The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. SSL encryption ciphers are classified based on encryption key length as follows:
- HIGH - key length larger than 128 bits
- MEDIUM - key length equal to 128 bits
- LOW - key length smaller than 128 bits
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security. The following link provides more information about this vulnerability: Analysis of the SSL 3.0 protocol (http://www.schneier.com/paper-ssl-revised.pdf) Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations.
Disable support for LOW encryption ciphers. Apache If TLSv1.1 or TLSv1.2 are available, then those protocols should be used. SSLProtocol TLSv1.1 TLSv1.2 If TLSv1.1 and TLSv1.2 are not available then only TLS1.0 should be used: SSLProtocol TLSv1 Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl include the following line in the configuration file (httpsd.conf): SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM Tomcat sslProtocol="SSLv3" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W ITH_3DES_EDE_CBC_SHA" IIS How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030) (Windows restart required) How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (http://support.microsoft.com/default.aspx?scid=kb;en-us;187498) (Windows restart required) Security Guidance for IIS (http://www.microsoft.com/technet/security/prodtech/IIS.mspx) For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633 (http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm)
- sslyze_cli.py Fast and full-featured SSL scanner for Python 2.7. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.
As the description mentions: Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security. so any encryption smaller than 128 bits is considered low and weak.
For this purpose we will use the tool sslyze_cli.py to enumerate the encryption keys confugured in the server.
For SMTP servers, usually port 25 and 587, use the following command:
sslyze_cli.py --regular --starttls=smtp --hide_rejected_ciphers <Server IP>:<PORT> | grep bits | egrep -v '(128|256)'
For HTTP Servers, usually port 443 and 8443 use the following command:
sslyze_cli.py --regular --hide_rejected_ciphers <Server IP>:<PORT> | grep bits | egrep -v '(128|256)'
With these command we are filtering the encryption keys and looking for anything that is not 128 or 256 bits. If you have anything similar to this then your server is still vulnerable.
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits 250 2.0.0 Ok
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits 250 2.0.0 Ok
TLS_RSA_WITH_DES_CBC_SHA - 56 bits 250 2.0.0 Ok
TLS_DHE_RSA_WITH_DES_CBC_SHA DH-1024 bits 56 bits 250 2.0.0 Ok
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DH-512 bits 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA - 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_RC4_40_MD5 - 40 bits 250 2.0.0 Ok
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits 250 2.0.0 Ok
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits 250 2.0.0 Ok
TLS_RSA_WITH_DES_CBC_SHA - 56 bits 250 2.0.0 Ok
TLS_DHE_RSA_WITH_DES_CBC_SHA DH-1024 bits 56 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - 40 bits 250 2.0.0 Ok
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DH-512 bits 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA - 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_RC4_40_MD5 - 40 bits 250 2.0.0 Ok
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits 250 2.0.0 Ok
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits 250 2.0.0 Ok
TLS_DHE_RSA_WITH_DES_CBC_SHA DH-1024 bits 56 bits 250 2.0.0 Ok
TLS_RSA_WITH_DES_CBC_SHA - 56 bits 250 2.0.0 Ok
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DH-512 bits 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_RC4_40_MD5 - 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA - 40 bits 250 2.0.0 Ok
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - 40 bits 250 2.0.0 Ok