass is disabled*

#./ssl.d 22437
thread 17: stack is :

libsoftokn3.so`AES_Encrypt




libssl3.so`ssl3_CompressMACEncryptRecord+0x5a8
libssl3.so`ssl3_SendRecord+0x38c
libssl3.so`ssl3_FlushHandshake+0x1cc
libssl3.so`ssl3_SendFinished+0x448
libssl3.so`ssl3_HandleFinished+0x5a4
libssl3.so`ssl3_HandleHandshakeMessage+0x8d0
libssl3.so`ssl3_HandleHandshake+0x2d8
libssl3.so`ssl3_HandleRecord+0xb60
libssl3.so`ssl3_GatherCompleteHandshake+0x110
libssl3.so`ssl_GatherRecord1stHandshake+0xd0
libssl3.so`ssl_Do1stHandshake+0x308
libssl3.so`ssl_SecureRecv+0x230
libssl3.so`ssl_Recv+0x124
libnspr4.so`PR_Recv+0x48
libns-httpd40.so`int DaemonSession::GetConnection()+0x470
libns-httpd40.so`void DaemonSession::run()+0xdc
libnsprwrap.so`void Thread::run_()+0x28

#./ssl.d 22469
thread 17: stack is :

libsoftokn3.so`AES_Encrypt

libsoftokn3.so`NSC_EncryptUpdate+0x490
libnss3.so`PK11_CipherOp+0x28c


libssl3.so`ssl3_CompressMACEncryptRecord+0x5a8
libssl3.so`ssl3_SendRecord+0x38c
libssl3.so`ssl3_FlushHandshake+0x1cc
libssl3.so`ssl3_SendFinished+0x448
libssl3.so`ssl3_HandleFinished+0x5a4
libssl3.so`ssl3_HandleHandshakeMessage+0x8d0
libssl3.so`ssl3_HandleHandshake+0x2d8
libssl3.so`ssl3_HandleRecord+0xb60
libssl3.so`ssl3_GatherCompleteHandshake+0x110
libssl3.so`ssl_GatherRecord1stHandshake+0xd0
libssl3.so`ssl_Do1stHandshake+0x308
libssl3.so`ssl_SecureRecv+0x230
libssl3.so`ssl_Recv+0x124
libnspr4.so`PR_Recv+0x48
libns-httpd40.so`int DaemonSession::GetConnection()+0x470
libns-httpd40.so`void DaemonSession::run()+0xdc
libnsprwrap.so`void Thread::run_()+0x28


*Note that we see calls to NSS softoken starting with NSC_.  If we use libpkcs11.so, the names of the symbols to look might be different, i.e. C_Encrypt, C_Decrypt.

From the above results we find that 

  • When PKCS11 Bypass is enabled,  function "ssl3_CompressMACEncryptRecord" (and others) in libssl3.so directly call "AES_Encrypt" in the same library (i.e. libssl3.so).
  • When PKCS11 Bypass is disabled,  it calls "PK11_CipherOP" function in libnss3.so which then calls "NSC_EncryptUpdate" function in libsofttoken3.so which in turn calls "AES_Encrypt" function in libsofttoken3.so. 

So by enabling PKCS11 Bypass we are eliminating two layers of function calls and that's why its faster. 

References

http://blogs.oracle.com/jyrivirkki/entry/pkcs_11_and_ssl_performance

Which ciphers are enabled in Oracle iPlanet Web Server 7.0 instance? and how do I find information about ciphers that are actually used at run time ?

Which ciphers are enabled in Oracle iPlanet Web Server 7.0 instance? and how do I find information about ciphers that are actually used at run time ?

A lot of people ask me how do I know which ciphers are enabled in Oracle iPlanet Web Server 7.0.

 The list of ciphers and whether they are enabled or disabled is given in the table http://download.oracle.com/docs/cd/E19146-01/821-0794/gcfbv/index.html . This may slightly vary from update release to another.

 The best way to know this is to change <log-level> in server.xml from "info" to "finest" and start the server instance. You will see these log messages at server startup which will tell  you which cipher was enabled or disabled.

>...
fine: Initializing "NSS Generic Crypto Services" PKCS #11 token
fine: Initializing "internal" PKCS #11 token
....
fine: enabling cipher (cert: RSA, auth: RSA, kea: RSA, enc: RC4, mac: MD5, key bits: 128): SSL_RSA_WITH_RC4_128_MD5
fine: enabling cipher (cert: RSA, auth: RSA, kea: RSA, enc: RC4, mac: SHA1, key bits: 128): SSL_RSA_WITH_RC4_128_SHA
fine: enabling cipher (cert: RSA, auth: RSA, kea: RSA, enc: 3DES, mac: SHA1, key bits: 112): SSL_RSA_WITH_3DES_EDE_CBC_SHA
...
fine: disabling cipher (cert: RSA, auth: RSA, kea: ECDHE, enc: 3DES, mac: SHA1, key bits: 112): TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
fine: disabling cipher (cert: RSA, auth: RSA, kea: ECDHE, enc: AES, mac: SHA1, key bits: 256): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
fine: enabling cipher (cert: RSA, auth: RSA, kea: RSA, enc: AES, mac: SHA1, key bits: 128): TLS_RSA_WITH_AES_128_CBC_SHA
fine: enabling cipher (cert: RSA, auth: RSA, kea: RSA, enc: AES, mac: SHA1, key bits:  256): TLS_RSA_WITH_AES_256_CBC_SHA
fine: SSLv3/TLS is enabled and 18 SSLv3/TLS ciphers are enabled
fine: 0 export ciphers enabled
fine: PKCS#11 bypass is enabled
fine: 1 RSA certificate(s) present, 6 suitable cipher(s) enabled
fine: 0 ECC certificate(s) present, 12 suitable cipher(s) enabled

Or if you are familir with Admin CLI you can use the following CLI

wadm>list-ciphers --config=<config> --http-listener=<listener> --verbose --all

 For more information refer :

http://docs.oracle.com/cd/E19146-01/821-0792/list-ciphers-1/index.html


Here is my blog about how to use Dtrace to collect information about ciphers used in the connection :

http://blogs.oracle.com/meena/entry/dtarce_script_to_collect_information

You can also modify server.xml to print cipher in access log :

<access-log>
    <file>../logs/access</file>
   <format>%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] "%Req->reqpb.clf-request%" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%
%Ses->client.cipher%</format>
</access-log>

Access log will have an new cipher entry in the last column of each row. For example it may show "AES-256","RC4" etc.

About

Meena Vyas

Search

Categories
Archives
« September 2011 »
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
22
23
24
25
26
27
28
29
30
 
       
Today
Feeds