Jim On 8/26/2021 3:04 PM, Paul Claridge wrote:
Thanks Jim for response.I spotted an article suggesting SSLProtocol -all +TLSv1.3, but that didn't make any difference either.Could it be the Qualys SSL Labs tool is not resetting? Any other recommendations for testing cipher strength?With regards to WAF we are using mod_security and I cannot see any reference to SSL. The other tool we use is fail2ban but I am pretty sure that's not causing this either.Still slightly baffled as how to progress! Thanks, Paul On 26/08/2021 15:35, Jim Albert wrote:On 8/26/2021 6:16 AM, Paul Claridge wrote:Hi Team, I am trying to configure recommendations from a pentest with regard to excluding weak ciphers. My ssl labs report shows the following: Protocols TLS 1.3 Yes TLS 1.2 Yes TLS 1.1 No TLS 1.0 No SSL 3 No SSL 2 No Cipher Suites # TLS 1.3 (suites in server-preferred order) TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128 # TLS 1.2 (suites in server-preferred order) TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bitsRSA) FS WEAK 128TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bitsRSA) FS WEAK 256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 My current ssl.conf is as follows: <IfModule mod_ssl.c> # Pseudo Random Number Generator (PRNG):# Configure one or more sources to seed the PRNG of the SSL library.# The seed data should be of good random quality.# WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device# because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those# platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User# Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds).# (The mechanism dbm has known memory leaks and should not be used).#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLSessionTickets off # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization.# (Disabled by default, the global Mutex directive consolidates bydefault # this) #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache # SSL Cipher Suite:# List the ciphers that the client is permitted to negotiate. See the# ciphers(1) man page from the openssl package for list of all available # options. # Enable only secure ciphers: #SSLCipherSuiteHIGH:!aNULL:!ECDHE_RSA_WITH_AES_128_CBC_SHA256:!ECDHE_RSA_WITH_AES_256_CBC_SHA384:!ECDHE_RSA_WITH_AES_128_CBC_SHA:!ECDHE_RSA_WITH_AES_256_CBC_SHA:!DHE_RSA_WITH_AES_128_CBC_SHA256:!DHE_RSA_WITH_AES_128_CBC_SHA:!DHE_RSA_WITH_AES_256_CBC_SHA256:!DHE_RSA_WITH_AES_256_CBC_SHA:!RSA_WITH_AES_128_GCM_SHA256:!RSA_WITH_AES_256_GCM_SHA384:!RSA_WITH_AES_128_CBC_SHA256:!RSA_WITH_AES_256_CBC_SHA256:!RSA_WITH_AES_128_CBC_SHA:!RSA_WITH_AES_256_CBC_SHA #SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 # SSL server cipher order preference:# Use server priorities for cipher algorithm choice.# Clients may prefer lower grade encryption. You should enable this# option if you want to enforce stronger encryption, and can afford# the CPU cost, and did not override SSLCipherSuite in a way that puts# insecure ciphers first. # Default: Off SSLHonorCipherOrder on # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2# Allow insecure renegotiation with clients which do not yet supportthe # secure renegotiation protocol. Default: Off #SSLInsecureRenegotiation on # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off #SSLStrictSNIVHostCheck On SSLCompression off </IfModule>As you can see I have tried several SSLCipherSuite options, but I cannotremove those weak ciphers from my report (thereby failing my pentest). It seems to me that the -TLSv1.2 is being ignored possibly? I'm at a loss, so would appreciate some advice on how to configure this please? Thanks, Paul --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxxWithout examining all the ciphers you list in SSLCipherSuite, just taking a step back at: SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 which disables TLSv1.2 protocol. You state your SSL Labs report indicates: TLS 1.2 Yes So something doesn't seem right there. Did you restart your apache server after the SSL config changes? Do you perhaps have a WAF/reverse proxy sitting in front of your apache server that also needs to be configured? Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|