Re: HPE FlexFabric 5700 - Disabling SSL ciphers

Hi @Support_PenB !

Did you have a chance to analyze TLS 'Client Hello' and 'Server Hello' messages to see what ciphers your browser declares as proposed and what cipher the switch advertises? Check both working and non-working scenarios. There is a useful display filter in Wireshark 'tls.handshake' that can help you filtering out those two packets. If any doubts, share the filtered capture here, I'll check. My suspicion is that when it works, both client (browser) and server agree on rsa_rc4_128_md5 but when you exclude it they can't negotiate anything compatible. Which is definitely strange taking into account how many various ciphers you have in that SSL policy... 

BTW, have you tried that policy without 'ssl version ssl3.0 tls1.0 tls1.1 disable'? Like to allow all TLS versions, but with ciphers you choose?

I have tried with SSL 3.0, TLS 1.0, and TLS 1.1 enabled AND the specific ciphersuites, but the result is the same ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

I enabled SSL 3.0, TLS 1.0, TLS 1.1:

undo ssl version ssl3.0 disable
undo ssl version tls1.0 disable
undo ssl version tls1.1 disable
undo ip https enable
ip https enable

Without setting a specific ciphersuite.

Testing with nmap v7.70 from a CentOS 8 host with command:

nmap -sV --script ssl-enum-ciphers -p 443 switch2.domain.local

Shows a very limited cipher set:

|_http-server-header: HTTPD
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       CBC-mode cipher in SSLv3 (CVE-2014-3566)
|       Ciphersuite uses MD5 for message integrity
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|   TLSv1.1:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|_  least strength: C

Same with sslyze (https://github.com/nabla-c0d3/sslyze) 4.1.0 from a Windows Server 2019 server:

 SCAN RESULTS FOR SWITCH2.DOMAIN.LOCAL:443 - 10.10.10.10
 -------------------------------------------------------------

 * Deflate Compression:
                                          OK - Compression disabled

 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed

 * OpenSSL CCS Injection:
                                          OK - Not vulnerable to OpenSSL CCS injection

 * TLS 1.2 Cipher Suites:
     Attempted to connect using 156 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_RC4_128_SHA                          128
        TLS_RSA_WITH_RC4_128_MD5                          128
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    INSECURE - Not Supported
       Legacy RC4 Algorithm               INSECURE - Supported


 * ROBOT Attack:
                                          OK - Not vulnerable.

 * Session Renegotiation:
       Client Renegotiation DoS Attack:   VULNERABLE - Server honors client-initiated renegotiations
       Secure Renegotiation:              OK - Supported

 * TLS 1.2 Session Resumption Support:
      With Session IDs: NOT SUPPORTED (0 successful resumptions out of 5 attempts).
      With TLS Tickets: OK - Supported.

 * SSL 3.0 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_RC4_128_SHA                          128
        TLS_RSA_WITH_RC4_128_MD5                          128
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    INSECURE - Not Supported
       Legacy RC4 Algorithm               INSECURE - Supported


 * Certificates Information:
       Hostname sent for SNI:             switch2.domain.local
       Number of certificates detected:   1


     Certificate #0 ( _RSAPublicKey )
       SHA1 Fingerprint:                  88c43163b01d2e0d8fddc44320ee967e6f2077d8
       Common Name:                       HTTPS-Self-Signed-Certificate-ba0115a4076d6ffc
       Issuer:                            HTTPS-Self-Signed-Certificate-ba0115a4076d6ffc
       Serial Number:                     0
       Not Before:                        2011-01-01
       Not After:                         2030-12-27
       Public Key Algorithm:              _RSAPublicKey
       Signature Algorithm:               sha256
       Key Size:                          2048
       Exponent:                          65537
       DNS Subject Alternative Names:     []

     Certificate #0 - Trust
       Hostname Validation:               FAILED - Certificate does NOT match server hostname
       Android CA Store (9.0.0_r9):       FAILED - Certificate is NOT Trusted: self signed certificate
       Apple CA Store (iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14):FAILED - Certificate is NOT Trusted: self signed certificate
       Java CA Store (jdk-13.0.2):        FAILED - Certificate is NOT Trusted: self signed certificate
       Mozilla CA Store (2021-01-24):     FAILED - Certificate is NOT Trusted: self signed certificate
       Windows CA Store (2021-02-08):     FAILED - Certificate is NOT Trusted: self signed certificate
       Symantec 2018 Deprecation:         ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain:                    HTTPS-Self-Signed-Certificate-ba0115a4076d6ffc
       Verified Chain:                    ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain Contains Anchor:    ERROR - Could not build verified chain (certificate untrusted?)
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      ERROR - Could not build verified chain (certificate untrusted?)

