A very popular post of mine has been ‘out with the old‘, which details a series of scripts for hardening web servers. Since I first posted it there have been a number of changes made to the scripts, following vulnerabilities like POODLE and the recent ‘Bar Mitzvah‘ attack against RC4, so I’ll provide a quick update of those as well as some challenges I’ve encountered.
out with (more of) the old
Removed support for:
- Insecure renegotiation.
- cache-control header:
- private, max-age=0, no-cache
- HSTS header:
- max-age=31536000; includeSubdomains
Of course, all of the drama surrounding Heartbleed and POODLE meant that users developed an expectation that all services they consumed were patched, even if they weren’t even the slightest bit technically minded. Android and iOS app’s popped up that allowed users to probe the configuration of websites and services, making it easier than ever for Joe Bloggs to become a technical critic. As a result, suits at the upper levels of companies wanted to see big, pretty, green A+ stamps from the Qualys SSL Test – an easy to consume figure of whether or not their security engineers are doing their jobs properly. That leads me to the topic of POODLE…
Exploitation of the POODLE vulnerability – with the exception of when a victim only supports SSLv3 – relies upon use of a protocol downgrade attack to force TLS clients to use SSLv3, allowing for the weaker CBC ciphers to be broken. For a bulk of my managed web services I use Incapsula to provide WAF and CDN functionality, and as completely disabling SSLv3 support can drop support for ‘older’ clients (for example, one government client of mine still has ~15% of traffic being served to IE6 browsers which do not support TLS), they quite rightly took a more cautious, phased approach to mitigating POODLE as described in a blog post of theirs – including mitigating downgrade attacks. One available mitigation – TLS_FALLBACK_SCSV – comes built into OpenSSL versions 1.0.1j, 1.0.0o and 0.9.8zc and above, meaning Apache servers running one of these newer versions will not permit TLS clients to be forced onto SSLv3 connections. The Qualys test requires support for this standard to achieve an A+ result, but as of yet no Windows Server operating systems support it, meaning they’re capped at an A result. However, if a business is confident that all users are TLS1.2 compatible and that RDP access to the box is not required (i.e. you have vSphere or console access instead, as RDP only supports TLS1.0), SChannel can be configured to permit only TLS1.2 and an A+ result becomes possible.
Windows (TLS1.2 only):