In this second half of SSL endpoint vulnerabilities, we look into the remaining vulnerabilities that were not covered from Part 1: SSL Endpoint Vulnerabilities. This post will be useful for administrators looking to find a solution while configuring SSL endpoints using DigiCert Certificate Inspector or Qualys Server Test Tool.
(1)Insecure TLS Renegotiation
The TLS Renegotiation attack exploits the TLS’s renegotiation feature – a feature that allows a client and server with TLS connection to negotiate new parameters – by initiating a renegotiation between hackers and the server. On the client end, operations continue presuming connection is still in the negotiation phase.
– Use the latest SSL/TLS protocols on servers.
– Disable renegotiations
(2)Weak Diffie-Hellman and the Logjam Attack
The Logjam attack allows attackers to downgrade weak SSL/TLS connections to 512-bit export grade cryptography and read/modify any data passed over the connection. For servers with DHE_EXPORT enabled ciphers, they are vulnerable to the Logjam Attack.
1. Use DigiCert Certificate Inspector or Qualys SSL Server Test Tool to scan for vulnerable servers and to see a list of enabled ciphers
2. Disable all DHE_EXPORT cipher suites on your servers
3. Generate a strong, min 2048-bits Diffie-Hellman Parameter
1.Update browsers to the latest version
(3)RC4 Cipher Enabled
Because of the BEAST attack in 2011, the solution to prevent BEAST was to enable TLS 1.1 and 1.2 on browsers and servers. However, not all servers support TLS 1.1 and 1.2. As a result, the workaround involves prioritizing RC4 ciphers over block chain ciphers; RC4 is easy to implement resulting in the widespread of use.
But in 2014, researchers discovered that RC4 enabled ciphers allow attacks to use a browser to enable numerous connections while watching and recording traffic of connections. This attack is currently theoretical however CAs are recommending to disable RC4.
– Enable TLS 1.2 for servers that support and switch to AEAD cipher suites (AES-GCM)
– Enable TLS 1.2 in browsers that support TLS 1.2
– Disable all RC4 cipher suites for servers that do not support TLS 1.2
(4) SSL 2.0 Protocol Enabled
SSL 2.0 is an outdated protocol and has many known security flaws, which resulted in the development of SSL 3.0.
– Disable SSL 2.0 and enable TLS 1.0, 1.1 and 1.2
(5) SSL 3.0 Protocol Enabled
SSL 3.0 protocol is vulnerable to an attack called ‘Padding Oracle On Downgrading Legacy Encryption’ – POODLE. Attackers can intercept https connections and calculate plaintext of intercepted connections.
– Disable SSL 3.0 and enable TLS 1.0, 1.1 and 1.2
(6) Weak Cipher Suites
A cipher suite is a combination of encryption, authentication, message authentication code and key exchange algorithms used to negotiate security settings for a connection with TLS/SSL protocol.
How secure connection works:
1.TLS/SSL handshake take place
2.Client sends a list of supported cipher suites in order of preference
3.Server responds by selecting support cipher suites from list
4.Secure network connection established
Using weak cipher suites would expose servers to MITM attacks.
– Enable TLS 1.1 and 1.2 on servers that support TLS 1.1 and 1.2
– Enable TLS 1.1 and 1.2 in web browsers that support TLS 1.1 and 1.2
– For servers that do not support TLS 1.1 and 1.2, disable all block-based cipher suites
Don’t Stop Once
This concludes the vulnerabilities for SSL endpoints. In total, there are 11 well-known risks (including Part 1) concerning SSL/TLS. Though some may be theoretical, it is best to disable them for better security.
Meanwhile, for administrators new at SSL, this is only the start of SSL management. SSL protocols, technologies, and vulnerabilities are updated frequently thus, checks and updates should be done at regular intervals. Try using DigiCert Certificate Inspector tool to inspect your server and certificate once every quarter to stay abreast of changes and new fixes.