     Certificate #0 - Extensions
       OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
       Certificate Transparency:          NOT SUPPORTED - Extension not found

     Certificate #0 - OCSP Stapling
                                          NOT SUPPORTED - Server did not send back an OCSP response

 * SSL 2.0 Cipher Suites:
     Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

 * TLS 1.0 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_RC4_128_SHA                          128
        TLS_RSA_WITH_RC4_128_MD5                          128
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    INSECURE - Not Supported
       Legacy RC4 Algorithm               INSECURE - Supported


 * TLS 1.3 Cipher Suites:
     Attempted to connect using 5 cipher suites; the server rejected all cipher suites.

 * Elliptic Curve Key Exchange:
     The server does not support cipher suites with ECDH key exchanges.

 * TLS 1.1 Cipher Suites:
     Attempted to connect using 80 cipher suites.

     The server accepted the following 5 cipher suites:
        TLS_RSA_WITH_RC4_128_SHA                          128
        TLS_RSA_WITH_RC4_128_MD5                          128
        TLS_RSA_WITH_AES_256_CBC_SHA                      256
        TLS_RSA_WITH_AES_128_CBC_SHA                      128
        TLS_RSA_WITH_3DES_EDE_CBC_SHA                     168

     The group of cipher suites supported by the server has the following properties:
       Forward Secrecy                    INSECURE - Not Supported
       Legacy RC4 Algorithm               INSECURE - Supported


 * Downgrade Attacks:
       TLS_FALLBACK_SCSV:                 OK - Supported


 SCAN COMPLETED IN 9.10 S
 ------------------------

According to the Security tab in the Developer Tools in the Edge browser it connected with:

The connection to this site is encrypted and authenticated using TLS 1.2, RSA, and AES_128_CBC with HMAC-SHA1.

Now to apply my ciphersuite:

ssl server-policy "specific-ciphersuites"
ciphersuite dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_128_cbc_sha256 dhe_rsa_aes_256_cbc_sha dhe_rsa_aes_256_cbc_sha256 ecdhe_ecdsa_aes_128_cbc_sha256 ecdhe_ecdsa_aes_128_gcm_sha256 ecdhe_ecdsa_aes_256_cbc_sha384 ecdhe_ecdsa_aes_256_gcm_sha384 ecdhe_rsa_aes_128_cbc_sha256 ecdhe_rsa_aes_128_gcm_sha256 ecdhe_rsa_aes_256_cbc_sha384 ecdhe_rsa_aes_256_gcm_sha384 rsa_aes_128_cbc_sha rsa_aes_128_cbc_sha256 rsa_aes_256_cbc_sha rsa_aes_256_cbc_sha256
quit
undo ip https enable
ip https ssl-server-policy "specific-ciphersuites"
ip https enable

Edge now shows the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

The nmap test with the same command now shows only an open port:

Starting Nmap 7.70 ( https://nmap.org ) at 2021-09-09 14:47 CEST
Nmap scan report for switch2.domain.local (10.10.10.10)
Host is up (0.0010s latency).

PORT    STATE SERVICE    VERSION
443/tcp open  ssl/https?

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.95 seconds

sslyze shows that it cannot connect:

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   switch2.domain.local:443                       => ERROR: Probing failed: could not find a TLS version and cipher suite supported by the server; discarding scan.




 SCAN COMPLETED IN 0.13 S
 ------------------------

It seems that when the SSL policy is applied the server rejects the connection because it can't find anything compatible among ciphers advertised by your browser or testing tools in their 'Client Hello' message. But I highly doubt it is the real cause. It is more like the server incorrectly processes the SSL policy, since rsa_aes_128_cbc_sha is in the policy and it's known to be acceptable cipher.

Not sure if it has anything to do with your issue, but I have just found that 5700 does not officially support Web GUI. And while 'ip http' and 'ip https' commands are still in the CLI, they are not mentioned in the Command Reference Guides for this platform and HPE doesn't guarantee they will work. To me your configuration seems absolutely correct, so my guess is that SSL policy support doesn't work for the Web GUI server (ip https), but works only for FTPS and portal Web server. At least according the 5700's guides these two are the only features that support SSL server-policy.

I can't find mention of "ip http" or "ip https" in any of the guides for the 5700 at https://support.hpe.com/connect/s/product?language=en_US&ismnp=1&l5oid=7268889&kmpmoid=1008635527&productNumber=JG896A&cep=on#t=All.

That would mean the web interface was never supported on 5700 series switches? Weird.

So that would mean that the only way to disable ciphers on the web server on a 5700 series switch is to either disable the web server or enable FIPS mode.

Assuming that the web server would even work after enabling FIPS mode as the web server is not officially supported on an 5700 serie switch as it is not mentioned in any manual for the 5700.