Saturday, July 11, 2015

Checking Server Cipher Suites with Cipherscan

Unless you have been living under a rock for the last year you have heard about many of the flaws with SSL - Heartbleed, Logjam, Poodle, etc.

And then there is the ars technica article on the breach at the infamous organization "The Hacking Team" . Here is a disturbing paragraph from the article:

******************************************
Still another document boasts of Hacking Team's ability to bypass certificate pinning and the HTTP strict transport security mechanisms that are designed to make HTTPS website encryption more reliable and secure. "Our solution is the only way to intercept TOR traffic at the moment," the undated PowerPoint presentation went on to say.
******************************************

For a network engineer there is also the problem that Firefox and Chrome are going to stop allowing you to go to servers with weak security. Here is a screen shot of the message I received in Firefox 39 this morning when I tried to log into my Cisco ISE server:

Firefox 39 connecting to Cisco ISE 1.2

I put the message into Google and found this on the Firefox support site:



It makes you wish you had an easy way to know what cipher suites a server can provide! Well lucky for us there is a project on Github called Cipherscan that does just that! They created a customized version of OpenSSL and a script for Linux. You just download the custom OpenSSL package, install it in a private directory, save the script to the apps directory and execute the script. It's that easy and in my opinion it is a great tool to have in your toolbox, a big thank you to the developers!

*********************************************
From the cipherscan readme file:
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL
and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.

Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for
Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating
system (which may have limited ciphers support), or your own version provided in the -o command line flag.

*********************************************

Script Output

I have been running the script against a lot of different servers and the results are interesting.

For example, here is the output from my ISE server:
root@kali:~/Desktop/openssl/apps# ./cipherscan 192.168.10.21
......
Target: 192.168.10.21:443

priociphersuiteprotocolspfscurves
1DHE-RSA-AES256-SHASSLv3,TLSv1DH,768bitsNone
2AES256-SHASSLv3,TLSv1NoneNone
3DHE-RSA-AES128-SHASSLv3,TLSv1DH,768bitsNone
4AES128-SHASSLv3,TLSv1NoneNone
5DES-CBC3-SHASSLv3,TLSv1NoneNone
Certificate: UNTRUSTED, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client

You can see that the Diffe-Hellman Ephemeral key is only 768 bits.

Then I ran it on an HP officeJet pro 8600. Firefox 39 will open this page because the printer doesn't offer a weak Diffe-Hellman Ephemeral key but the Calomel SSL extension turns red.

If you aren't running the Calomel extension for Firefox I highly recommend it. Calomel checks the certificate on every site and gives you a Red, Yellow or Green shield depending on the strength of the certificate. See the "References" section below for their site. They have a lot of good information about SSL on their site.

root@kali:~/Desktop/openssl/apps# ./cipherscan 192.168.10.239
.......
Target: 192.168.10.239:443

priociphersuiteprotocolspfscurves
1AES256-SHASSLv3,TLSv1NoneNone
2AES128-SHASSLv3,TLSv1NoneNone
3RC4-SHASSLv3,TLSv1NoneNone
4RC4-MD5SSLv3,TLSv1NoneNone
5DES-CBC3-SHASSLv3,TLSv1NoneNone
6DES-CBC-SHASSLv3,TLSv1NoneNone
Certificate: UNTRUSTED, 1024 bit, md5WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client

Here is the output from https://mail.google.com.

root@kali:~/Desktop/openssl/apps# ./cipherscan mail.google.com
...................
Target: mail.google.com:443

priociphersuiteprotocolspfscurves
1ECDHE-RSA-CHACHA20-POLY1305TLSv1.2ECDH,P-256,256bitsprime256v1
2ECDHE-RSA-AES128-GCM-SHA256TLSv1.2ECDH,P-256,256bitsprime256v1
3ECDHE-RSA-AES128-SHATLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
4ECDHE-RSA-RC4-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
5AES128-GCM-SHA256TLSv1.2NoneNone
6AES128-SHA256TLSv1.2NoneNone
7AES128-SHATLSv1.1,TLSv1.2NoneNone
8RC4-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
9RC4-MD5SSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
10ECDHE-RSA-AES256-GCM-SHA384TLSv1.2ECDH,P-256,256bitsprime256v1
11ECDHE-RSA-AES256-SHA384TLSv1.2ECDH,P-256,256bitsprime256v1
12ECDHE-RSA-AES256-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
13AES256-GCM-SHA384TLSv1.2NoneNone
14AES256-SHA256TLSv1.2NoneNone
15AES256-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
16ECDHE-RSA-AES128-SHA256TLSv1.2ECDH,P-256,256bitsprime256v1
17ECDHE-RSA-DES-CBC3-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
18DES-CBC3-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 100800
OCSP stapling: not supported
Cipher ordering: server

Here is Calomel's view of the certificate:

Installing Cipherscan

Open a terminal on kali or your favorite Linux distro.
Switch to the directory you want to install Cipherscan into.

  • run git clone https://github.com/PeterMosmans/openssl.git --depth 1 -b 1.0.2-chacha
  • cd openssl
  • ./Configure zlib no-shared experimental-jpake enable-md2 enable-rc5 \ enable-rfc3779 enable-gost 
  • enable-static-engine linux-x86_64
  • make depend
  • make
  • make report

Get the script from https://github.com/jvehent/cipherscan.

To copy the script click in the page and press ctrl+a on Linux\Windows or command+a on Max OSX. Paste the script into your editor of choice, verify that you copied it correctly, then save it to the apps folder.

The Mozilla Wiki article on Sever Side TLS

The Mozilla Wiki has a great article on TLS. It explains Forward Secrecy, Diffie\Hellman Ephemeral key exchange, OCSP Stapling and much more for just about every browser and OS. It is also where I found cipherscan!

If you are responsible for an Apache, Haproxy or Nginx server the Mozilla wiki article is a must read. It even has a configuration generator for these servers that will create a configuration based on which generation browsers you must support.

References:

Mozilla Wiki - Security/Server Side TLS
Calomel Firefox Addon
ars technica - Massive leak reveals Hacking Team’s most private moments in messy detail
Defensive Security Episode 122 - Discussion on the breach at The Hacking Team
Testing for Weak SSL/TLS Ciphers - OWASP
SSL Cipher Suites Supported By Your Browser
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll





No comments:

Post a Comment