GigaSMART Out-of-Band SSL Decryption

Required License: SSL Decryption for Out-of-Band

GigaVUE H Series nodes support Secure Sockets Layer (SSL) decryption. SSL is a cryptographic protocol that adds security to TCP/IP communications such as Web browsing and email. The protocol allows the transmission of secure data between a server and client who both have the keys to decode the transmission and the certificates to verify trust between them. Out-of-band SSL decryption delivers decrypted traffic to out-of-band tools that can then detect threats entering the network.

Out-of-band SSL decryption is a pillar of the GigaSECURE Security Delivery Platform. For an overview of GigaSECURE, refer to GigaSECURE Security Delivery Platform.

On GigaVUE H Series nodes, GigaSMART line cards or modules perform the decryption of SSL traffic. Using GigaSMART for decryption offloads the decryption function from tools and offers improved tool performance by removing this computationally intensive task. GigaSMART provides a centralized decryption point. Decrypted SSL traffic can be sent from GigaSMART to inspection tools for further analysis, for example, to look at encrypted communications or to detect malware.

Before SSL traffic is decrypted, the de-duplication GigaSMART operation can be performed. Decrypted traffic from the GigaSMART line card or module can be filtered, aggregated, and replicated and then sent to one or more monitoring tools for analysis.

Out-of-band SSL decryption is supported on the following GigaVUE H Series products with GigaSMART line cards or modules installed:

GigaVUE-HD4/HD8
GigaVUE-HC3
GigaVUE-HC2
GigaVUE-HC1
GigaVUE-HB1

Use out-of-band SSL decryption on the GigaSMART line card or module with passive or offline traffic. Tap the traffic to and from a server and pass it to the GigaVUE H Series node with the GigaSMART line card or module.

Out-of-band SSL decryption operations can be assigned to GigaSMART groups consisting of multiple engine ports. Refer to Groups of GigaSMART Engine Ports for details.

For secure storage of private keys, NCipher (formerly Thales) Hardware Security Module (HSM) is integrated with out-of-band SSL decryption. Refer to NCipher HSM for SSL Decryption for Out-of-Band Tools for details.

Gigamon also offers inline SSL decryption, which inspects SSL encrypted traffic inline. Refer to the Inline SSL Decryption Guide for details.

Introducing Out-of-Band SSL Decryption

SSL encryption secures traffic between a client and a server, such as a Web server. SSL decryption uses keys to decode the traffic between the client and server.

SSL and Transport Layer Security (TLS) protocols consist of a set of messages exchanged between a client and server to set up and tear down the SSL connection between them. To set up the connection, the client and server use the Public Key Infrastructure (PKI) to exchange the bulk encryption keys needed for data transfer.

Figure 871: Basic SSL Handshake shows the basic SSL handshake between a client and server to establish a session. The messages are unencrypted up to step 6 in Figure 871: Basic SSL Handshake. The messages are encrypted after step 6, including the step 9 Finished message.

 

Figure 871: Basic SSL Handshake

Once a session has been established, the keys are saved so a session can be resumed efficiently later. Figure 872: Resumed SSL Handshake shows the resumed SSL handshake, with fewer steps.

 

Figure 872: Resumed SSL Handshake

Out-of-band SSL decryption can be deployed close to the server, as shown in Figure 873: Inbound (Server Side).

 

Figure 873: Inbound (Server Side)

Out-of-band SSL decryption can also be deployed close to an SSL proxy, with the server in the Enterprise domain as shown in Figure 874: Outbound (Client/Enterprise Side).

 

Figure 874: Outbound (Client/Enterprise Side)

In Figure 873: Inbound (Server Side), tap traffic to the server and then send it for decryption. In Figure 874: Outbound (Client/Enterprise Side), tap traffic to the proxy and then send it for decryption. You can have a deployment with either a server or a proxy, but not both.

