SSL/TLS Vulnerabilities: HTTPS connection with weak key length

by LauCyun May 13,2018 14:52:34 55,970 views

前几天,公司的产品在公安部三所检测的时候,爆出一个名为HTTPS connection with weak key length的中危漏洞,经过一番沟通后,得知他们的检测工具是WVS。为此对这个问题稍作了研究和大家分享一下。

1 漏洞描述

如图1所示,该漏洞为一个中危漏洞,其名为HTTPS connection with weak key length


图1 漏洞信息

该漏洞的详细描述如图2所示:


图2 漏洞描述

从图2中的漏洞描述,爆其漏洞的原因是:HTTPS连接用的加密算法是DES-CBC3-SHA(其密钥长度为112位),而要求的密钥长度是大于或等于128位。

2 解决方案

为了兼容性等问题,SSL/TLS的加密算法有很多,但是其中不妨存在易被攻击的加密算法,比如:Sweet32攻击。

为此,需要禁用一些不安全协议,如下:

# Apache (Default: /<path>/mods-available/ssl.conf)
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
# Nginx (Default: /<path>/conf/sites-enabled/default)
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

至于其他的中间件,请参考Cipherli.st

推荐使用Cipherli.st中的配置文件,安全性至少可以提高到90%以上。

如果中间件是gevent的话,推荐使用如下配置:

ssl = {
    'certfile': cert_path,
    'keyfile': key_path,
    'ciphers': 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4',
}
http_server = WSGIServer(listener=('0.0.0.0', 5500), application=app, **ssl)

http://www.gevent.org/_modules/ssl.html可知,gevent的默认加密算法是:

_DEFAULT_CIPHERS = (
    'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
    'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
    '!eNULL:!MD5'
)

到这,漏洞HTTPS connection with weak key length基本上就修复完成了。

3 参考

Tags