logoon  windows
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Forum Register Log in  RSS Apache Lounge


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored by anyone.

Your donations will help to keep this site alive and well, and continuing the building of the binaries.




Mitigating the BEAST attack on TLS

 
Post new topic   Reply to topic    Apache Forum Index -> News & Hangout



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2134
Location: Hilversum, NL, EU

PostPosted: Thu 20 Oct '11 21:21    Post subject: Mitigating the BEAST attack on TLS Reply with quote

See the post all about a attack against SSL from Ivan:

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

Note:
Ivan was the original developer of mod_security. Nowadays he is also quite busy with SSL security.

Steffen
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 4948
Location: Germany, Next to Hamburg

PostPosted: Fri 21 Oct '11 15:08    Post subject: Reply with quote

Doing that reduces the encryption. I made something like that and now I have only 128 bit encryption vis RC4 instead of the 256 AES.

Any chance to have 256 bit encrytion again?

Code:

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown


AFAIK from my config it should use / prefer AES 256 before RC4, but it doesn't.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 1650
Location: Sun Diego, CA, USofA

PostPosted: Sat 22 Oct '11 3:15    Post subject: Reply with quote

As far as I read it, ECDHE-RSA-AES256-SHA384 is an TLS/1.2 cipher. Since OpenSSL 0.9.8 and 1.0.0 do not speak TLS/1.2, I doubt the cipher is available. Secondly, isn't it AES256-SHA and not AES256-SHA256?

http://www.openssl.org/docs/apps/ciphers.html#AES_ciphersuites_from_RFC3268_e

So it goes to the first valid one it finds in the list, RC4.

Of course AES256-SHA is a CBC cipher, and therefore can be attacked. I think for the moment 128bit RC4 is better than 256bit that can be 'beasted'
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 4948
Location: Germany, Next to Hamburg

PostPosted: Sat 22 Oct '11 22:37    Post subject: Reply with quote

glsmith wrote:
Secondly, isn't it AES256-SHA and not AES256-SHA256?


right. Copy paste error while trying getting it secure.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2134
Location: Hilversum, NL, EU

PostPosted: Sat 24 Mar '12 16:22    Post subject: Reply with quote

Attention, that Ivan changed the recommendation for OpenSSL 1.0.1:

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH


Steffen
Back to top
holziusa



Joined: 02 Jan 2008
Posts: 48

PostPosted: Sun 08 Apr '12 16:05    Post subject: SNI TLSv1 Reply with quote

for 1st/default vhost
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-TLSv1-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

all others

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

not sure about the order if TLSv1 matters front or end
of line
Back to top


Post new topic   Reply to topic    Apache Forum Index -> News & Hangout
Page 1 of 1