The following sections describe out-of-band SSL decryption on GigaSMART:

Supported Protocols, Algorithms, and Ciphers
Limitations
Creating and Resetting Passwords
Working with Keys and Services
Configuring SSL Decryption Examples on page 613
Supported Protocols, Algorithms, and Ciphers

The supported protocols are as follows:

SSL 3.0
TLS 1.0
TLS 1.1
TLS 1.2

The supported authentication (Au) is as follows:

RSA

The supported key exchange (Kx) is as follows:

RSA

The supported encryption algorithms (Enc) are as follows:

NULL
RC4
DES
3DES
AES (including GCM mode)
CAMELLIA
SEED
IDEA

The supported compression algorithm is as follows:

NULL

The supported digest algorithms are as follows:

MD5
SHA1
SHA2

The supported key sizes are 128, 256, 512, 1024, 2048, and 4096.

The supported TLS extensions are as follows:

Extended Master Secret, RFC 7627
Encrypt-then-MAC, RFC 7366

The supported ciphers are listed in Table 1: Supported Ciphers for Out-Of-Band SSL decryption.

Table 1: Supported Ciphers for Out-Of-Band SSL decryption

Cipher Name

Kx

Au

Enc

Bits

Mac

TLS_RSA_WITH_NULL_MD5

RSA

RSA

NULL

0

MD5

TLS_RSA_WITH_NULL_SHA

RSA

RSA

NULL

0

SHA

TLS_RSA_EXPORT_WITH_RC4_40_MD5

RSA_EXPORT

RSA_EXPORT

RC4_40

40

MD5

TLS_RSA_WITH_RC4_128_MD5

RSA

RSA

RC4_128

128

MD5

TLS_RSA_WITH_RC4_128_SHA

RSA

RSA

RC4_128

128

SHA

TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

RSA_EXPORT

RSA_EXPORT

RC2_CBC_40

40

MD5

TLS_RSA_WITH_IDEA_CBC_SHA

RSA

RSA

IDEA_CBC

128

SHA

TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

RSA_EXPORT

RSA_EXPORT

DES40_CBC

40

SHA

TLS_RSA_WITH_DES_CBC_SHA

RSA

RSA

DES_CBC

56

SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

RSA

RSA

3DES_EDE_CBC

168

SHA

TLS_RSA_WITH_AES_128_CBC_SHA

RSA

RSA

AES_128_CBC

128

SHA

TLS_RSA_WITH_AES_256_CBC_SHA

RSA

RSA

AES_256_CBC

256

SHA

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

RSA

RSA

CAMELLIA_128_CBC

128

SHA

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

RSA

RSA

CAMELLIA_256_CBC

256

SHA

TLS_RSA_WITH_SEED_CBC_SHA

RSA

RSA

SEED_CBC

128

SHA

TLS_RSA_WITH_NULL_SHA256

RSA

RSA

NULL

0

SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA

RSA

AES_128_CBC

128

SHA256

TLS_RSA_WITH_AES_256_CBC_SHA256

RSA

RSA

AES_256_CBC

256

SHA256

TLS_RSA_WITH_AES_128_GCM_SHA256

RSA

RSA

AES_128_GCM

128

SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

RSA

RSA

AES_256_GCM

256

SHA384

All algorithms used for out-of-band SSL decryption are FIPS 140-2 compliant.

All key URLs must point to an RSA private key stored in the PEM or PKCS12 format, as follows:

http://keyserver.domain.com/path/keyfile.pem
https://keyserver.domain.com/path/keyfile.pem
ftp://keyserver.domain.com/path/keyfile.pem
tftp://keyserver.domain.com/path/keyfile.pem
scp://username[:password]@keyserver.domain.com/path/keyfile.pem

The supported applications are as follows:

HTTPS
FTPS
SMTP, IMAP, and POP3 with StartTLS
Limitations

The following are limitations of out-of-band SSL decryption:

Only IPv4.
Only regular maps; no virtual ports (vports).
Only combined with the de-duplication GigaSMART operation.
Only one private key per PKCS12 file.
Only server-side authentication.
Only the protocols and ciphers listed in Supported Protocols, Algorithms, and Ciphers. If an SSL session cannot be decrypted due to having a non-supported protocol or cipher, the packets will be forwarded to the tool without decryption if the GS Parameter SSL Decryption has Decrypt Fail Action is set to Pass to Tool Port. Non-supported ciphers and protocols include SSL 2.0, TLS 1.3, Diffie-Hellman (DHE keys), Ephemeral keys, Elliptic Curves Extension, compression, and 8K key size.
Licensing

The GigaSMART license for out-of-band SSL decryption is installed as any other license.

