But as our solution is being extend by new and more sophisticated network devices it is still important to understand and maintain the low level security parameters for the network protocols. When I mean low level I mean the low level details of the TLS/SSL network protocols that are being used when using HTTPS for example.
Problem
Is that secure or recommended to enable and support DES or IDEA ciphers in application or SSL-offloading load balancers?
Analysis and results discussion
According to RFC 5469 IDEA and DES should not be used any more. The reasons are listed in the RFC.
To verify if your server responds to clients using these ciphers you can try:
# (1)
# openssl s_client -connect server_ip:443 -cipher DES-CBC-SHA -ssl3
# or
# (2)
# openssl s_client -connect server_ip:443 -cipher DES-CBC-SHA -tls1
# or
# (3)
# openssl s_client -connect server_ip:443 -cipher DES-CBC-SHA
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICATCCAWoCCQCxkFtlc6Bd0TANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMB4XDTE0MDExMjIxMzMwN1oXDTE1MDExMjIxMzMwN1owRTELMAkG
A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtVtD
BfrmHU/T9m4xvvlP7+J4zJ2BYFY8QfSvQ1tyQw+BwvPyh9zyzgd0Zw4iOa6ThlQ3
GTr7e3FMQooMWpK0XXTYKbbWGqyVfnkcwmWjapJxOv8OaXlDS5TIc7MursFXp16e
oOjvpyuddX2gilQLiO6n1b6vyKsFfPW0eoPPmf8CAwEAATANBgkqhkiG9w0BAQUF
AAOBgQBGd8xD6ZINxy8Vf1jFrX+4EyPEL3+DkAU4lInd83kIuDd8i2fzia4YOfKh
JB3/ML8kLGLMh6R0WpHbaoGQvNM5qn7GdFL+DDBvXqlyZtIrfKamx+s5GxUiP0SV
5miO9Oh1mkxhXUqaVHaJR0DeTYEAuA0dc1lMoJlPoSMedlgJBg==
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 710 bytes and written 273 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : SSLv3
Cipher : DES-CBC-SHA
Session-ID: A5568C18EFB2DA77B729A247EA8E605BEBC4DF478129357D002C26DFA89F96C7
Session-ID-ctx:
Master-Key: F9CDF6CD91F3E4F5117758104906C779E18493062397EFFE7E4C518F0894398A01D969D5EE07804ED436A24444CD92FA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Compression: 1 (zlib compression)
Start Time: 1389565902
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
An example output from the (3) showing that the server supports the legacy and depreciated ciphers.
# ssldump -A -n -i lo port 443
New TCP connection #1: 127.0.0.1(50211) <-> 127.0.0.1(443)
1 1 0.0007 (0.0007) C>SV3.1(59) Handshake
ClientHello
Version 3.2
random[32]=
52 d3 18 25 a9 86 1c 58 ff f0 90 ca fe ba f8 eb
c8 23 46 fd 5b 7a 4a aa 51 c2 37 40 6a 8b dc 01
cipher suites
TLS_RSA_WITH_DES_CBC_SHA
Unknown value 0xff
compression methods
unknown value
NULL
1 2 0.0010 (0.0003) S>CV3.2(58) Handshake
ServerHello
Version 3.2
random[32]=
52 d3 18 25 95 9c 3e 34 80 d8 00 3d fe 02 8f bf
3c 1a 72 5d d1 4f 30 8c 6c 3b fa 64 0e 82 1c 6c
session_id[0]=
cipherSuite TLS_RSA_WITH_DES_CBC_SHA
compressionMethod unknown value
1 3 0.0021 (0.0011) S>CV3.2(527) Handshake
Certificate
certificate[517]=
30 82 02 01 30 82 01 6a 02 09 00 b1 90 5b 65 73
a0 5d d1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05
05 00 30 45 31 0b 30 09 06 03 55 04 06 13 02 41
55 31 13 30 11 06 03 55 04 08 0c 0a 53 6f 6d 65
2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 0c
18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74
73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 34 30
31 31 32 32 31 33 33 30 37 5a 17 0d 31 35 30 31
31 32 32 31 33 33 30 37 5a 30 45 31 0b 30 09 06
03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 04
08 0c 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30
