Xylok Security Suite must only allow the use of DOD Public Key Infrastructure (PKI) established certificate authorities (CAs) for verification of the establishment of protected sessions.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269584	SRG-APP-000427	XYLK-20-000191	SV-269584r1054096_rule	2024-12-13	1

Description
Untrusted CAs can issue certificates, but they may be issued by organizations or individuals that seek to compromise DOD systems or by organizations with insufficient security controls. If the CA used for verifying the certificate is not a DOD-approved CA, trust of this CA has not been established. The DOD will only accept PKI certificates obtained from a DOD-approved internal or external certificate authority. Reliance on CAs for the establishment of secure sessions includes, for example, the use of Transport Layer Security (TLS) certificates. This requirement focuses on communications protection for the Xylok Security Suite session rather than for the network packet. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and Service-Oriented Architectures (SOAs).

Description

Untrusted CAs can issue certificates, but they may be issued by organizations or individuals that seek to compromise DOD systems or by organizations with insufficient security controls. If the CA used for verifying the certificate is not a DOD-approved CA, trust of this CA has not been established. The DOD will only accept PKI certificates obtained from a DOD-approved internal or external certificate authority. Reliance on CAs for the establishment of secure sessions includes, for example, the use of Transport Layer Security (TLS) certificates. This requirement focuses on communications protection for the Xylok Security Suite session rather than for the network packet. This requirement applies to applications that use communications sessions. This includes, but is not limited to, web-based applications and Service-Oriented Architectures (SOAs).

ℹ️ Check
Verify that the certificate Xylok uses for SSL is correctly signed with the following command. In this command, replace "xylok.local" with the domain named used to access the Xylok instance. $ openssl s_client -showcerts -servername xylok.local -connect xylok.local:443 </dev/null CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = E5 verify return:1 depth=0 CN = xylok.local verify return:1 --- Certificate chain 0 s:CN = xylok.local i:C = US, O = Let's Encrypt, CN = E5 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384 v:NotBefore: Jun 12 16:44:03 2024 GMT; NotAfter: Sep 10 16:44:02 2024 GMT -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = E5 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- --- Server certificate subject=CN = xylok.local issuer=C = US, O = Let's Encrypt, CN = E5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 2367 bytes and written 380 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_128_GCM_SHA256 Session-ID: E03F9C6A59BD7375CF86B43387C63F9BBD16EAA2A9970E64F70E20317D403D22 Session-ID-ctx: Resumption PSK: 15BFB16AF236A045FE9F5A0F64834A1B3EA76EE4185936D83560BAE940D01FF4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 604800 (seconds) TLS session ticket: 0000 - d4 7d 77 f4 01 dd ba 65-57 59 76 e0 ab 8a 75 63 .}w....eWYv...uc 0010 - 19 6e cf 1b 44 db 35 c5-27 6b d8 b8 39 76 10 47 .n..D.5.'k..9v.G 0020 - f1 75 a5 4b 3a fb 2b 82-b9 f7 3c c5 7f 82 41 d0 .u.K:.+...<...A. 0030 - 3d 40 f1 f4 0d ef 8e 55-ee 2f 09 4b 96 d9 16 5a =@.....U./.K...Z 0040 - f2 7d cb af bd 55 4b f9-c8 2d 0d 8f 39 16 af 8c .}...UK..-..9... 0050 - 71 df 92 cc d1 1a ed 5d-71 eb a3 7f f0 8b 65 8c q......]q.....e. 0060 - 5b 16 18 0c 61 b2 cc c7-4b [...a...K Start Time: 1719438481 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK DONE If the output indicates a "verify error", Xylok is using a self-signed certificate and this is a finding. If the first certificate displayed is not a DOD-approved CA or other approved authority, this is a finding.

ℹ️ Check

Verify that the certificate Xylok uses for SSL is correctly signed with the following command. In this command, replace "xylok.local" with the domain named used to access the Xylok instance. $ openssl s_client -showcerts -servername xylok.local -connect xylok.local:443 </dev/null CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = E5 verify return:1 depth=0 CN = xylok.local verify return:1 --- Certificate chain 0 s:CN = xylok.local i:C = US, O = Let's Encrypt, CN = E5 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384 v:NotBefore: Jun 12 16:44:03 2024 GMT; NotAfter: Sep 10 16:44:02 2024 GMT -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = E5 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- --- Server certificate subject=CN = xylok.local issuer=C = US, O = Let's Encrypt, CN = E5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 2367 bytes and written 380 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 256 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_128_GCM_SHA256 Session-ID: E03F9C6A59BD7375CF86B43387C63F9BBD16EAA2A9970E64F70E20317D403D22 Session-ID-ctx: Resumption PSK: 15BFB16AF236A045FE9F5A0F64834A1B3EA76EE4185936D83560BAE940D01FF4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 604800 (seconds) TLS session ticket: 0000 - d4 7d 77 f4 01 dd ba 65-57 59 76 e0 ab 8a 75 63 .}w....eWYv...uc 0010 - 19 6e cf 1b 44 db 35 c5-27 6b d8 b8 39 76 10 47 .n..D.5.'k..9v.G 0020 - f1 75 a5 4b 3a fb 2b 82-b9 f7 3c c5 7f 82 41 d0 .u.K:.+...<...A. 0030 - 3d 40 f1 f4 0d ef 8e 55-ee 2f 09 4b 96 d9 16 5a =@.....U./.K...Z 0040 - f2 7d cb af bd 55 4b f9-c8 2d 0d 8f 39 16 af 8c .}...UK..-..9... 0050 - 71 df 92 cc d1 1a ed 5d-71 eb a3 7f f0 8b 65 8c q......]q.....e. 0060 - 5b 16 18 0c 61 b2 cc c7-4b [...a...K Start Time: 1719438481 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK DONE If the output indicates a "verify error", Xylok is using a self-signed certificate and this is a finding. If the first certificate displayed is not a DOD-approved CA or other approved authority, this is a finding.

✔️ Fix
Generate or acquire certificates from DOD PKI (or other approved source). Remove all files in /opt/xylok/certs. Place new certificate in PEM format at /opt/xylok/certs/cert.crt. Place new private key in PEM format at /opt/xylok/certs/key.key. Restart Xylok: systemctl restart xylok