InfrastructureAWSGoDatabaseMonitoringRaspberryPIPythonTerraformGitAIDIYData Analytics
Catalogue
How to Avoid an SSL Rating of F (as of May 2016)
Posted 2016-06-27Infrastructure3 minutes read (About 404 words)

How to Avoid an SSL Rating of F (as of May 2016)

🌐 日本語で読む

One day, when I ran an SSL check on QUALYS SSL LABS

It was rated F…

I had always kept it at A+…

It turns out that a new vulnerability was discovered as of 2016/5/3.

SIOS Tech Lab - エンジニアのためになる技術トピックス
サイオステクノロジーのエンジニアが クラウド、OSS、認証に関する様々な情報を提供します。

The issue flagged this time, CVE-2016-2107:

It was found that a MITM attacker could carry out a padding oracle attack against the AES-NI CBC MAC check. This problem arose from a defect in code that was introduced to fix CVE-2013-0169 (Lucky 13 padding).

I have summarized the countermeasures above below.

Countermeasures

  • OpenSSL version up
  • Test OS environment: CentOS7

The following article says, “Please upgrade OpenSSL to version 1.0.2h/1.0.1t,” but

general-security-20160504

trying things out incrementally,
when I upgraded openssl with the following command,
the error disappeared and the rating became B.

Was this because I had updated Nginx to 1.11.1 beforehand? (sweat)

1
2
3
4
# yum upgrade openssl -y

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
  • Changing the ssl_ciphers setting

When I applied the ssl_ciphers directive generated by the config generator as-is, the rating stalled at B.

https://ssl-config.mozilla.org/

It seems there are encryption methods you should not include for various reasons.

1
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

The ssl_ciphers I ultimately settled on: With this, the rating returned to A+.

1
ssl_ciphers 'ECDH !aNULL !eNULL !SSLv2 !SSLv3';

I’ll need to keep monitoring OpenSSL vulnerabilities.

Supplementary Notes

Unless you enable HTTP Strict Transport Security (always-on SSL),
you cannot get an A+.

Always-on SSL also affects performance,
so set a policy of at least aiming for an A before you get started.

#
kenzo0107

kenzo0107

About me

Like this article? Support the author with

×