For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

san_239682's avatar
san_239682
Icon for Nimbostratus rankNimbostratus
Apr 26, 2016

Weak SSL cipher vulnerability during website vulnerability test

During a website vulnerability test we have found threat as: RC4 contains several known weaknesses, and cipher suites that use RC4 are considered "weak ciphers".Therefore, the following has been identified as a weak cipher: RC4-SHA. Recommended action as: The application server must be configured not to allow RC4-SHA. Furthermore, block ciphers such as AES and 3DES that use CBC mode are vulnerable to BEAST and POODLE attack if TLS 1.0 is supported. Now that all modern browsers support TLSv1.1 and TLSv1.2, there will be less concern over backward compatibility. Cigital recommends that the serversupport only TLSv1.2.

 

I was asked to re mediate vuln by disabling TLS 1.0 Can anyone kindly let me know if this is the possible remediation for the vulnerability

 

Thanks in advance

 

application delivery
LTM

13 Replies

  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    Apr 26, 2016

    Navigate to the client side SSL profiles you use. Within the Configuration section of each, change the dropdown box from Basic to Advanced. You will see a cipher suites field with the entry "DEFAULT".

    I recommend you change it to the following:

    ECDHE+AES-GCM:ECDHE+AES:DEFAULT:!TLSv1:!DHE:!RC4:!MD5:!EXPORT:!LOW:!SSLv2

    I also recommend adding the following iRule to all of your SSL VIPs as it will help you score an A or better on a Qualys SSL Labs scan:

    when HTTP_RESPONSE {

    HTTP::header insert Strict-Transport-Security "max-age=31536000; includeSubDomains"

    }
    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      Thank you Ekaleido Just to confirm !TLSv1 disables using the version TLSv1 on SSL profile right?
    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      Is this vulnerability associated only with using TLSV1 or with any other issues
  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Apr 26, 2016

    Navigate to the client side SSL profiles you use. Within the Configuration section of each, change the dropdown box from Basic to Advanced. You will see a cipher suites field with the entry "DEFAULT".

    I recommend you change it to the following:

    ECDHE+AES-GCM:ECDHE+AES:DEFAULT:!TLSv1:!DHE:!RC4:!MD5:!EXPORT:!LOW:!SSLv2

    I also recommend adding the following iRule to all of your SSL VIPs as it will help you score an A or better on a Qualys SSL Labs scan:

    when HTTP_RESPONSE {

    HTTP::header insert Strict-Transport-Security "max-age=31536000; includeSubDomains"

    }
    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      Thank you Ekaleido Just to confirm !TLSv1 disables using the version TLSv1 on SSL profile right?
    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      Is this vulnerability associated only with using TLSV1 or with any other issues
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Apr 26, 2016

    The first solution offered by ekaleido is OK, but a bit bulky for recent versions. In BigIP v11.5.1, there's no need for as many custom keywords, in particular SSLv2 and LOW-grade ciphers are already disabled by default.

    You can achieve a similar outcome with 'DEFAULT:!RC4:!TLSv1' and then add into the mix this HSTS iRule (or use equivalent LTM Policy). This will be sufficient for grade A+ in regards to SSL security. CBC in combination with TLS1.1 or TLS1.2 or DTLS1 is completely acceptable. Some second-grade security scanners may recommend to disable CBC globally across all TLS versions (that's BS that should be ignored).

     tmm --clientciphers 'DEFAULT:!RC4:!TLSv1'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA
 1:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA
 2:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA
 3:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA
 4:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA
 5:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA
 6:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA
 7:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA
 8:    10  DES-CBC3-SHA                     192  TLS1.1  Native  DES     SHA     RSA
 9:    10  DES-CBC3-SHA                     192  TLS1.2  Native  DES     SHA     RSA
10:    10  DES-CBC3-SHA                     192  DTLS1   Native  DES     SHA     RSA
11: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
12: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
13: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
14: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
15: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
16: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA
17: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.1  Native  DES     SHA     ECDHE_RSA
18: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.2  Native  DES     SHA     ECDHE_RSA