There are no limits to the number of out-of-band SSL decryption sessions or the number of users.

Creating and Resetting Passwords

To perform the configuration in the following section, you must have an admin level access role.

Before uploading keys or configuring SSL, you must create an SSL keychain password. The password is used to encrypt the private keys that you upload to the node.

Keychain passwords are not saved on the node. Refer to Notes about Private Keys and Passwords.

Note:  When uploading SSL keys, make sure that you are not creating a duplicate key. Adding a duplicate key can cause errors.

To create an SSL keychain password, use the following steps:

1.   From the device view, select GigaSMART > Passive SSL > Key Store.
2. Click Keychain Password.

The set-up page shown in figure Figure 875: SSL Keychain Password Setup Page displays.

 

Figure 875: SSL Keychain Password Setup Page

3. Enter a password in the Password and Confirm Password fields.

You can only configure a strong password. A strong password has at least ten (10) characters and at least three (3) of the following:

uppercase letters
lowercase letters
numbers
special characters
4. Click Submit.

After keys are installed on the node, you will be prompted to enter the password after any login as well as after a node reboot, for example:

If you are a user who does not have an admin level access role, when you enter the configure terminal mode, the following message is displayed:

Password required. Please contact administrator.

If you are a user with an admin level access role, but you enter an incorrect password, the following message is displayed:

Password does not match. Please reenter the password

If an SSL keychain password is lost, it can be reset, but all existing private keys will be revoked. When there are keys installed on the node, a warning is displayed before you are prompted for the new password.

Once you have a new password, you will have to upload the keys again.

Working with Keys and Services

This section describes working with private keys as well as services. Keys must be uploaded to the GigaVUE H Series node using a unique alias. Services must be defined for each server destination that needs decryption.

To perform the configuration in the following section, you must have an admin level access role.

Encrypted private keys are saved on the node. Refer to Notes about Private Keys and Passwords.

Note:  When uploading SSL keys, make sure that you are not creating a duplicate key. Adding a duplicate key can cause errors.

Upload SSL Private Keys

To upload an SSL private key, do the following:

1.   From the device view, select GigaSMART >Passive SSL > Key Store to open the Key Store page shown in Figure 876: SSL Key Store Page.

 

Figure 876: SSL Key Store Page

2. Click Install.

The SSL Key page shown in Figure 877: SSL Key Page displays.

 

Figure 877: SSL Key Page

3. Enter an alias for the SSL key in the Alias field.
4. Select the upload type.
5. Choose the file.

The URL can be downloaded using HTTP, HTTPS, FTP, TFTP, SCP, and SFTP. Using a secure protocol, such as HTTPS is recommended. Only PEM encoded keys are supported.

6. Click Save.

If you choose to use Venafi, Inc. as your Electronic Key Management System (EKMS), ensure that you have the GigaVUE-FM host address and credentials to push the generated key into the selected nodes. For details on pushing keys from Venafi, contact either Venafi or Gigamon customer support.

Deleting an SSL Key

To delete a particular SSL private key, select the key on the SSL Keys page, and then select Delete. To delete all SSL private keys, select multiple keys.

 

Creating an SSL Service

After you have uploaded a private key, you can add a service. A service maps to a physical server, such as an HTTP server. One server can run multiple services. A service is a combination of an IP address and a server port number. Also, the key and the service must be tied together. Refer to Configuring SSL Decryption Examples on page 613 for examples.

Prerequisites

Before creating a service, you must do the following:

Upload a private key as described in Uploading SSL Private Keys
Create GigaSMART Group with SSL Decryption enabled.

To create a service, do the following:

1.   From the device view, select GigaSMART > Passive SSL > SSL Services. The SSL Services page displays as shown in Figure 878: SSL Services Page.

