8

A developer recently ran a PCI Scan with TripWire against our LAMP server. They identified several issues and instructed the following to correct the issues:

Problem: SSL Server Supports Weak Encryption for SSLv3, TLSv1,

Solution: Add the following rule to httpd.conf

SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Problem: SSL Server Supports CBC Ciphers for SSLv3, TLSv1

Solution: Disable any cipher suites using CBC ciphers

Problem: SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1

Solution: Disable any cipher suites using MD5 based MAC algorithms

I tried searching google for a comprehensive tutorial on how to construct an SSLCipherSuite directive to meet my requirements, but I didn't find anything I could understand. I see examples of SSLCipherSuite directives, but I need an explanation on what each component of the directive does. So even in the directive SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM, I dont understand for example what the !LOW means.

Can someone either a) tell me the SSLCipherSuite directive that will meet my needs or b) show me a resource that clearly explains each segment of a SSLCipherSuite is and how to construct one?

John
  • 7,343
  • 23
  • 63
  • 87
  • 2
    By the way - there's no SSL or TLS settings that are widely supports and without *some* level of vulnerability. You *really* need to find someone half way competent with SSL/TLS security, have them take 15 minutes to get familiar with your requirements, and make a recommendation that actually fits your situation. Blindly running TripWire without any ability to interpret the results isn't helping, not really. – Chris S Nov 02 '13 at 01:25
  • Read their requirements again. You can fix all these problems by simply disable SSL 3.0 and TLS 1.0. – Franklin Yu May 14 '19 at 21:10

2 Answers2

11

If their only complaint is MD5-based MAC, you should be able to simply add the !MD5 element to your existing cipher suite to meet the recommendation.

That said, I see they complain about the use of the CBC mode as well. Unfortunately, there is no CBC cipher group. The recommendation given to you also does not exclude CBC mode cipherspecs, at least on my version of openSSL (1.0.1e). This is a shame. If you need all such ciphers to be excluded, you could exclude all the CBC ones explicitly, though you will have to update that as they are included. Note that even HIGH includes CBC ciphers.

Including both ALL and RC4+RSA is redundant. I would be loathe to trust a security consultant (even a computerized one) that cannot even construct a well-formed cipherspec that meets their own recommendations.

The SSLCipherSuite takes an OpenSSL cipher spec. You can find this in the openssl documentation (link), but I find that this documentation is usually quite out of date. However, you can test one by running openssl ciphers ${cipherspec} on your server; output will be a :-separated list of ciphers that would be allowed by the given spec, or an error indicating none were allowed.

Similarly, if you want to know what LOW contains, do:

falcon@tiernyn ~ $ openssl ciphers 'LOW'
EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:ADH-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5

!LOW means to exclude those ones. +HIGH means to prefer the high-security ones in the ordering.

If you want a line-delimited list of all the ciphers that use CBC in your cipherspec, do:

openssl ciphers ${cipherspec} | sed 's/:/\n/g' | grep CBC

Those are the ones you'd have to exclude. You may, however, find it more reasonable to grep -v CBC and include only those (just set them up in a :-delimited list and use that as the cipherspec).

John
  • 7,343
  • 23
  • 63
  • 87
Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
  • Thanks Falcon. I'm trying things out now. Is there a simple way to test/confirm a rule like !MD5 was successfully applied to my SSL-Apache instance? I'd google the question myself, but i'm on a bus in china with limited internet access (low on bandwidth and connectivity) – John Nov 02 '13 at 02:53
  • You could try using `openssl s_client -connect host:port -cipher MD5` to connect to it with `MD5` as the cipher suite, or you could use the Qualys SSL scan (when you have more internet access) to get a very detailed analysis (assuming it is internet-facing). – Falcon Momot Nov 02 '13 at 04:32
  • Note: grepping on CBC is ok, but not on openssl names only. Use openssl ciphers -V -stdname ${cipherspec} | sed 's/:/\n/g' | grep CBC This will include the IANA names, see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml – Cie6ohpa May 20 '21 at 13:56
  • Note: grepping on CBC is ok, but not on openssl names only. Use ``` openssl ciphers -V -stdname ${cipherspec} | sed 's/:/\n/g' | grep CBC ``` This will include the IANA names, see https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml – Cie6ohpa May 20 '21 at 15:08
4

The mod_ssl documentation explains the components of the SSLCipherSuite settings, here.

If you want to meet all of those scan requirements, you pretty much need to run just RC4 with SSLCipherSuite RC4-SHA (or run newer TLS which may or may not be practical for your system).

Shane Madden
  • 114,520
  • 13
  • 181
  • 251