Restrict TLS cipher suites to approved algorithms only.
389-NS-003 - severity: high
| Field | Value |
|---|---|
| Control ID | 389-NS-003 |
| Severity | high |
| Type | preventive |
| Owner | IT Operations |
| Status | authored |
| NIST 800-53 | SC-13, SC-8(1) |
| DISA SRG | SRG-APP-000439, SRG-APP-000179 |
Rationale¶
Enforcing a minimum TLS protocol version is necessary but not sufficient:
weak and legacy cipher suites - including export-grade, RC4, NULL, DES, and
anonymous variants - can still be negotiated on TLS 1.2 connections, allowing
an attacker with passive or active network access to decrypt session content or
forge authentication material. 389 Directory Server exposes cipher selection
through its NSS layer and the allow-insecure-ciphers flag, which defaults
permissively in some deployments. Without an explicit approved-cipher policy,
client-server negotiation may select a vulnerable suite even when modern
protocol versions are required. Restricting the cipher list to strong AEAD
constructions (AES-GCM, ChaCha20-Poly1305) eliminates entire classes of
cryptanalytic attacks including BEAST, LUCKY13, and 3DES sweet32. This control
satisfies the cryptographic-mechanism requirements of NIST SP 800-53 SC-13 and
SC-8(1), and is assessed by DISA SRG-APP-000439 and SRG-APP-000179.
Check¶
Confirm insecure/weak ciphers are disallowed and review the enabled cipher list.
dsconf <instance> security get | grep -Ei 'insecure|weak'
dsconf <instance> security ciphers list --enabled
Remediation¶
Disallow insecure ciphers and weak DH parameters, pin a strong cipher list, then restart.
dsconf <instance> security set --allow-insecure-ciphers=off --allow-weak-dh-param=off
dsconf <instance> security ciphers set -- "-all,+TLS_AES_256_GCM_SHA384,+TLS_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
dsctl <instance> restart
References¶
Implementation Notes¶
The correct flag in 389DS 2.x is --allow-insecure-ciphers (not
allowWeakCipher, which is a legacy 1.x attribute). The security ciphers set
command takes an nsSSL3Ciphers-style string (-all,+<NAME>); the leading --
prevents the shell and argparse from treating -all as a command-line option.
Exact cipher names are NSS- and version-dependent - verify available names with
dsconf <instance> security ciphers list --supported and
dsconf <instance> security ciphers --help before applying changes in
production. A server restart is required after modifying the cipher
configuration.