Monday, June 26, 2006

SSL Server - Weak Encryption Vulnerability

You may want to ensure that your server is configured to disallow weak encryption. The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The consequenses of allowing low encryption suppor may allow an attacker to exploit this vulnerability to decrypt secure communications without authorization.

SSL encryption ciphers are classified based on encryption key length:

HIGH - key length larger than 128 bits
MEDIUM - key length equal to 128 bits
LOW - key length smaller than 128 bits

Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security. Messages encrypted with LOW encryption ciphers are easy to decrypt.

Although weak cipher support may be available at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This
vulnerability may not be exploitable for such configurations.

Here's how to disable low encryption ciphers on some common web servers:

Apache

Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the
following lines:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Apache/apache_ssl include the following line in the configuration file
(httpsd.conf):

SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Tomcat
sslProtocol="SSLv3" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"