Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

disable weak ciphers in SSL connection

I am using the function SSL_CTX_set_cipher_list to set the ciphers supported for the SSL connection. What argument to pass to SSL_CTX_set_cipher_list to disable weak ciphers.

I tried passing ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH

but it doesn't seem to work.

My tool to detect weak cipher reports for the following as enabled still

** SSLv3:DES-CBC-SHA - ENABLED - WEAK 56 bits **

** TLSv1:DES-CBC-SHA - ENABLED - WEAK 56 bits **

** SSLv2:RC4-MD5 - ENABLED - WEAK 128 bits **
** SSLv2:RC2-CBC-MD5 - ENABLED - WEAK 128 bits **
** SSLv2:RC4-64-MD5 - ENABLED - WEAK 64 bits **
** SSLv2:DES-CBC-MD5 - ENABLED - WEAK 56 bits **
** SSLv2:EXP-RC4-MD5 - ENABLED - WEAK 40 bits **
** SSLv2:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits **
** SSLv2:DES-CBC3-MD5 - ENABLED - WEAK 168 bits **

What argument to pass to SSL_CTX_set_cipher_list to disable the above ciphers?

like image 566
Ravi Avatar asked Sep 23 '10 06:09

Ravi


People also ask

How do I disable weak ciphers?

You can do this using GPO or Local security policy under Computer configuration -> Administrative Templates -> Network -> SSL Configuration Settings -> SSL Cipher Suite Order. Set this policy to enable.

What is SSL weak cipher?

Vulnerabilities in SSL Suites Weak Ciphers is a Medium risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.

Which ciphers should be disabled?

If you must still support TLS 1.0, disable TLS 1.0 compression to avoid CRIME attacks. You should also disable weak ciphers such as DES and RC4. DES can be broken in a few hours and RC4 has been found to be weaker than previously thought. In the past, RC4 was advised as a way to mitigate BEAST attacks.


2 Answers

HIGH:!DSS:!aNULL@STRENGTH should work.

openssl ciphers -v 'HIGH:!DSS:!aNULL@STRENGTH' prints the following list of ciphers:

DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

For a complete list of OpenSSL cipher strings and their meaning take a look at: http://www.openssl.org/docs/apps/ciphers.html

like image 112
Gerhard Schlager Avatar answered Sep 21 '22 18:09

Gerhard Schlager


What argument to pass to SSL_CTX_set_cipher_list to disable weak ciphers

It depends upon who's defintion of weak you are using. In 2015, you have to bump from effectively HIGH:!aNULL because modern browsers reject some of the ciphers included with HIGH. If you allow MD5 and/or RC4, then you get the obsolete cryptography warning.

HIGH:!aNULL:!MD5:!RC4

The call would look like so:

rc = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!MD5:!RC4");
ASSERT(rc >= 1);

You should also disable SSLv2, SSLv3 and probably compression. You do it like so:

const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);

SSL_CTX_set_options does not return a value, so there's nothing to test to ensure the call succeeds.

like image 21
jww Avatar answered Sep 22 '22 18:09

jww