Re: Anything in this story of concern?

Tue, 10 Sep 2013 12:13:48 -0700 

On 9/9/2013 5:51 AM, Mark Felder wrote:

I'm still waiting for someone to thoroughly analyze this question

What's worse: the possibility that NSA has cracked RC4 or being
vulnerable to BEAST/CRIME?
They're both equally bad, IMO. BEAST/CRIME are known, usable exploits. RC4 isn't proven broken, but it has been shown as weaker than expected, so 128-bit RC4 << 128-bit AES in terms of strength. That does mean if you're subject to certain privacy constraints, you must disable RC4.
AFAIK there aren't yet any usable exploits against RC4's weaker status and it's still much stronger than 64-bit crypto--the point at which it's currently accepted as brute-force vulnerable.
Currently, BEAST has been effectively mitigated client-side and most major applications now support 1.1 or later.
Current Firefox and Thunderbird use NSS 3.14, which supports 1.1, but the apps have it disabled by default (set security.tls.version.max=2 in each to enable). Firefox 24 should have NSS 3.15.1 and thus support 1.2.
IE on Windows 7/8 supports TLS 1.1 and 1.2, but have them disabled by default. IE 11 is supposed to have them enabled by default; but this is Microsoft, so we can't know until bits are out the door. 

Chrome, Opera and Safari support both and have them enabled by default.
At the OS level, Windows and OS X both have 1.1 and 1.2 support. If your *nix of choice has OpenSSL 1.0.1, it has 1.1 and 1.2 support. OpenSSL is tricky because most apps only give you cipherspec control. Via cipherspec, !SSLv3 also turns off TLS 1.1 because it leaves only the 1.2-only AES-GCM ciphers. Some OpenSSL-based apps, like Postfix and nginx, have the ability to also specify a protocol filter. 


tl;dr:

- Disable RC4, it's weak.
- Upgrade your user apps.
- Upgrade OpenSSL to 1.0.1 (via ports, it's easy).
- Deploy TLS 1.1 and 1.2 on your servers today.
- Leave SSLv3/TLSv1.0 enabled only for cases where you can't control the remote end's SSL capabilities. 
- Recommended OpenSSL 1.0.1 cipherspec:

ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH



_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Reply via email to