Hi All,
So finally, I got time to write something. Today, I'm gonna write about SSL and TLS. It’s pretty common terms in Information Security. However, only few heads know actual use of it, difference between them, vulnerabilities present in ciphers, best practices etc.
Let’s understand it in security best practices perspective and do not get into core technical details like Message authentication process, key material generation, Its design & implementation, its RFC etc. I will write about such core part in another post.
So finally, I got time to write something. Today, I'm gonna write about SSL and TLS. It’s pretty common terms in Information Security. However, only few heads know actual use of it, difference between them, vulnerabilities present in ciphers, best practices etc.
Let’s understand it in security best practices perspective and do not get into core technical details like Message authentication process, key material generation, Its design & implementation, its RFC etc. I will write about such core part in another post.
Let’s
start...
Now days,
people/corporates are majorly concern about data that is being sent between application
and across the so called “Untrusted Internet” world. Corporates are using
cryptographic protocols to authenticate their application server and clients.
And also to encrypt messages between authenticated parties. (Server to Server, Server
to Client etc).
As of now,
there are two cryptographic protocols designed to make web communications
secure over untrusted network (e.g. Internet). And those two Protocols are
"SSL (Secure Sockets Layer)" and "TLS (Transport Layer
Security)".
TLS and SSL
are most widely recognized as the protocols that provide secure HTTP (HTTPS)
for Internet transactions between Web browsers and Web servers. TLS/SSL can
also be used for other application level protocols, such as File Transfer
Protocol (FTP), Lightweight Directory Access Protocol (LDAP), and Simple Mail
Transfer Protocol (SMTP). TLS/SSL enables server authentication, client
authentication, data encryption, and data integrity over networks such as the
World Wide Web.
SSL and TLS,
Both protocols use Asymmetric Cryptography. SSL and TLS both use X.509
certificates to authenticate two or more parties. Both work on three features of
Security (Confidentiality, Integrity and Availability).
How SSL/TLS
handshake works:
In SSL/TLS,
client submits a list of cipher suites that it supports and then server pick up
one suite from the list to negotiate a secure communication channel. Later, secure
communication starts. However, some servers will select the first supported
suite from the list which is not a best practice.
Vulnerabilities and Best Practices:
Since, there are many vulnerabilities discovered in last few years like BEAST, Renegotiation attack, Version rollback attacks, CRIME attacks, BREACH attacks, POODLE, FREAK attack, logjam attack, Heartbleed attack etc.
Hence, below are our Recommendations which you need to follow while implementing SSL/TLS to avoid these attacks:
- SSL v2 is insecure and must not be used.
- SSL v3 is insecure when used with HTTP and weak when used with other protocols. It’s also obsolete, which is why it shouldn’t be used.
- Disable support for TLS v1.0 (see note below).
- Disable insecure client-initiated renegotiation.
- NULL cipher suites provide no encryption.
- Export key exchange suites use authentication that can easily be broken. Do not use Export ciphers. (FREAK Attack)
- Anonymous Diffie-Hellman (ADH) suites do not provide authentication.).
- Suites with weak ciphers (typically of 40 and 56 bits) use encryption that can easily be broken. Make sure your all support ciphers length is more than 128 bits.'
- RC4 and MD5 is weaker.
- 3DES provides about 112 bits of security. This is below the recommended minimum of 128 bits, but it’s still strong enough. A bigger practical problem is that 3DES is much slower than the alternatives.
- Enable HSTS on webserver.
- Implement Forward Secrecy.
- Use Certificate pinning, if required.
- Set Ciphers in order (First Priority is for strength and size of cipher).
Currently,
TLSv1.1 and TLSv1.2 are consider to be secure than any other protocol when they
are correctly implemented (with above recommendations).
In order to
support older clients, you may need to continue to support TLS v1.0 for the
time being. With some workarounds, this protocol can still be considered secure
enough for most web sites.
One point in above recommendations that I would like to cover,
Support Forward Secrecy:
One point in above recommendations that I would like to cover,
Support Forward Secrecy:
Forward
Secrecy is a protocol feature that makes secure conversations that are not
dependent on the server’s private key. It means, if your server administrator
goes on holidays and server's private key gets compromised, administrator can
still continue to enjoy his holidays. ;)
With cipher
suites that do not support Forward Secrecy, someone having a server’s private
key can decrypt all earlier encrypted conversations.
You need to support and prefer ECDHE suites in order to enable Forward Secrecy. Most of
modern web browser support ECDHE. However, to support & cover almost all
clients, you should use DHE suites as fallback after ECDHE.
Server Supporting ECDHE & DHE with recommended order
There are lots of tools available in market using which you can test your server’s SSL/TLS strength/vulnerabilities. Below are some which I prefer and are best among all:
Online Tools:
Offline
Tools:
> SSLscan(From, Kali 2.0 onward is good)
> TLSenum
(especially for checking order of ciphers)
Thanks for your time.. :)
Got queries? Leave a comment down below, I would love to reply..
Ref: ssllabs, owasp, qualys
1 comments:
Great ! thats much more helpful.
Thanks Tushar
Post a Comment