Information
The REST API should only be accessed using HTTPS with secure Cipher Suites.
Rationale:
The JUNOS REST API can be configured for access using either HTTP or HTTPS for connections.
When configured to use HTTPS, the device supports a wide range of Cipher Suites which define the Encryption, Hashing and Key Exchange methods and algorithms. By default, in the interests of compatibility, this includes support for a number of older, weaker algorithms such as RC4 Encryption or MD5 Hashing, which are no longer considered suitable for protecting sensitive data or device management.
In Secure Environments, the REST API HTTPS Service should be configured to accept only Cipher Suites listed in the National Security Agencies Suite B Standards.
Suite B standards for Cryptographic functions are developed and distributed by the US National Security Agency as part of Cryptographic Modernization Program for protection of US Government data, both unclassified and classified (to Secret). The Suite B Profile for Transport Layer Security (TLS) is set in RFC6460 and specifies two acceptable Profiles using ECDH with standard NIST Elliptic Curves, AES in Galois Counter Mode and SHA2.
Impact:
REST API Management may be lost if the Network Management System or Hosts do not support the secure Cipher Suites.
Solution
To restrict the Cipher Suites used REST over HTTPS, enter the following command from the [edit system services rest] hierarchy:
[edit system services rest]
user@host# set https cipher-list [ ecdhe-rsa-with-aes-128-gcm-SHA256 ecdhe-rsa-with-aes-256-gcm-SHA384 ]
Either Cipher Suite may be omitted, but at least one of these Cipher Suites must be set. No other Cipher Suites may be used.
Default Value:
By default the REST API is disabled. When the REST API HTTPS Service is enabled, all Cipher Suites (including those with RC4 and insecure ciphers) are accepted, except for JUNOS FIPS mode, which supports only rsa-with-aes-256-gcm-SHA384, dhe-rsa-with-aes-128-gcm-SHA256, dhe-rsa-with-aes-256-gcm-SHA384, ecdhe-rsa-with-aes-128-gcm and ecdhe-rsa-with-aes-256-gcm.