Wednesday 27 July 2016

how to check ssl vulnerability



SSL Vulnerability Protection w3workers
SSL Vulnerability Protection


SSL (Secure Sockets Layer) certificates are an generally used to provide security to your website data transmission . when you visit a website with SSL the site’s SSL certificate enables you to encrypt the data you send, such as credit card information, names or addresses so it can’t be accessed by hackers.

How SSL Works

SSL is designed to make use of TCP to provide a reliable end-to-end secure service.
SSL is divided into two layers which is having four protocols encapsulation for all communication between the client machine and the server.
one layer makes use of TCP directly. This layer is known as the SSL Record Protocol and it provides basic security services to various higher layer protocols.

SSL layer protocols

SSL Record Protocol (Lower level protocol):
it's independent protocol of ssl layer that makes use of the record Hypertext Markup Language (HTTP) protocol.

Another three higher level protocols they are used in the management of SSL exchanges and are as follows:

1. Handshake Protocol.
This protocol is used before any application data is sent this protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record.

2. Change Cipher Spec Protocol.
This protocol consists of a message which consists of a single byte with the value 1. This is used to updates the cipher suite to be used on this connection.

3. Alert Protocol.
This protocol is used to convey SSL-related alerts to the peer entity. It consists of two
bytes the first of which takes the values 1 (warning) or 2 (fatal). If the level is fatal SSL
immediately terminates the connection. The second byte contains a code that indicates the specific alert.


As mention above SSL is helps to make website secure in data transmission but SSL also have vulnerabilities and issues.

Two vulnerabilities in SSL found in 2014:


1. The "Apple" bug, affecting recent Mac OS X and iOS devices.
2. The "heartbleed" bug concerning misuse of TLS protocol.

The "Apple" bug

Apple has their own implementation of the SSL security protocol: "libsecurity".
Also referred to as "SecureTransport".
This is used on recent Mac OS X (10.9, used on MacBooks, etc.) and iOS (used on iPhones, etc.).
In February 2014 a large vulnerability was found:the server signature for the shared secret was never validated.

The "heartbleed bug"
Discovered and publicized in April 2014.
Problem is in the "heartbeat" extension of TLS(RFC 6520).
Implementation in OpenSSL is buggy: allowsmemory of system to be read.
Linux and BSD systems rely on OpenSSL, so this bug is VERY widespread.

SSL Attacks

Over the last couple of years, several significant vulnerabilities have been discovered in the SSL protocol most commonly used variants, AES-CBC and RC4. The AES-CBC variant has seen significant crypt-analysis padding oracle attacks  BEAST , Lucky 13 , TIME, and POODLE.



A Man-in-the-Middle Attack:

the attacker using a large number of encryptions of secret data, e.g. a session cookie, JavaScript malware is downloaded from an attacker-controlled website and runs in the victim’s browser, repeatedly sending HTTPS requests to the victim web server. Session cookies are automatically included in each of these
requests in a predictable location, and can thus be targeted in the attack. The attacker, who needs new SSL connections for new RC4 keystream prefixes, can enforce termination of the SSL session after the target encrypted cookie is sent. The browser will automatically establish a new SSL session when the next HTTPS request is sent.

Renegotiation attack:

A vulnerability of the renegotiation that can lead to plaintext injection attacks a gainst SSL 3.0 and all current  For example, it allows an attacker who can hijack an https connection to splice their own requests into the beginning of the conversation the client has with the web server. The attacker can't actually decrypt the client-server communication, so it is different from a typical man-in-the-middle attack.

Protocol downgrade:

A protocol downgrade attacks (also called a version rollback attack) tricks a web server into negotiating connections with previous versions of TLS (such as SSLv2) that have long since been abandoned as insecure.

