Service Enhancement Proposal SEP-03 - Remove Support for Old TLS Protocols
Status: Completed
Objective
The current recommendation from NIST in SP 800-52r2 Section 3.1 Protocol Version Support is
Servers that support citizen or business-facing applications (i.e., the client may not be part of a government IT system) shall be configured to negotiate TLS 1.2 and should be configured to negotiate TLS 1.3. The use of TLS versions 1.1 and 1.0 is generally discouraged, but these versions may be configured when necessary to enable interaction with citizens and businesses. See Appendix F for a discussion on determining whether to support TLS 1.0 and TLS 1.1. These servers shall not allow the use of SSL 2.0 or SSL 3.0.
We currently do not support SSL 2.0 or 3.0, but we still do support older versions of TLS.
Pros
- Supporting current recommendations.
- Removes support for insecure protocols that should not be used.
Cons
- We may inadvertently deny some clients, with no TLSv1.2 support, and would have no practical way to know if this was happening, other than via support tickts.
Implementation Details
TLS Support is implemented across all virtual hosts with the following Define
Define SSL_PROTOCOL "all -SSLv2 -SSLv3"
Define SSL_CIPHER_SUITE "ALL:!ADH:+HIGH:!MEDIUM:!LOW:!SSLv2:!3DES:!RC4:!EXP:!NULL:!AECDH:@STRENGTH"
which is included in each site-specific configuration file, as well as the default virtual host.
Protocol Support Before SEP-03
Relevant Configuration
SSLProtocol "all -SSLv2 -SSLv3"
SSLCipherSuite "ALL:!ADH:+HIGH:!MEDIUM:!LOW:!SSLv2:!3DES:!RC4:!EXP:!NULL:!AECDH:@STRENGTH"
Use nmap to enumerate ciphers and protocols
nmap --script +ssl-enum-ciphers -Pn -p 8443 cmsw-pprd-02.hosting.vt.edu
Starting Nmap 7.60 ( https://nmap.org ) at 2020-09-18 15:03 EDT
Nmap scan report for cmsw-pprd-02.hosting.vt.edu (172.28.49.18)
Host is up (0.00064s latency).
Other addresses for cmsw-pprd-02.hosting.vt.edu (not scanned): 2607:b400:92:8000:0:1e:618c:4e41
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
|_ least strength: C
Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
Protocol Support For TLSv1.2 Only
Relevant Configuration
SSLProtocol "-all +TLSv1.2"
SSLCipherSuite "ALL:!ADH:+HIGH:!MEDIUM:!LOW:!SSLv2:!3DES:!RC4:!EXP:!NULL:!AECDH:@STRENGTH"
nmap --script +ssl-enum-ciphers -Pn -p 8443 cmsw-pprd-01.hosting.vt.edu
Starting Nmap 7.60 ( https://nmap.org ) at 2020-09-18 15:41 EDT
Nmap scan report for cmsw-pprd-01.hosting.vt.edu (172.28.48.18)
Host is up (0.00066s latency).
Other addresses for cmsw-pprd-01.hosting.vt.edu (not scanned): 2607:b400:92:8100:0:34:d410:b13a
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds
The list of supported cipher suties is significantly smaller, but are these enough to support all of our clients?
The Mozilla SSL Configuration Generator suggests the following
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
This produces an identical result, with the CHACHA20-POLY1305 encryption method notably absent due to lack of support in the OpenSSL version 1.0.2 available on the cmsw-prod servers.
Note: The Apache HTTPD and OpenSSL implementations were compliled on our DBAA build server and deployed via Ansible from a local repository, as was customary at the time those machines were built. We chose to use bespoke binaries rather then the RPM versions available in RedHat Enterprise Linux or CentOS because the RPM versions tend to be very old compared to the upstream HTTPD and OpenSSL projects. RedHat does a commendable job of updating these packages with security patches, but rarely keeps up with features. Our AEM Dispatchers use features which are simply not available in the RPM versions of HTTPD.
Usage Analysis
Logging
- On 2020-09-24 enabled SSLLog on
cmsw-prod-01.hosting.vt.eduand began collecting logs. - SSLLog records domain, client_ip, date, TLS version, Cipher Suite, HTTP_Method, URI, User-Agent, port
Analysis Plan
Our objective is to find how much legitimate traffic will be disallowed if we drop support for older TLS versions.
- Collect data for 1 week.
- Filter out monitoring and non-TLS requests.
- Pandas for analysis? (parse and convert to CSV before import).
- Group by domain, User-Agent (main U-A string only?)
Analysis
After collecting a week of data from one dispatcher (cmsw-prod-01), I passed the logs through a Python filter to weed out non-TLS requests, monitoring requests, and some WordPress nonsense.
Total of 6156067 records, with 18698 of them NOT TLSv1.2. That's 0.003037328865978879 or about 0.3%.
Implementation
2020-10-05 Applied ab6c3c36ca226820feb2d6822104acc6e1f90488
And added cipher logging to cmsw-prod-02. Initial log summary is in line with the other machines.
2020-10-08 Applied 45afeb56eed7595dec0c48dbf0ec01ce61b29e42 (removed the <IfDefine> block in the prior change). TLSv1.2 is applied for all hosts.