Question about security

[Matthew]

Hello Bruce.

I recently had security audit which says about some problems.

1. Secure Client-Initiated Renegotiation is supported. (https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks)
2. No support for "Forward Secrecy". (https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy)
3. No Security flag in session ID.

So how to disable Secure Client-Initiated Renegotiation and enable support for "Forward Secrecy"?
What about Security flag in session ID? I don't know what it mean. Could You add this flag or maybe I could?

Also could You updated OpenSSL libraries to latest version (1.0.2a I think)?

Regards,
Matthew

[Bruce]

Hi Matthew,

I'm looking into a solution for these - I'm presuming you are on a recent NetTalk 8 build?

It should be noted that;
1) This is not a security issue as such, but a possible cause of denial-of-service. So it presents no danger to existing data on existing sites. The solution is to disable client-initiated re-negotiation - I am testing that.

2) Forward-security is in the news lately and basically prevents govt from subpenaing the site private keys, and using those to break already established communications between the client and server. Obviously we want the strongest security possible, but forward-security is not an attack vector, it is a political vector at the moment.  The solution appears to be a different cipher-list - something I am investigating.

Regarding the OpenSSL DLL's - I will update them in the build but you can also update your own at any time. I will post something in the Share Knowledge on how to do that.

update [1] --- from what I can see the openSSL version may have something to do with issue 1. Can you please let me know what version of the OpenSSL DLL's you are currently using?
update [2] --- yes, the shipping DLL's (OpenSSL version 1.0.1.L (1.0.1.12)) shows as having this issue, the latest DLL's (1.0.2A) do not.

cheers
Bruce

[Matthew]

Thank You for response.

Yes, I am using latest version of NetTalk.

OpenSSL version which I use: 1.0.1.L

What about problem 3: No Security flag in session ID?

Regards,
Matthew

[Bruce]

Hi Matthew,

>> What about problem 3: No Security flag in session ID?

This was one of the reasons I was curious about the NetTalk version. Currently the SessionID cookie is set as;

Set-Cookie: SESSIONID=78xam0TBVpyWEFDegVwgTp2PkslcaQ; path=/; secure; HttpOnly

(this is from the web6 example, with the  project define  NetShowSend=>1 ).

So I'm not sure what the report is referring to exactly. I assumed it was the need for the "secure" attribute on the cookie - but that has been in for some time now (as per the above.)
So any more information you may have on this report would be useful.

cheers
Bruce
 

[Bruce]

Hi Matthew,

I have updated the OpenSSL DLL's in the 8.45 build.

1)  Secure Client-Initiated Renegotiation is supported.
I've done a fair bit of research on this and it appears this is not (currently) considered to be a security issue, but rather a possible DoS vector. (Bear in mind that there are already lots of DoS vectors in any system and this is just another. Secure Client-Initiated Renegotiation is an important feature for a server to support, so it's not something that should just be turned off, as that could cause all sorts of other problems. One mitigating approach is to limit the number of Renegotiations per connection, but that just defers the problem as the client can still just re-connect. I will continue to explore this further to see what the best approach is.

2) No support for "Forward Secrecy".
Despite a fair bit of effort here, I have not yet convinced the OpenSSL DLL's to support the ciphers necessary for forward security. You can manipulate the cipher list yourself of course so please let me know if you have any success in this direction. I will continue to work on this of course.
As I mentioned above, this issue is specifically related to you having to give up your private keys - its not a vulnerability in the server-client connection.

cheers
Bruce

[Matthew]

Thank You Bruce.

Ad 2.)
I tried to manipulate the cipher list but with no result. I try the following lists in "NetTalk Object Before Init Section":

ServerHTTPS.SSLCertificateOptions.CiphersAllowed = 'ECDHE:ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT'
ServerHTTPS.SSLCertificateOptions.CiphersAllowed = 'ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:@STRENGTH'
ServerHTTPS.SSLCertificateOptions.CiphersAllowed = 'ALL:!ADH:ECDHE:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT:@STRENGTH'

Unfortunately it doesn't work.

I tested my site on: https://www.ssllabs.com/ssltest/index.html

In my website:
Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)            128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)    128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)    128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)    128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)            112
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)            256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)    256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)    256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)    256

In other HTTPS website:
Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS    256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH 256 bits (eq. 3072 bits RSA)   FS    128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK    256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK    128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)    256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)    128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)    112

So I don't know how to set for example:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS    256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH 256 bits (eq. 3072 bits RSA)   FS    128

Regards,
Matthew

[Bruce]

>> So I don't know how to set for example:

I don't know either, and I've also had no success setting some of the forward-secuirty ciphers. I don't know if this is an OpenSSL thing, or perhaps a Windows thing. I'll keep an eye on it, but have had no joy so far.

The cipher-list thing is pure OpenSSL, so I'm not doing anything special with that.

cheers
Bruce