The Joy Of Ciphers


Whilst re-installing a desktop for a refresh I usually harden the installation to reduce the attack surface, and weed out legacy options that only assist a penetration 'tester'.

One of the areas is to restrict the available ciphers - for most corporate install requirements this is fairly simple as the security model tends to be closed box, but when you're dealing with smaller enterprises or residential operations you're at the mercy of ISPs. Having to find the information annoyed me so I thought I may be able to save someone else some pain by publishing it.

If you're dealing with a personal machine and locking down cipher suites via something like Group Policy, you'll soon discover there's a maximum character limit on the SSL configuration item - so you'll need to be selective with your allow list.

If you have a base list which looks something like this:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA

(It's no secret config - you can find a list like this from search engines)

That's all well and good but the last item on that list is going to get scythed in half rendering the whole list unusable by the OS. We get rid of SSL, RC4 and other legacy / export ciphers from the Good 'Ol Days but you'll soon find that a lot of hosting providers out there don't support any of these yet.

Prime example is GoDaddy. I had to set up this desktop to use a GoDaddy hosted mail server which meant I'd have to hunt for the ciphers enabled for their servers. If you ever have occasion to do this yourself I heartily recommend nmap. It's really rather good. There are known & unresolved issues with Windows 8.1 and Nmap but I tend to run it on Debian or Kali to avoid any issues.

nmap -p 993 --script ssl-enum-ciphers [emailserver]
Once you've figured out which ciphers are supported (use either common sense or ask a security pro) you'll have to combine these - if any - into your cipher list for the GP editor. The real pain was finding the cipher which was stopping Windows App Store from working on 8.1. Trial, reboot and then error.

In this case I had to replace two items from the previous list with the following ciphers and chucked a couple of less important variations from the list above:
TLS_RSA_WITH_AES_256_CBC_SHA GoDaddy email servers
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Windows App Store

They are actually strong ciphers with decent key exchange so I'm not going to worry. If there's SSL_ ciphers in there, or with anonymous key exchange; ditch them. Have advised the person who's machine this is of the issue and it's implications but they're not what I'd call a high-value target, so less likely to be abused.

The ciphers are more restricted, the values fit into the group policy editor and everything seems to be operational again. If you find SChannel items on your System event log like this:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is  [x]

It's likely that your workstation / server cannot negotiate a secure channel with the remote endpoint, time to check your allowed cipher list (or escalate it with the relevant host).

Please note that this is not the be-all and end-all of configurations, this is merely a small part of your defence-in-depth.

Comments

Popular posts from this blog

Scam Alert - DMR Financial

[Belated] Naughty List 2016

Scam Warning - SpellJobs.com