Disable Low and Medium Strength Cipher for Java Applications

I use SSL so I am secure, right? - Wrong

A commonplace feeling is that if you are using TLS/SSL for communication between different components, the data in transit is safe. This is a misconception since the security of data in transit depends on what exact algorithms are being used for encryption. Some of the algorithms are deemed to be broken such as MD5 and RC4. During the negotiation between a client and a server when a TLS/SSL connection initiates, both the parties mutually decide which SSL version and cipher suite to go with for rest of the communication. SSL version 2 is considered to be unsafe while SSL v3 and TLS v1 are considerd safe.

Cipher What? - Cipher Suite


Cipher suites is a named combination of algorithms used for encryption when using TLS/SSL. It contains the encryption algorithm (like DES, RC4, AES) and the key size like (40, 56, 128 bit) and the hashing algorithm (like SHA and MD5). eg. RSA_WITH_RC4_128_SHA. Key size defines if the cipher is low, medium or high strength:
Low Strength Ciphers (< 56-bit key)
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
High Strength Ciphers (>= 112-bit key)

How to test SSL?

OWASP provides a good collection of tools to test your SSL configuration. One of the most convenient tool to do that is to use the TestSSLServer.jar file. More details here. The output looks like this:
java -jar TestSSLServer.jar www.google.com
Supported versions: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
  SSLv3
     RSA_WITH_RC4_128_MD5
     RSA_WITH_RC4_128_SHA
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     TLS_ECDHE_RSA_WITH_RC4_128_SHA
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  (TLSv1.0: idem)
  (TLSv1.1: idem)
  TLSv1.2
     RSA_WITH_RC4_128_MD5
     RSA_WITH_RC4_128_SHA
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA256
     RSA_WITH_AES_256_CBC_SHA256
     TLS_RSA_WITH_AES_128_GCM_SHA256
     TLS_RSA_WITH_AES_256_GCM_SHA384
     TLS_ECDHE_RSA_WITH_RC4_128_SHA
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
----------------------
Server certificate(s):
  007a5ab302f14446e2ea24d3a829de22ba1bf950: CN=www.google.com, O=Google Inc, L=M
ountain View, ST=California, C=US
  c0019e434cc04dc9086a6e63c8ecf74781e4f4a0: CN=www.google.com, O=Google Inc, L=M
ountain View, ST=California, C=US
----------------------
Minimal encryption strength:     strong encryption (96-bit or more)
Achievable encryption strength:  strong encryption (96-bit or more)
BEAST status: protected
CRIME status: protected

Java Applications


A lot of enterprise applications use Java Encryption to enable Transport Level Security. Some examples are Adobe AEM (previously known as CQ5) and Dell Boomi. The applications depend directly on the Java installed for their encryption needs. So if you need to limit the cipher suites to only strong ciphers, it has to be done in java settings. The file which contains this options is java.security which can be found under $JAVA_HOME/lib/security/. This file is available only from Java 1.7. So if you are using an older version of Java, its time to switch to a newer version now.

Solution


jdk.tls.disabledAlgorithms is the argument we need to set. It is a blacklist of all the Algorithms that are to be disabled. The proper value will be the one that restricts the least number of cipher suites while disabling all Low and Medium Strength ones. This worked out for me quite well:
jdk.tls.disabledAlgorithms=MD5, DSA, RSA keySize < 112, MD2, RC4, DES, NULL



Comments

Post a Comment

Popular posts from this blog

Pentester Academy Basic Authentication Challenge 3 via Python

Since I am learning python here is a try at solving a Basic Auth Brute Force challenge posted at Pentester Academy: http://pentesteracademylab.appspot.com/lab/webapp/basicauth The challenge is Basic in difficulty level and already provides the usernames: nick or admin. The password is of 5 letters and consists of only a , s and d . So the problem can be divided into two parts: 1. Creating all the password combinations Here is the recursive function that returns a list of all the 5 letter combinations of a , s and d : def fun(a):     chars="asd"     l = len(a)     lenthPerWord = len(a[0])     if lenthPerWord == 5:         return a     c=[]     for i in range(0,l):         for j in chars:                        c.append(j+a[i])     return fun(c) c=['a','s','d'] 2.  Try to login with all the username and password combinations For this part I used urllib2 – one of the most extensively used libraries for pen testing. Basic Authentica
Read more

Pentester Academy Challenge 4 via Python

Challenge 4 from Pentester Academy turned out to be nothing but a combination of two previous challenges. The login form expects POST credentials. But it also pops out a basic authentication login when the user enters the credentials. So let’s break this up into two parts: 1.        Cracking the password for Basic Authentication: We know the response for Basic Authentication is a header the contains Base64 encoded username:password preceded by Basic : Authorization: Basic YWRtaW46bXlwYXNz So we will generate a list of all password combinations and bombard the server with them till we succeed. At the end we will have user/password combination for Basic Authentication. The code for this looks like: import urllib2 import base64 import sys def fun(a):     chars="vie"     l = len(a)     lenthPerWord = len(a[0])     if lenthPerWord == 5:         return a     c=[]     for i in range(0,l):         for j in chars:                         c.appe
Read more