Product Documentation

Support for TLS1.2 Signature Hash Algorithm

Apr 21, 2017

The NetScaler appliance is now completely TLS1.2 signature hash extension  compliant. 

In an SSL handshake, a client sends a list of supported signature hash (sighash) algorithms. The client uses the "signature_algorithms" extension to indicate to the server which sighash algorithm pairs may be used in the SSL handshake messages (SKE and CCV).  The "extension_data" field of this extension contains a "supported_signature_algorithms" value in the Client Hello message. The SSL handshake proceeds if the server supports one of these sighash algorithms. If the server does not support any of these algorithms, the connection is dropped. 

Similarly, if a client certificate is requested by the server for client authentication, the Certificate Request message contains a "supported_signature_algorithms" value. The client certificate is selected based on this sighash algorithm.

Note

The NetScaler appliance acts as a server to a client and as a client to the back-end server.

Previously. the appliance supported only RSA-SHA1 and RSA-SHA256 on the frontend, and RSA-MD5, RSA-SHA1, and RSA-SHA256 on the backend. In addition, the VPX appliance supported DSA-SHA1 on the frontend and backend. 

With this enhancement, the MPX/SDX/VPX appliance supports the following sighash combinations. On an SDX appliance, if an SSL chip is assigned to a VPX instance, the cipher support of an MPX appliance applies. Otherwise, the normal cipher support of a VPX instance applies.

  • On a VPX instance:
    • RSA-MD5 
    • RSA-SHA1 
    • RSA-SHA224 
    • RSA-SHA256 
    • RSA-SHA384 
    • RSA-SHA512 
    • DSA-SHA1 
    • DSA-SHA224 
    • DSA-SHA256 
    • DSA-SHA384 
    • DSA-SHA512
  • On an MPX/SDX appliance with N3 chips:
    • RSA-MD5 
    • RSA-SHA1 
    • RSA-SHA224 
    • RSA-SHA256 
    • RSA-SHA384 
    • RSA-SHA512 
    • ECDSA-SHA1 
    • ECDSA-SHA224 
    • ECDSA-SHA256 
    • ECDSA-SHA384 
    • ECDSA-SHA512
  • On an MPX/SDX appliance without N3 chips:
    • RSA-MD5 
    • RSA-SHA1 
    • RSA-SHA224 
    • RSA-SHA256 
    • RSA-SHA384 
    • RSA-SHA512 

By default, all the sighash algorithms are enabled. However, you can enable only a few sighash algorithms by using the following command:

set ssl parameter -sigDigestType <sigDigestType>

Parameters

sigDigestType

Signature digest algorithms supported by the appliance. The platform determines the list of algorithms supported by default.

              On VPX: RSA-MD5 RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-

              SHA512 DSA-SHA1 DSA-SHA224 DSA-SHA256 DSA-SHA384 DSA-SHA512

              On MPX with N3 cards: RSA-MD5 RSA-SHA1 RSA-SHA224 RSA-

              SHA256 RSA-SHA384 RSA-SHA512 ECDSA-SHA1 ECDSA-SHA224 ECDSA-

              SHA256 ECDSA-SHA384 ECDSA-SHA512

              Other MPX Platforms: RSA-MD5 RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-

              SHA512.

Example Copy

set ssl parameter -sigDigestType RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-SHA512

Validating the Peer Certificate

According to RFC 5246, the peer certificate must be signed using one of the sighash algorithms included in the Client Hello extension. To do this, use the strictSigDigestCheck parameter. Depending on the sighash list sent by the client, if you enable strictSigDigestCheck, the appliance returns a certificate signed by one of the sighash algorithms mentioned in the Client Hello extension. If the peer does not have a proper certificate, the connection is dropped. If this parameter is disabled, sighash is not checked in the peer certificate.  

You can configure strict signature digest check on an SSL virtual server and service. If you enable this parameter on an SSL virtual server, the server certificate sent by the server must be signed by one of the sighash algorithms listed in the Client Hello extension . If client authentication is enabled, then the client certificate received by the server must be signed using one of the sighash algorithms listed in the certificate request sent by the server. 

If you enable this parameter on an SSL service, the server certificate received by the client must be signed by one of the sighash algorithms listed in the Client Hello extension. The client certificate must be signed using one of the sighash algorithms listed in the certificate request message.

If default profile is enabled, you can use it to configure strict signature digest check on an SSL virtual server, SSL service, and SSL profile.

To configure strict signature digest check on an SSL virtual server, service, or profile by using the NetScaler command line

At the command prompt, type:

set ssl vserver <vServerName> -strictSigDigestCheck ( ENABLED | DISABLED )

set ssl service <serviceName> -strictSigDigestCheck ( ENABLED | DISABLED )

set ssl profile <name>-strictSigDigestCheck ( ENABLED | DISABLED )

Parameters

strictSigDigestCheck

              Check whether peer entity certificate is signed using one of the signature-hash algorithms supported by the NetScaler appliance.

              Possible values: ENABLED, DISABLED

              Default: DISABLED

Examples Copy

set ssl vserver v1 –strictSigDigestCheck Enabled

set ssl service s1 –strictSigDigestCheck Enabled

set ssl profile p1 –strictSigDigestCheck Enabled

Important

If DH, ECDHE, or ECDSA ciphers are configured on the appliance, the SKE message must be signed using one of the sighash common to the client list and the list configured on the appliance. If there is no common sighash, the connection is dropped.