Forum Discussion
Eric_Brander_27
Nimbostratus
NimbostratusSSL Encryption Level
Thanks for clicking.
I've been notified via our auditors that our BIGIP LTM is allowing weak encryption. Yet I cannot for the life of me find where I can tell the LTM to only allow Medium or High encryption.
Would anyone mind feeding me a clue?
Thanks,
Eric
From the audit:
THREAT:
The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.
SSL encryption ciphers are classified based on encryption key length as follows:
HIGH - key length larger than 128 bits
MEDIUM - key length equal to 128 bits
LOW - key length smaller than 128 bits
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For
example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further
communication on the secure channel. This vulnerability may not be exploitable for such configurations.
IMPACT:
An attacker can exploit this vulnerability to decrypt secure communications without authorization.
SOLUTION:
Disable support for LOW encryption ciphers.
9 Replies
hoolioCirrostratus
Hi Eric,
If you search for "SSL ciphers" on AskF5.com, you'll find SOL7815 which describes how to configure the ciphers used on a client SSL profile. If you want to handle this is a friendlier manner for the client, you could redirect clients using weak ciphers to a page which describes how to update their browser:
Redirect On Weak Encryption
http://devcentral.f5.com/wiki/default.aspx/iRules/RedirectOnWeakEncryption.html
Aaron
Eric_Brander_27Thank you! Ciphers is the keyword I was missing. I searched for encryption level, ssl level, etc, etc but not the word cipher.
Thanks again for the assistance!
david_quint_204I have had the same report from our PCI auditors. However, I have followed the askF5.com cipher strength recommendations to remove LOW level SSL encryption before our audit/scan was completed. Is there anything that can be done or is the PCI audit showing a false positive in some way?
David
Michael_YatesThis was the recommended ciphter that we found:
ALL:!SSLv2:!EXPORT40:!EXP:!LOW
You can get the features explinations here: http://www.openssl.org/docs/apps/ciphers.html
If you want to see which of your Virtual Servers are accepting less than 128 bit ciphers you can apply this iRule that will list the Client IP Address and the Cipher strength (this should help you determine if there is a false positive):when HTTP_REQUEST { if { [SSL::cipher bits] < 128 }{ log local0. "[IP::remote_addr] had cipher of [SSL::cipher bits]" }} }- david_quint_204Yes, I already have the same cipher string in place. I will try the iRule and see if it is a false positive or not. Thank you for the iRule, this will help tremendously.
David - hoolioThe Redirection on Weak Encryption Codeshare example handles this scenario more gracefully than disabling the low ciphers on the client SSL profile. The former gives you a chance to redirect the client to a page which explains why they're not able to access the application and a way to fix the problem. The latter should result in a TCP FIN or RST which the client would probably assume is a problem with the application.
The iRule will result in vulnerability scanners detecting LTM supports weak ciphers. However, this is a false positive as LTM won't allow such clients to access the application.
To view the ciphers included in a cipher string you can use tmm --clientciphers:tmm --clientciphers 'DEFAULT:!ADH:!EXPORT40:!EXP:!LOW' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 4 RC4-MD5 128 SSL3 Native RC4 MD5 RSA 1: 4 RC4-MD5 128 TLS1 Native RC4 MD5 RSA 2: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA 3: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 4: 47 AES128-SHA 128 SSL3 Native AES SHA RSA 5: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 6: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 7: 53 AES256-SHA 256 SSL3 Native AES SHA RSA 8: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 9: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 10: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA 11: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 12: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
Aaron - hoolioYes, the cipher strings option for client and server SSL profiles should work in 9.3.x. See SOL7815 for details:
SOL7815: Configuring the cipher strength for SSL profiles
https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html
Aaron 
brad_11480how do you change the encryption level for the web management to the appliance? seems that it is set to low and our security management people want it fixed!
thanks..
What_Lies_Bene1Modify the /var/run/config/httpd.conf.d/ssl.conf file, in particular the SSL Protocol and SSLCipherSuite values.
![\"F5](\"https://www.f5.com/content/dam/f5/f5-logo.svg\"){kind=logo}