 

Figure 878: SSL Services Page

2. Click New.
3. On the SSL Service configuration page, do the following:
Enter an alias.
Enter the information for the service: IP Address, Server Port.
Select the alias of SSL Key previously uploaded. For the steps, refer to Uploading SSL Private Keys.
Select the GigaSMART Group with SSL decryption enabled to associate with this SSL service.

Figure 879: SSL Service Settings shows an example of an SSL Service.

4. Click OK.

 

Figure 879: SSL Service Settings

Deleting a Service

To delete a particular SSL service select the service on the SSL Services page, and then select Delete. To delete all SSL services, select multiple keys.

Notes about Private Keys and Passwords

Consider the following notes about private keys and passwords:

Encrypted private keys are stored on the node. When a private key is uploaded, it is encrypted with a password before it is stored, therefore keys are password-protected. Keychain passwords are not stored on the node.
Because only encrypted private keys are stored on the node and because the keychain password is not stored on the node, after any node reboot you will be prompted to enter the password. Until the password is entered, out-of-band SSL decryption is not working.
Key content cannot be displayed.
Keys that are synchronized across a cluster are encrypted.

ECODES for Troubleshooting Out-of-Band SSL Decryption

Use the following table of ECODE messages to assist with troubleshooting out-of-band SSL decryption:

 

ECODE

Description

81

TCP flow errors detected. Make sure you see the complete TCP flow. Use the de-duplication GigaSMART operation with out-of-band SSL decryption.

103

Session limit reached. The session table has been exhausted. If the session timeout (session-timeout) value is large, lower it.

104

Key/ticket cache limit reached. The allocated cache entries have been used up. If the timeout (key-cache-timeout or ticket-cache-timeout) value is large, lower it.

206

No server info. A flow has been received for which service-key mapping is not defined.

213

Packets for missed TCP handshake. Packets were received for TCP flows that do not exist. If the device was just started, this should trend down quickly.

218

Unknown SSL version. An SSL handshake processing error occurred. Use the de-duplication GigaSMART operation with out-of-band SSL decryption.

221

Unknown SSL version. An unsupported SSLv2 handshake was seen.

222

Protocol error. An unsupported protocol version was seen.

225

Unsupported cipher. The cipher suite cannot be decrypted.

226

Pre-master secret error. Check that the private key is correct and that the session is complete.

228

Generic decryption error. Usually indicates errors in the handshake. Check that you are getting the full session from both sides.

231

Invalid MAC. Likely indicates that invalid or truncated packets have been received.

232

Session not in cache. Indicates that you are trying to decrypt a restarted session where the original negotiation was not seen.

These should trend down in time, but if they do not, increase the key-cache-timeout value.

237

Cannot decrypt ephemeral key based encryption. One of the Ephemeral/PFS ciphersuites, usually Diffie-Hellman Ephemeral, has been seen. These are not supported.

245

Ticket not in cache. This is usually not an error. Indicates that you are trying to decrypt a restarted session where the original negotiation was not seen. These should trend down in time, but if they do not, increase the ticket-cache-timeout value.

Displaying Out-of-Band SSL Decryption Flow Ops Report

To display the Flow Ops report for out-of-band SSL decryption:

1.   From the device view, select GigaSMART > GigaSMART Groups > Report. The Report page displays as shown in Figure 880: Report Page.

 

Figure 880: Report Page

2. Select report type SSL Decryption and select a GigaSMART group from the drop-down menu.
3. Click Generate. The SSL Decryption Report Summary displays as shown in Figure 881: SSL Decryption Report Summary.

 

Figure 881: SSL Decryption Report Summary

The fields in the SSL Decryption Report Summary are as follows:

Total Session—The total number of out-of-band SSL decryption sessions.
SSL30 Session—The cumulative total number of SSL 3.0 sessions.
TLS10 Session—The cumulative total number of TLS 1.0 sessions.
TLS11 Session—The cumulative total number of TLS 1.1 sessions.
TLS12 Session—The cumulative total number of TLS 1.2 sessions.
Session IDs—The number of concurrent session IDs.
Tickets—The number of current TLS tickets.