Menu

#4403 SSL/TLS Cipher Selection,

All
open
7
2018-01-26
2014-05-04
Steven Page
No

recently I have been working on my cipher string input for each application that uses SSL/TLS (i.e. Apache2, NGinX, Sendmail, Dovecot, etc).

however, i noticed that Webmin/Virtualmin does not seem to be responding to my Cipher string input.

i have enabled DH, ephemeral and elliptical curve ciphers on most of my servers, sorted in preference of strength (using @strength)

however, webmin stays at AES-256-CBC using SHA1 for auth, and RSA as KEX.

i also tried checking the boxes for "strong" ciphers, or "perfect forward secrecy" type ciphers, including "prefer server defined cipher order", but nothing changes.

the only time i could get it to change the cipher order, was downgrading to a lesser strength cipher, or when using Auto selection (AFAIK)

might this be a bug in the miniserv.pl application? is the cipher order string unconventional, or does it support whatever is supported by the system installed package of OpenSSL?

thanks!

Discussion

  • Bob

    Bob - 2014-05-09

    Jamie - I have come across a security scan problem related to this, See the link to linux4beginners.info for additional information:

    Product doing scan: SecurityCenter from tenable network security

    Plugin ID: 20007 Family: Service detection Plugin Type: Active
    Plugin Name: SSL Version 2(v2) Protocol Detection

    Description
    
The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.


    Solution
    
Consult the application's documentation to disable SSL 2.0 and use
SSL 3.0, TLS 1.0, or higher instead.


    See Also

    http://www.schneier.com/paper-ssl.pd
    f
http://support.microsoft.com/kb/187498
    http://www.linux4beginners.info/node/disable-sslv2

    Risk Factor: Medium



    CVSS Base Score
    
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

    CVE
    
CVE-2005-2969


    Plugin Publication Date: Oct 12, 2005
    

Plugin Last Modification Date: Jan 25, 2013


    Source File: ssl_deprecated.nasl

    
Version: $Revision: 1.19 $



     
  • Jamie Cameron

    Jamie Cameron - 2014-05-11

    You should be able to disable use of SSL v2 completely on the SSL page in Webmin.

     
  • Steven Page

    Steven Page - 2014-05-15

    where is the option to disable SSLv2 Completely? i don't see it...

    if you mean change the cipher line to disable sslv2 ciphers; my issue is that i simply can not get webmin to comply with changes to the cipher line,

    especially when trying to change to any ephemeral cipher / eliptical curve cipher types

     
  • Jamie Cameron

    Jamie Cameron - 2014-05-15

    My mistake - the option to disable certain SSL versions was removed in favor of the ciphers list.

    If you select " Only strong ciphers with perfect forward secrecy", save the page and then open it again, is that option still selected?

     
  • Andrew Reis

    Andrew Reis - 2015-10-08

    I'm going to interject here. I use Webmin on a bunch of client machines. There are a few that are subject to PCI compliance scans. A couple things bother me in relation to this issue...:

    1. The "Only Strong Ciphers with Perfect Forward Secrecy" still includes RC4-SHA, which is now causing PCI scans to fail.
    2. It seems as if, and I don't know which applies here, but either Webmin OR MiniServ DOES NOT seems to support any DH, DHE, ECDH or ECDHE ciphers. I have compiled the latest version of OpenSSL (1.0.2d) and also compiled the latest version of Net::SSLeay (1.72) perl module and restarted Webmin and still am receiving or a fraction of the ciphers I should be.

    Example: Cipher list string = 'HIGH:!LOW:!MEDIUM:!RC4:!DES:!DSS:!PSK:!aECDH:!DH:!SRP:!MD5:!DSS:!eNULL:!aNULL:!SSLv2:@STRENGTH'

    OpenSSL Output using "openssl ciphers -v 'HIGH:!LOW:!MEDIUM:!RC4:!DES:!DSS:!PSK:!aECDH:!DH:!SRP:!MD5:!DSS:!eNULL:!aNULL:!SSLv2:@STRENGTH' | awk '{print $1}'"

    What SSLScan returns when scanning against Webmin with the cipherlist set with SSLv2, SSLv3 and TLSv1.0 disabled:

    Version: 1.11.0-rbsec-4-g68aaac1
    OpenSSL 1.0.2e-dev xx XXX xxxx

    Testing SSL server <ip address=""> on port 10000</ip>

    TLS renegotiation:
    Session renegotiation not supported

    TLS Compression:
    Compression disabled

    Heartbleed:
    TLS 1.2 not vulnerable to heartbleed
    TLS 1.1 not vulnerable to heartbleed
    TLS 1.0 not vulnerable to heartbleed

    Supported Server Cipher(s):
    Preferred TLSv1.2 256 bits AES256-GCM-SHA384
    Accepted TLSv1.2 256 bits AES256-SHA256
    Accepted TLSv1.2 256 bits AES256-SHA
    Accepted TLSv1.2 256 bits CAMELLIA256-SHA
    Accepted TLSv1.2 128 bits AES128-GCM-SHA256
    Accepted TLSv1.2 128 bits AES128-SHA256
    Accepted TLSv1.2 128 bits AES128-SHA
    Accepted TLSv1.2 128 bits CAMELLIA128-SHA
    Accepted TLSv1.2 112 bits DES-CBC3-SHA
    Preferred TLSv1.1 256 bits AES256-SHA
    Accepted TLSv1.1 256 bits CAMELLIA256-SHA
    Accepted TLSv1.1 128 bits AES128-SHA
    Accepted TLSv1.1 128 bits CAMELLIA128-SHA
    Accepted TLSv1.1 112 bits DES-CBC3-SHA

    SSL Certificate:
    Signature Algorithm: sha256WithRSAEncryption
    RSA Key Strength: 4096

    So it isn't even ATTEMPTING to negotiate any ECDHE ciphers, which would truly provide actual forward secrecy.

     
  • Michał Faflik

    Michał Faflik - 2018-01-26

    This issue is so old and still open. Please pay more attention to security. Despite selecting rejected protocols to all except TLSv1.2 it still choses to use TLSv1.0.
    Choosing "Only strong ciphers with perfect forward secrecy", makes no difference, except from chosing ECDHE_RSA with P-384 key exchange and AES_256_CBC with HMAC-SHA1 cipher but TLSv1.0 still in place.

     

Log in to post a comment.