And then there is the ars technica article on the breach at the infamous organization "The Hacking Team" . Here is a disturbing paragraph from the article:
******************************************
Still another document boasts of Hacking Team's ability to bypass certificate pinning and the HTTP strict transport security mechanisms that are designed to make HTTPS website encryption more reliable and secure. "Our solution is the only way to intercept TOR traffic at the moment," the undated PowerPoint presentation went on to say.
******************************************
For a network engineer there is also the problem that Firefox and Chrome are going to stop allowing you to go to servers with weak security. Here is a screen shot of the message I received in Firefox 39 this morning when I tried to log into my Cisco ISE server:
Firefox 39 connecting to Cisco ISE 1.2 |
I put the message into Google and found this on the Firefox support site:
It makes you wish you had an easy way to know what cipher suites a server can provide! Well lucky for us there is a project on Github called Cipherscan that does just that! They created a customized version of OpenSSL and a script for Linux. You just download the custom OpenSSL package, install it in a private directory, save the script to the apps directory and execute the script. It's that easy and in my opinion it is a great tool to have in your toolbox, a big thank you to the developers!
*********************************************
From the cipherscan readme file:
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL
and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.
Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for
Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating
system (which may have limited ciphers support), or your own version provided in the -o command line flag.
*********************************************
Script Output
I have been running the script against a lot of different servers and the results are interesting.For example, here is the output from my ISE server:
root@kali:~/Desktop/openssl/apps# ./cipherscan 192.168.10.21
......
Target: 192.168.10.21:443
prio | ciphersuite | protocols | pfs | curves |
---|---|---|---|---|
1 | DHE-RSA-AES256-SHA | SSLv3,TLSv1 | DH,768bits | None |
2 | AES256-SHA | SSLv3,TLSv1 | None | None |
3 | DHE-RSA-AES128-SHA | SSLv3,TLSv1 | DH,768bits | None |
4 | AES128-SHA | SSLv3,TLSv1 | None | None |
5 | DES-CBC3-SHA | SSLv3,TLSv1 | None | None |
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client
You can see that the Diffe-Hellman Ephemeral key is only 768 bits.
Then I ran it on an HP officeJet pro 8600. Firefox 39 will open this page because the printer doesn't offer a weak Diffe-Hellman Ephemeral key but the Calomel SSL extension turns red.
If you aren't running the Calomel extension for Firefox I highly recommend it. Calomel checks the certificate on every site and gives you a Red, Yellow or Green shield depending on the strength of the certificate. See the "References" section below for their site. They have a lot of good information about SSL on their site.
root@kali:~/Desktop/openssl/apps# ./cipherscan 192.168.10.239
.......
Target: 192.168.10.239:443
prio | ciphersuite | protocols | pfs | curves |
---|---|---|---|---|
1 | AES256-SHA | SSLv3,TLSv1 | None | None |
2 | AES128-SHA | SSLv3,TLSv1 | None | None |
3 | RC4-SHA | SSLv3,TLSv1 | None | None |
4 | RC4-MD5 | SSLv3,TLSv1 | None | None |
5 | DES-CBC3-SHA | SSLv3,TLSv1 | None | None |
6 | DES-CBC-SHA | SSLv3,TLSv1 | None | None |
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client
Here is the output from https://mail.google.com.
root@kali:~/Desktop/openssl/apps# ./cipherscan mail.google.com
...................
Target: mail.google.com:443
prio | ciphersuite | protocols | pfs | curves |
---|---|---|---|---|
1 | ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
2 | ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
3 | ECDHE-RSA-AES128-SHA | TLSv1.1,TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
4 | ECDHE-RSA-RC4-SHA | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
5 | AES128-GCM-SHA256 | TLSv1.2 | None | None |
6 | AES128-SHA256 | TLSv1.2 | None | None |
7 | AES128-SHA | TLSv1.1,TLSv1.2 | None | None |
8 | RC4-SHA | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | None | None |
9 | RC4-MD5 | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | None | None |
10 | ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
11 | ECDHE-RSA-AES256-SHA384 | TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
12 | ECDHE-RSA-AES256-SHA | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
13 | AES256-GCM-SHA384 | TLSv1.2 | None | None |
14 | AES256-SHA256 | TLSv1.2 | None | None |
15 | AES256-SHA | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | None | None |
16 | ECDHE-RSA-AES128-SHA256 | TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
17 | ECDHE-RSA-DES-CBC3-SHA | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | ECDH,P-256,256bits | prime256v1 |
18 | DES-CBC3-SHA | SSLv3,TLSv1,TLSv1.1,TLSv1.2 | None | None |
TLS ticket lifetime hint: 100800
OCSP stapling: not supported
Cipher ordering: server
Here is Calomel's view of the certificate:
Installing Cipherscan
Open a terminal on kali or your favorite Linux distro.Switch to the directory you want to install Cipherscan into.
- run git clone https://github.com/PeterMosmans/openssl.git --depth 1 -b 1.0.2-chacha
- cd openssl
- ./Configure zlib no-shared experimental-jpake enable-md2 enable-rc5 \ enable-rfc3779 enable-gost
- enable-static-engine linux-x86_64
- make depend
- make
- make report
Get the script from https://github.com/jvehent/cipherscan.
To copy the script click in the page and press ctrl+a on Linux\Windows or command+a on Max OSX. Paste the script into your editor of choice, verify that you copied it correctly, then save it to the apps folder.
The Mozilla Wiki article on Sever Side TLS
The Mozilla Wiki has a great article on TLS. It explains Forward Secrecy, Diffie\Hellman Ephemeral key exchange, OCSP Stapling and much more for just about every browser and OS. It is also where I found cipherscan!If you are responsible for an Apache, Haproxy or Nginx server the Mozilla wiki article is a must read. It even has a configuration generator for these servers that will create a configuration based on which generation browsers you must support.
References:
Mozilla Wiki - Security/Server Side TLSCalomel Firefox Addon
ars technica - Massive leak reveals Hacking Team’s most private moments in messy detail
Defensive Security Episode 122 - Discussion on the breach at The Hacking Team
Testing for Weak SSL/TLS Ciphers - OWASP
SSL Cipher Suites Supported By Your Browser
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
No comments:
Post a Comment