WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me
Showing posts with label POODLE ATTACK. Show all posts
Showing posts with label POODLE ATTACK. Show all posts

 

So the F5 is a tricky beast often refereed to as the swiss army knife of network appliances. The appliances primary role in many networks is to load balance and is a beast negotiating SSL. That being said its not always easy to determine how to configure the clients SSL profiles to be secure and still service the public. F5s documentation is helpful but designed to be vague because cipher suites and browser support is always changing. https://support.f5.com/csp/article/K8802

 

SSL Labs has become the de-facto to use tool that helps the public understand the nuances of SSL by giving an easy to understand letter grade, https://www.ssllabs.com . The website runs a multitude of tests from insuring your certificate is chained correctly to end device OS and browser simulations, to commonly found vulnerability testing. The down fall of having such a sophisticated tool issuing a simple letter score, is not every environment can be configured for an A or B plus.

 

So I wanted to through an F5 Client SSL Profile out there that at the time of testing got a solid A- and still supported a ton of OS and browser combinations. You will mostly want to keep the defaults but I will highlight what changes you will want to make to get an A. You will need to select Advanced to see some of these settings.


  • The first step is to add your public certificate and the intermediate certificates if applicable as well as the key.
    •  this is what create the certificates chain
  • Next you will want to customize the Ciphers that will be used by the F5 to negotiate SSL with the client. This is where 99% of the magic will happen.
    • DEFAULT:HIGH: (are pre canned cipher settings created by F5, the additional settings are additional customization.
    • !RSA: Do not use RSA ciphers
    • !SSLV3: Do not use SSL version 3
    • !RC4: Do not use RC4 ciphers
    • !EXP: Do not use Cipher length of 40 or 56 bits export strength
    • !DES: Do not use Des or triple Des ciphers
    • !TLSv1_1: Do not use TLS version 1.1
    • !TLSv1: Do not use TlS version 1.0
    • !ADH: Do not use ADH ciphers
    • !EXPORT: Do not use EXPORT grade (weak) ciphers
    • !SHA: Do not use Message Authentication Code SHA 128
  • The complete string looks like this:
    • DEFAULT:HIGH:!RSA:!SSLV3:!RC4:!EXP:!DES:!TLSv1_1:!TLSv1:!ADH:!EXPORT:!SHA
  • Lastly you will want to set up strict SSL renegotiation:
    • Check the  Renegotiation box
    • Next set Secure Renegotiation to "Require Strict"

 

From here save your SSL client profile, apply it to a public accessible virtual server, and run SSL labs against your server. Its kind of fun testing and playing around to see what modifying the cipher settings.

 

Enjoy. 

     


Well they have used up all the awesome vulnerability names, hence the POODLE Attack (Padding Oracle In Downgraded Legacy Encryption). Twitter security chatter has increased around the POODLE Attack and there has been a CVE number assigned CVE20143566.  

Links to both the google paper and the CVE.
High Level Explanation:
The quick and dirty is even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server side interoperability bugs. In the google security advisory, they discuss how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.

The only real work around is to disable SSL 3.0 but for many web admins supporting legacy clients, Window XP running i.e.6 for example, disabling SSL 3.0 is not an option. 

If you end up enabling SSL3.0 you can enable TLS_FALLBACK_SCSV. This forces a more controlled negations of ssl between the client and the server limiting the possibility of clients and servers skipping protocols during the SSL negotion.

I will add more specifics to the F5 and how you would enable the TLS_Fallback command, as well as how to order your SSL protocol and cypher strengths.

***UPDATE***
According to F5 they do not currently support the TLS_FALLBACK_SCSV cipher. There is talk about an engineering hot fix that may include support but there is no solid ETA.  F5 is recommending you disable SSL 3.0 where you can.


OpenSSL command to test if a webserver supports SSL3.0:

openssl s_client -connect target:443 -ssl3
If the command makes you enter more information, then you just made an SSLv3 connection. If the command returns you to a prompt right away, then SSLv3 is disabled on that target host.