In the course of doing the report I of course wanted to point to a good reason why this was the case. It was actually difficult to find a CVE/CVSS/etc to say why its bad, in fact I never did. Kind of the same with allowing VRFY on your SMTP server. We all know its bad, but where is the proof.
Nevertheless, here are some links that were useful in understanding the problem.
http://www.foundstone.com/us/resources/whitepapers/wp_ssldigger.pdf
http://www.gnu.org/software/gnutls/manual/html_node/On-SSL-2-and-older-protocols.html
http://osvdb.org/show/osvdb/56387
http://www.schneier.com/paper-ssl.pdf
http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Security
http://clearskies.net/blog/2009/03/01/insecure-ssl-and-how-pci-nearly-gets-it-right/
OSVDB updated their entry for SSLv2
http://osvdb.org/56387
Also a couple of tools to do some checking for you:
Foundstone's SSLDigger
http://www.foundstone.com/us/resources/proddesc/ssldigger.htm
nmap will do this for you with -A with port 443 open or with the sslv2 script
http://nmap.org/nsedoc/scripts/sslv2.html
ssl-cipher-check.pl from http://www.unspecific.com/ssl/
Example output from the tool site:
Usage:
$ perl ./ssl-cipher-check.plDefault Output:
: SSL Cipher Check: 1.2
: written by Lee 'MadHat' Heath (at) Unspecific.com
Usage:
./ssl-cipher-check.pl [ -dvwas ][ ]
default port is 443
-d Add debug info (show it all, lots of stuff)
-v Verbose. Show more info about what is found
-w Show only weak ciphers enabled.
-a Show all ciphers, enabled or not
-s Show only the STRONG ciphers enabled.
$ perl ./ssl-cipher-check.pl mail.yahoo.com
Testing mail.yahoo.com:443
SSLv3:RC4-MD5 - ENABLED - STRONG 128 bits
SSLv3:DES-CBC3-SHA - ENABLED - STRONG 168 bits
SSLv3:RC4-SHA - ENABLED - STRONG 128 bits
** SSLv3:DES-CBC-SHA - ENABLED - WEAK 56 bits **
** SSLv3:EXP-RC4-MD5 - ENABLED - WEAK 40 bits **
** SSLv3:EXP-DES-CBC-SHA - ENABLED - WEAK 40 bits **
** SSLv3:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits **
SSLv3:AES128-SHA - ENABLED - STRONG 128 bits
SSLv3:AES256-SHA - ENABLED - STRONG 256 bits
TLSv1:RC4-MD5 - ENABLED - STRONG 128 bits
TLSv1:DES-CBC3-SHA - ENABLED - STRONG 168 bits
TLSv1:RC4-SHA - ENABLED - STRONG 128 bits
** TLSv1:DES-CBC-SHA - ENABLED - WEAK 56 bits **
** TLSv1:EXP-RC4-MD5 - ENABLED - WEAK 40 bits **
** TLSv1:EXP-DES-CBC-SHA - ENABLED - WEAK 40 bits **
** TLSv1:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits **
TLSv1:AES128-SHA - ENABLED - STRONG 128 bits
TLSv1:AES256-SHA - ENABLED - STRONG 256 bits
** SSLv2:RC4-MD5 - ENABLED - WEAK 128 bits **
** SSLv2:RC2-CBC-MD5 - ENABLED - WEAK 128 bits **
** SSLv2:DES-CBC-MD5 - ENABLED - WEAK 56 bits **
** SSLv2:EXP-RC4-MD5 - ENABLED - WEAK 40 bits **
** SSLv2:EXP-RC2-CBC-MD5 - ENABLED - WEAK 40 bits **
** SSLv2:DES-CBC3-MD5 - ENABLED - WEAK 168 bits **
*WARNING* 14 WEAK Ciphers Enabled.
Total Ciphers Enabled: 24
Links that go with the above tools
ssl-cipher-check author's talk slides
http://dc214.org/.go/presentations#mar2009
Disabling SSLv2 on a variety of services:
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://adamyoung.net/Disable-SSLv2-System-Wide
sslscan, great tool, might have to disable elliptic curve ciphers in the code if your openssl doesnt support it.
ReplyDeleteI've used this tool before to good effect. It detects preferred ciphers as well.
ReplyDeletehttps://www.titania.co.uk/index.php?option=com_content&view=article&id=56&Itemid=68
To add to concern, it appears that some popular modern mobile devices support weak ciphers.
http://michael-coates.blogspot.com/2009/12/iphone-android-support-weak-ssl-ciphers.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MichaelCoates%2Fsecurity+%28Michael+Coates+Blogspot%29
If you're looking for a ruby options for checking cipher suites, here's a script I knocked up a little while ago.
ReplyDeletehttp://www.mccune.org.uk/code/ruby-ssl-checker.rb
planning to do a metasploit module for it soon...
These are the URL hosted on OWASP:
ReplyDelete1. http://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29#References
2. http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet