Perfect Forward Secrecy (PFS) is a method of key exchange that when used in combination with encryption protocols – like TLS 1.2 – helps prevent an attacker from decrypting all network sessions between a client and server.
Note: Security standards organizations and entities strongly recommend the use of TLS 1.2 or later utilizing only PFS capable crypto suites. Infact, the German agency for Security in IT (BSI) mandates TLS 1.2 + w/ PFS for government agencies.
PFS requires that during the key exchange portion between a client and server a unique key be used for each session during network communication. This is done to prevent an attacker who has already decrypted a single network session from decrypting all network sessions between the client and server.
ONTAP can be configured to utilize only cipher suites that follow the key exchange principles of PFS. When configuring ONTAP to utilize these cipher suites, you can ensure that a single session key being compromised will not directly lead to all network sessions between the client and server being compromised.
For example, assume a situation where an attacker utilizing a “man in the middle attack” has recorded several previous network sessions, and then is able to successfully compromise the server’s private key. In this scenario, if a PFS cipher suite was employed, then all prior recorded network sessions are still protected as they would have used different keys. The attacker would still need to attempt to decrypt each and every individual session before they could gain access to the prior sessions' data.
By default, ONTAP does not require that only PFS capable ciphers are used. However, the ONTAP cluster can be configured to only allow key exchanges that utilize PFS. The steps to configure this are described in the procedure below.
From the advanced privilege level use the command “security config modify” to enable only the DHE and ECDHE ciphers which support PFS.
Note: Before changing the SSL interface configuration, it is important to remember that the client must support the cipher’s mentioned (DHE, ECDHE) when connecting to ONTAP. Otherwise the connection will not be allowed.
Cluster01::*> security config modify -interface SSL -supported-ciphers PSK:DHE:ECDHE:!LOW:!aNULL:!EXP:!eNULL:!3DES:!kDH:!kECDH
Note: It is important to include PSK as a supported cipher and not remove it. Starting in ONTAP 9.5 PSK is required for cluster peering to work. See Bug 1222233 for more information.