This article describes how to configure security policies on NSFOCUS WAF for protection against some common SSL vulnerabilities.
TLS Client-initiated Renegotiation Support on the Server – CVE-2011-1473
This vulnerability exists during SSL renegotiation, and services that use the SSL renegotiation function will be impacted. Although it is currently possible to use HTTPS without enabling the renegotiation process, most website servers have renegotiation enabled by default. OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service by performing many renegotiations within a single connection.
Protection procedure:
Log in as maintainer and set SSL Negotiation Times to 0.
SSL/TLS Bar Mitzvah Attack Vulnerability – CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.
Protection procedure:
Choose Security Management > Website Protection > Website Group, select a website group in the left pane and click Website Group Management.
Click in the Operation column of a website, click Advanced Options, and disable all RC4 algorithms for both Client and Server.
Click in the Operation column of a virtual website, click Advanced Options, and disable all RC4 algorithms for Client.
SSL 3.0 POODLE Information Disclosure Vulnerability – CVE-2014-3566
SSL 3.0 is an outdated and insecure protocol that has been replaced by TLS 1.0, TLS 1.1, and TLS 1.2. Most TLS implementations are still compatible with SSL 3.0 for compatibility reasons. An attacker capable of carrying out a man-in-the-middle attack can successfully implement a degraded attack by failing the negotiated connection between the affected version of the browser and the server using the newer protocol, thus allowing the client to communicate with the server using an insecure SSL 3.0 protocol. Due to the vulnerability of the implementation of CBC block encryption used by SSL 3.0, an attacker can successfully crack the encrypted information of an SSL connection, such as obtaining user cookie data. This attack is known as the POODLE attack – Padding Oracle on Downgraded Legacy Encryption.
Protection procedure:
Choose Security Management > Website Protection > Website Group, select a website group in the left pane, and click Website Group Management.
Click in the Operation column of a website, click Advanced Options, and disable SSL 3.0 for both Client and Server.
SSL/TLS Information Disclosure Vulnerability – CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.
Protection procedure:
Choose Security Management > Website Protection > Website Group, select a website group in the left pane, and click Website Group Management.
Click in the Operation column of a website, click Advanced Options, and disable all DES and 3DES algorithms for both Client and Server.
Click in the Operation column of a virtual website, click Advanced Options, and disable all DES and 3DES algorithms for Client.
SSL/TLS Protocol Security Vulnerability – CVE-2011-3389
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a “BEAST” attack.
Protection procedure:
Choose Security Management > Website Protection > Website Group, select a website group in the left pane, and click Website Group Management.
Click in the Operation column of a website, click Advanced Options, and disable SSL 3.0 and TLS 1.0 for both Client and Server.
Insecure Diffie-Hellman Key Exchange Vulnerability – CVE-2010-3173
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Protection procedure:
Choose Security Management > Website Protection > Website Group, select a website group in the left pane, and click Website Group Management.
Click in the Operation column of a website, click Advanced Options, and disable all DHE algorithms for both Client and Server.
Click in the Operation column of a virtual website, click Advanced Options, and disable all DHE algorithms for Client.