Previous modifications to the original protocols, like False Start (adopted and enabled by Google Chrome) or Snap Start, reportedly introduced limited TLS protocol downgrade attacks or allowed modifications to the cipher suite list sent by the client to the server. In doing so, an attacker might succeed in influencing the cipher suite selection in an attempt to downgrade the cipher suite negotiated to use either a weaker symmetric encryption algorithm or a weaker key exchange.

Cross-protocol attacks:

DROWN attack

The DROWN attack is an exploit that attacks servers supporting contemporary SSL/TLS protocol suites by exploiting their support for the obsolete, insecure, SSLv2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.DROWN exploits a vulnerability in the protocols used and the configuration of the server, rather than any specific implementation error. Full details of DROWN were announced in March 2016, together with a patch for the exploit.

BEAST attack:

BEAST (Browser Exploit Against SSL/TLS) for a long-known cipher block chaining (CBC) vulnerability in TLS  an attacker observing 2 consecutive ciphertext blocks C0, C1 can test if the plaintext block P1 is equal to x by choosing the next plaintext block P2 = x ^ C0 ^ C1; due to how CBC works C2 will be equal to C1 if x = P1.

CRIME and BREACH attacks:

CRIME (security exploit) and BREACH (security exploit)
The authors of the BEAST attack are also the creators of the later CRIME attack, which can allow an attacker to recover the content of web cookies when data compression is used along with TLS. When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session.

Timing attacks on padding:

Some experts also recommended avoiding Triple-DES CBC. Since the last supported ciphers developed to support any program using Windows XP's SSL/TLS librarlike Internet Explorer on Windows XP are RC4 and Triple-DES, and since RC4 is now deprecated this makes it difficult to support any version of SSL for any program using this library on XP.
A fix was released as the Encrypt-then-MAC extension to the TLS specification, released as RFC 7366. The Lucky Thirteen attack can be mitigated in TLS 1.2 by using only AES_GCM ciphers; AES_CBC remains vulnerable.

POODLE attack:

On October 14, 2014, Google researchers published a vulnerability in the design of SSL 3.0, which makes CBC mode of operation with SSL 3.0 vulnerable to a padding attack (CVE-2014-3566). They named this attack POODLE (Padding Oracle On Downgraded Legacy Encryption). On average, attackers only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages.
In general, graceful security degradation for the sake of interoperability is difficult to carry out in a way that cannot be exploited. This is challenging especially in domains where fragmentation is high.

RC4 attacks:


Despite the existence of attacks on RC4 that broke its security, cipher suites in SSL and TLS that were based on RC4 were still considered secure prior to 2013 because the way in which they were used in SSL and TLS. In 2011, the RC4 suite was actually recommended as a work around for the BEAST attack. New forms of attack disclosed in March 2013 conclusively demonstrated the feasibility of breaking RC4 in TLS, suggesting it was not a good workaround for BEAST.


How to protect your website from SSL attackers:

SSL Labs to test SSL vulnerability:

SSL Labs is a non-commercial service to verify SSL vulnerability it's a collection of documents, tools to better understand how SSL is deployed on your website.

Website:
www.ssllabs.com

Recommended SSL configuration to remove vulnerability from your website.

ssl.conf:

To protect your website from SSL vulnerability make sure ssl.conf  should have proper configuration parameters.

Add Latest SSLCipherSuite:

Step 1: 
Find SSLCipherSuite in ssl.conf file and replace CipherSuite with following SSLCipherSuite. 

SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4"


Step 2:
Find SSLProtocol in ssl.conf file to remove old SSL versions.

To remove vulnerable versions SSL2,SSL3

SSLProtocol all -SSLv2 -SSLv3  

you can also remove old TLS vulnerable versions SSLv2,SSLv3,TLSv1,TLSv1.1

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Step 3:

SSLHonorCipherOrder On

Step 4: 

cve-2016-2107

To remove this vulnerability need to upgrade openssl versoin.


These are some important configuration parameters to verify SSL deployed properly or not.



Thanks for reading if you have any question add in comments section.

No comments:

Post a Comment