1f 06 03 55 04 0a 0c 18 49 6e 74 65 72 6e 65 74
20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64
30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01
05 00 03 81 8d 00 30 81 89 02 81 81 00 b5 5b 43
05 fa e6 1d 4f d3 f6 6e 31 be f9 4f ef e2 78 cc
9d 81 60 56 3c 41 f4 af 43 5b 72 43 0f 81 c2 f3
f2 87 dc f2 ce 07 74 67 0e 22 39 ae 93 86 54 37
19 3a fb 7b 71 4c 42 8a 0c 5a 92 b4 5d 74 d8 29
b6 d6 1a ac 95 7e 79 1c c2 65 a3 6a 92 71 3a ff
0e 69 79 43 4b 94 c8 73 b3 2e ae c1 57 a7 5e 9e
a0 e8 ef a7 2b 9d 75 7d a0 8a 54 0b 88 ee a7 d5
be af c8 ab 05 7c f5 b4 7a 83 cf 99 ff 02 03 01
00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
00 03 81 81 00 46 77 cc 43 e9 92 0d c7 2f 15 7f
58 c5 ad 7f b8 13 23 c4 2f 7f 83 90 05 38 94 89
dd f3 79 08 b8 37 7c 8b 67 f3 89 ae 18 39 f2 a1
24 1d ff 30 bf 24 2c 62 cc 87 a4 74 5a 91 db 6a
81 90 bc d3 39 aa 7e c6 74 52 fe 0c 30 6f 5e a9
72 66 d2 2b 7c a6 a6 c7 eb 39 1b 15 22 3f 44 95
e6 68 8e f4 e8 75 9a 4c 61 5d 4a 9a 54 76 89 47
40 de 4d 81 00 b8 0d 1d 73 59 4c a0 99 4f a1 23
1e 76 58 09 06
1 4 0.0021 (0.0000) S>CV3.2(4) Handshake
ServerHelloDone
1 5 0.0085 (0.0063) C>SV3.2(134) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[128]=
71 83 c8 f4 af ab be 5e a6 e0 ec 06 ab 14 be e3
41 25 5f f9 9e b3 29 a1 a5 1a a9 25 8d c8 1e 3d
f2 06 3b 50 68 58 ca 1b bf 9b 1a e5 3f 4d c7 f5
43 67 93 a1 fc f8 16 9e 35 24 7f a6 4c ad 9b 0f
c4 db 6e a8 3d 97 5e 5f 96 0f 40 7b a3 42 62 e4
7c 07 f9 65 97 a4 52 1a 30 cc 11 d6 43 06 7d 85
4b e9 d5 1e 2e af 9a bd 90 cd 4d 6e aa 9e 00 29
07 12 cd 96 bd 59 ca 5c dc a3 88 00 53 6e 8f ec
1 6 0.0085 (0.0000) C>SV3.2(1) ChangeCipherSpec
1 7 0.0085 (0.0000) C>SV3.2(56) Handshake
1 8 0.0099 (0.0014) S>CV3.2(170) Handshake
TLS_RSA_WITH_RC4_128_MD51 9 0.0476 (0.0376) S>CV3.2(1) ChangeCipherSpec
1 10 0.0476 (0.0000) S>CV3.2(56) Handshake
1 0.7913 (0.7436) C>S TCP FIN
1 0.7917 (0.0004) S>C TCP FIN
Output proving the ciphers are not supported.
# ssldump -A -n -i eth0 port 443 and host 31.222.129.61
New TCP connection #1: 162.13.0.27(34228) <-> 31.222.129.61(443)
1 1 0.0017 (0.0017) C>SV3.1(59) Handshake
ClientHello
Version 3.2
random[32]=
52 d3 19 53 c5 78 4c 06 8c e7 fc 47 a1 92 ec a4
90 63 ca a2 6e a5 7e 58 bb 72 9b a1 be c1 84 3a
cipher suites
TLS_RSA_WITH_DES_CBC_SHA
Unknown value 0xff
compression methods
unknown value
NULL
1 2 0.0021 (0.0003) S>CV3.1(2) Alert
level fatal
value handshake_failure
1 0.0021 (0.0000) S>C TCP FIN
1 0.0044 (0.0022) C>S TCP FIN
# openssl s_client -connect 31.222.129.61:443 -state -msg -cipher DES-CBC-SHA
CONNECTED(00000003)
SSL_connect:before/connect initialization
>>> TLS 1.1 [length 003b]
01 00 00 37 03 02 52 d3 19 53 c5 78 4c 06 8c e7
fc 47 a1 92 ec a4 90 63 ca a2 6e a5 7e 58 bb 72
9b a1 be c1 84 3a 00 00 04 00 09 00 ff 02 01 00
00 09 00 23 00 00 00 0f 00 01 01
SSL_connect:unknown state
SSL3 alert read:fatal:handshake failure
<<< TLS 1.0 Alert [length 0002], fatal handshake_failure
02 28
SSL_connect:error in unknown state
139646822749888:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 64 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
References
DES and IDEA Cipher Suites for Transport Layer Security (TLS)
http://www.ietf.org/rfc/rfc5469.txt
The TLS Protocol, Version 1.0
http://www.ietf.org/rfc/rfc2246.txt
The Transport Layer Security (TLS) Protocol, Version 1.2
http://tools.ietf.org/html/rfc5246.txt
Posts
No comments:
Post a Comment