Hi Paul
Just try
SSLProtocol TLSv1.3
See how that goes and proceed from there.
John Orendt
John.p.orendt@xxxxxxxxxxxxx
-----Original Message-----
From: Paul Claridge <paul@xxxxxxxxxxxx>
Sent: Thursday, August 26, 2021 3:05 PM
To: users@xxxxxxxxxxxxxxxx
Subject: [EXTERNAL] Re: SSL Cipher configuration issue
Thanks Jim for response.
I spotted an article suggesting SSLProtocol -all +TLSv1.3, but that didn't make any difference either.
Could it be the Qualys SSL Labs tool is not resetting? Any other recommendations for testing cipher strength?
With regards to WAF we are using mod_security and I cannot see any reference to SSL. The other tool we use is fail2ban but I am pretty sure that's not causing this either.
Still slightly baffled as how to progress!
Thanks, Paul
On 26/08/2021 15:35, Jim Albert wrote:
> On 8/26/2021 6:16 AM, Paul Claridge wrote:
>> Hi Team,
>>
>> I am trying to configure recommendations from a pentest with regard
>> to excluding weak ciphers.
>>
>> My ssl labs report shows the following:
>>
>> Protocols
>> TLS 1.3 Yes
>> TLS 1.2 Yes
>> TLS 1.1 No
>> TLS 1.0 No
>> SSL 3 No
>> SSL 2 No
>>
>> Cipher Suites
>> # TLS 1.3 (suites in server-preferred order)
>> TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA)
>> FS
>> 256
>> TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits
>> RSA)
>> FS 256
>> TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA)
>> FS
>> 128
>> # TLS 1.2 (suites in server-preferred order)
>> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519
>> (eq.
>> 3072 bits RSA) FS 256
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq.
>> 3072 bits RSA) FS 128
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq.
>> 3072 bits RSA) FS 256
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq.
>> 3072 bits RSA) FS WEAK 128
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq.
>> 3072 bits RSA) FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>> (0xc013) ECDH x25519 (eq. 3072 bits
>> RSA) FS WEAK 128
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072
>> bits
>> RSA) FS WEAK 256
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK
>> 128
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK
>> 128
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK
>> 256
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK
>> 256
>> TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
>> TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
>> TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
>> TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
>> TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
>> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
>>
>> My current ssl.conf is as follows:
>>
>> <IfModule mod_ssl.c>
>>
>> # Pseudo Random Number Generator (PRNG):
>> # Configure one or more sources to seed the PRNG of the SSL
>> library.
>> # The seed data should be of good random quality.
>> # WARNING! On some platforms /dev/random blocks if not enough
>> entropy
>> # is available. This means you then cannot use the /dev/random
>> device
>> # because it would lead to very long connection times (as long as
>> # it requires to make more entropy available). But usually those
>> # platforms additionally provide a /dev/urandom device which
>> doesn't
>> # block. So, if available, use this one instead. Read the mod_ssl
>> User
>> # Manual for more details.
>> #
>> SSLRandomSeed startup builtin
>> SSLRandomSeed startup file:/dev/urandom 512
>> SSLRandomSeed connect builtin
>> SSLRandomSeed connect file:/dev/urandom 512
>>
>> ##
>> ## SSL Global Context
>> ##
>> ## All SSL configuration in this context applies both to
>> ## the main server and all SSL-enabled virtual hosts.
>> ##
>>
>> #
>> # Some MIME-types for downloading Certificates and CRLs
>> #
>> AddType application/x-x509-ca-cert .crt
>> AddType application/x-pkcs7-crl .crl
>>
>> # Pass Phrase Dialog:
>> # Configure the pass phrase gathering process.
>> # The filtering dialog program (`builtin' is a internal
>> # terminal dialog) has to provide the pass phrase on stdout.
>> SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
>>
>> # Inter-Process Session Cache:
>> # Configure the SSL Session Cache: First the mechanism
>> # to use and second the expiring timeout (in seconds).
>> # (The mechanism dbm has known memory leaks and should not be
>> used).
>> #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
>> SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
>> SSLSessionCacheTimeout 300
>> SSLSessionTickets off
>>
>> # Semaphore:
>> # Configure the path to the mutual exclusion semaphore the
>> # SSL engine uses internally for inter-process synchronization.
>> # (Disabled by default, the global Mutex directive consolidates
>> by default
>> # this)
>> #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
>>
>>
>> # SSL Cipher Suite:
>> # List the ciphers that the client is permitted to negotiate.
>> See the
>> # ciphers(1) man page from the openssl package for list of all
>> available
>> # options.
>> # Enable only secure ciphers:
>> #SSLCipherSuite
>> HIGH:!aNULL:!ECDHE_RSA_WITH_AES_128_CBC_SHA256:!ECDHE_RSA_WITH_AES_25
>> 6_CBC_SHA384:!ECDHE_RSA_WITH_AES_128_CBC_SHA:!ECDHE_RSA_WITH_AES_256_
>> CBC_SHA:!DHE_RSA_WITH_AES_128_CBC_SHA256:!DHE_RSA_WITH_AES_128_CBC_SH
>> A:!DHE_RSA_WITH_AES_256_CBC_SHA256:!DHE_RSA_WITH_AES_256_CBC_SHA:!RSA
>> _WITH_AES_128_GCM_SHA256:!RSA_WITH_AES_256_GCM_SHA384:!RSA_WITH_AES_1
>> 28_CBC_SHA256:!RSA_WITH_AES_256_CBC_SHA256:!RSA_WITH_AES_128_CBC_SHA:
>> !RSA_WITH_AES_256_CBC_SHA
>> #SSLCipherSuite
>> EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES
>> EECDH+128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA
>> EECDH+-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-S
>> EECDH+HA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES2
>> EECDH+56-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES1
>> EECDH+28-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-S
>> EECDH+HA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:
>> EECDH+AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!P
>> EECDH+SK:!RC4
>> SSLCipherSuite
>> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA
>> -CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM
>> -SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-R
>> SA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> # SSL server cipher order preference:
>> # Use server priorities for cipher algorithm choice.
>> # Clients may prefer lower grade encryption. You should enable
>> this
>> # option if you want to enforce stronger encryption, and can
>> afford
>> # the CPU cost, and did not override SSLCipherSuite in a way that
>> puts
>> # insecure ciphers first.
>> # Default: Off
>> SSLHonorCipherOrder on
>>
>> # The protocols to enable.
>> # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
>> # SSL v2 is no longer supported
>> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
>>
>> # Allow insecure renegotiation with clients which do not yet
>> support the
>> # secure renegotiation protocol. Default: Off
>> #SSLInsecureRenegotiation on
>>
>> # Whether to forbid non-SNI clients to access name based
>> virtual hosts.
>> # Default: Off
>> #SSLStrictSNIVHostCheck On
>>
>> SSLCompression off
>>
>> </IfModule>
>>
>>
>> As you can see I have tried several SSLCipherSuite options, but I
>> cannot remove those weak ciphers from my report (thereby failing my
>> pentest).
>> It seems to me that the -TLSv1.2 is being ignored possibly?
>> I'm at a loss, so would appreciate some advice on how to configure
>> this please?
>>
>> Thanks, Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
> Without examining all the ciphers you list in SSLCipherSuite, just
> taking a step back at:
> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 which disables TLSv1.2
> protocol.
>
> You state your SSL Labs report indicates:
> TLS 1.2 Yes
>
> So something doesn't seem right there.
> Did you restart your apache server after the SSL config changes?
> Do you perhaps have a WAF/reverse proxy sitting in front of your
> apache server that also needs to be configured?
>
> Jim
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|