On Fri, Mar 15, 2013 at 6:42 PM, Steve Pribyl <spri...@viaforensics.com> wrote: > I have recently come to support a OpenBSD e-commerce site have to pass PCI > DSS compliance. It currently > fails the BEAST attack scan because the server responds with vulnerable > ciphers. I am looking for suggestions > on remediating the problem.
1) TLS CBC cipher suites are subject to BEAST and Lucky 13 attacks 2) TLS RC4 cipher suites are subject to an initial bias attack** and use only 128bits of key 3) the commonly deployed TLS 1.0 cipher suites use either CBC or RC4 4) TLS 1.1 and 1.2 client deployment may be insufficient to support your customer base So, which one will you bite the bullet on? Personally, if I was managing a publicly faced secure web server, I would pick (1) and sneer at the BEAST and Lucky 13 attacks and just offer the 3DES and AES256 cipher suites. ** c.f. http://www.forbes.com/sites/andygreenberg/2013/03/13/cryptographers-show-mathematically-crackable-flaws-in-common-web-encryption/ for example > Neither of these seem to actually turnoff the bad ciphers. > > SSLHonorCipherOrder On > SSLCipherSuite RC4-SHA:HIGH:!ADH If you want to never use a cipher suite, you need to never add it to the list (which you do via "HIGH") or remove it completely via the '!' operator and not add it back afterwards. To test your attempts to get it to what you want, use the "openssl ciphers -v" command, ala: openssl ciphers -v RC4-SHA:HIGH:!ADH > SSLHonorCipherOrder On > SSLCipherSuite > ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH You explicitly list "ECDHE-RSA-AES128-SHA256", which is a CBC cipher, *first*! What were you intending when you did that? And then, of course, "HIGH" pulls in all the generic AES and 3DES ciphers. What were you intending when you included that? > If there is not real problem I can accept that but I will need some real > statement so I can apply for an exemption. c.f. (1) to (5) above and make your choice. Philip Guenther
