logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Mitigating the BEAST attack on TLS
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
PostPosted: Thu 20 Oct '11 21:21    Post subject: Mitigating the BEAST attack on TLS Reply with quote
See the post all about a attack against SSL from Ivan:

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

Note:
Ivan was the original developer of mod_security. Nowadays he is also quite busy with SSL security.

Steffen
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
PostPosted: Fri 21 Oct '11 15:08    Post subject: Reply with quote
Doing that reduces the encryption. I made something like that and now I have only 128 bit encryption vis RC4 instead of the 256 AES.

Any chance to have 256 bit encrytion again?

Code:

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown


AFAIK from my config it should use / prefer AES 256 before RC4, but it doesn't.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
PostPosted: Sat 22 Oct '11 3:15    Post subject: Reply with quote
As far as I read it, ECDHE-RSA-AES256-SHA384 is an TLS/1.2 cipher. Since OpenSSL 0.9.8 and 1.0.0 do not speak TLS/1.2, I doubt the cipher is available. Secondly, isn't it AES256-SHA and not AES256-SHA256?

http://www.openssl.org/docs/apps/ciphers.html#AES_ciphersuites_from_RFC3268_e

So it goes to the first valid one it finds in the list, RC4.

Of course AES256-SHA is a CBC cipher, and therefore can be attacked. I think for the moment 128bit RC4 is better than 256bit that can be 'beasted'
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
PostPosted: Sat 22 Oct '11 22:37    Post subject: Reply with quote
glsmith wrote:
Secondly, isn't it AES256-SHA and not AES256-SHA256?


right. Copy paste error while trying getting it secure.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
PostPosted: Sat 24 Mar '12 16:22    Post subject: Reply with quote
Attention, that Ivan changed the recommendation for OpenSSL 1.0.1:

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH


Steffen
Back to top
holziusa



Joined: 02 Jan 2008
Posts: 48
PostPosted: Sun 08 Apr '12 16:05    Post subject: SNI TLSv1 Reply with quote
for 1st/default vhost
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-TLSv1-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

all others

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

not sure about the order if TLSv1 matters front or end
of line
Back to top


Reply to topic   Topic: Mitigating the BEAST attack on TLS View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout