Difference between revisions of "SSL/TLS"

From dmfswiki
Jump to: navigation, search
(Issues)
Line 2: Line 2:
  
  
== Issues ==
+
= Issues =
  
 
Due to recently discovered attacks against TLS/SSL (Heartbleed, etc.) many users decide to ban older TLS versions from their server. TLSv1.2 is only supported by Android 4.1 and later. So if you are using an older Android version, you'll have to allow TLSv1 as well. See also: [http://developer.android.com/reference/javax/net/ssl/SSLSocket.html Supported SSL protocols by API level]
 
Due to recently discovered attacks against TLS/SSL (Heartbleed, etc.) many users decide to ban older TLS versions from their server. TLSv1.2 is only supported by Android 4.1 and later. So if you are using an older Android version, you'll have to allow TLSv1 as well. See also: [http://developer.android.com/reference/javax/net/ssl/SSLSocket.html Supported SSL protocols by API level]
 +
 +
== POODLE ==
 +
 +
POODLE was yet another attack on the SSLv3 protocol. See here for reference: http://en.wikipedia.org/wiki/Poodle . As a workaround it is suggested to disable the SSLv3 protocol on the web server. However, and this important: only the protocol and not the ciphers were affected! Disabling the ciphers causes communication via TLSv1.1 to fail as no new ciphers were introduced but already existing ciphers marked as "SSLv3".
 +
 +
On Android 4 there's no intersection of ciphers any longer which result in a connection error (In Android 5 it works apparently). You can run the following command in a terminal to see the affected ciphers:
 +
 +
'''openssl ciphers -v 'TLSv1' | sort'''
 +
 +
 +
Let's take the following configuration of an Apache2 server as an example:
 +
 +
''
 +
SSLProtocol all -SSLv2 -SSLv3
 +
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SSLv3:!SSLv2
 +
''
 +
 +
The first line is perfectly fine, it disables insecure protocols. The second line, however, disables all ciphers for TLSv1.1.
 +
 +
Now, the question remains: is disabling the SSLv3 protocol sufficient? The answer is: yes, absolutely. POODLE was a protocol attack that exploited a certain encryption mode (CBC). Nevertheless, it's of course a wise idea to refuse broken ciphers like RC4 or or hash algorithms like MD5.

Revision as of 12:32, 23 January 2015

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. [1]


Issues

Due to recently discovered attacks against TLS/SSL (Heartbleed, etc.) many users decide to ban older TLS versions from their server. TLSv1.2 is only supported by Android 4.1 and later. So if you are using an older Android version, you'll have to allow TLSv1 as well. See also: Supported SSL protocols by API level

POODLE

POODLE was yet another attack on the SSLv3 protocol. See here for reference: http://en.wikipedia.org/wiki/Poodle . As a workaround it is suggested to disable the SSLv3 protocol on the web server. However, and this important: only the protocol and not the ciphers were affected! Disabling the ciphers causes communication via TLSv1.1 to fail as no new ciphers were introduced but already existing ciphers marked as "SSLv3".

On Android 4 there's no intersection of ciphers any longer which result in a connection error (In Android 5 it works apparently). You can run the following command in a terminal to see the affected ciphers:

openssl ciphers -v 'TLSv1' | sort


Let's take the following configuration of an Apache2 server as an example:

SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SSLv3:!SSLv2

The first line is perfectly fine, it disables insecure protocols. The second line, however, disables all ciphers for TLSv1.1.

Now, the question remains: is disabling the SSLv3 protocol sufficient? The answer is: yes, absolutely. POODLE was a protocol attack that exploited a certain encryption mode (CBC). Nevertheless, it's of course a wise idea to refuse broken ciphers like RC4 or or hash algorithms like MD5.