Difference between revisions of "SSL/TLS"
(→Issues) |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
− | + | = Issues = | |
Due to recently discovered attacks against TLS/SSL (Heartbleed, etc.) many users decide to ban older TLS versions from their server. TLSv1.2 is only supported by Android 4.1 and later. So if you are using an older Android version, you'll have to allow TLSv1 as well. See also: [http://developer.android.com/reference/javax/net/ssl/SSLSocket.html Supported SSL protocols by API level] | Due to recently discovered attacks against TLS/SSL (Heartbleed, etc.) many users decide to ban older TLS versions from their server. TLSv1.2 is only supported by Android 4.1 and later. So if you are using an older Android version, you'll have to allow TLSv1 as well. See also: [http://developer.android.com/reference/javax/net/ssl/SSLSocket.html Supported SSL protocols by API level] | ||
+ | |||
+ | === POODLE === | ||
+ | |||
+ | POODLE was yet another attack on the SSLv3 protocol. See here for reference: http://en.wikipedia.org/wiki/Poodle . As a workaround it is suggested to disable the SSLv3 protocol on the web server. However, and this important: only the protocol and not the ciphers were affected! Disabling the ciphers causes communication via TLSv1.1 to fail as no new ciphers were introduced but already existing ciphers marked as "SSLv3". | ||
+ | |||
+ | On Android 4 there's no intersection of ciphers any longer which result in a connection error (In Android 5 it works apparently). You can run the following command in a terminal to see the affected ciphers: | ||
+ | |||
+ | '''openssl ciphers -v 'TLSv1' | sort''' | ||
+ | |||
+ | |||
+ | Let's take the following configuration of an Apache2 server as a non-working example: | ||
+ | |||
+ | |||
+ | '''SSLProtocol all -SSLv2 -SSLv3''' | ||
+ | |||
+ | '''SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SSLv3:!SSLv2''' | ||
+ | |||
+ | |||
+ | The first line is perfectly fine, it disables insecure protocols. The second line, however, disables all ciphers except for TLSv1.1. | ||
+ | |||
+ | Now, the question remains: is disabling the SSLv3 protocol sufficient? The answer is: yes, absolutely. POODLE was a protocol attack that exploited a certain encryption mode (CBC). Nevertheless, it's of course a wise idea to refuse broken ciphers like RC4 or or hash algorithms like MD5. |
Latest revision as of 15:35, 22 June 2015
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. [1]
Issues
Due to recently discovered attacks against TLS/SSL (Heartbleed, etc.) many users decide to ban older TLS versions from their server. TLSv1.2 is only supported by Android 4.1 and later. So if you are using an older Android version, you'll have to allow TLSv1 as well. See also: Supported SSL protocols by API level
POODLE
POODLE was yet another attack on the SSLv3 protocol. See here for reference: http://en.wikipedia.org/wiki/Poodle . As a workaround it is suggested to disable the SSLv3 protocol on the web server. However, and this important: only the protocol and not the ciphers were affected! Disabling the ciphers causes communication via TLSv1.1 to fail as no new ciphers were introduced but already existing ciphers marked as "SSLv3".
On Android 4 there's no intersection of ciphers any longer which result in a connection error (In Android 5 it works apparently). You can run the following command in a terminal to see the affected ciphers:
openssl ciphers -v 'TLSv1' | sort
Let's take the following configuration of an Apache2 server as a non-working example:
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SSLv3:!SSLv2
The first line is perfectly fine, it disables insecure protocols. The second line, however, disables all ciphers except for TLSv1.1.
Now, the question remains: is disabling the SSLv3 protocol sufficient? The answer is: yes, absolutely. POODLE was a protocol attack that exploited a certain encryption mode (CBC). Nevertheless, it's of course a wise idea to refuse broken ciphers like RC4 or or hash algorithms like MD5.