Skip to main content

Information Security

SSL Vulnerabilities

Many versions of the mechanism used to secure your web traffic are no longer safe.

When a browser communicates to a web server, the recommendation is to ensure the web site uses an encrypted connection - otherwise anyone can see all your private data. Although users are told to look for the padlock icon next to the web address, or make sure the web address begins with https://, many protocols that handle the encryption of that link are no longer considered secure.

If you are responsible for managing a server, or are responsible for ensuring browsers only communicate in a secure way, you need to ensure your systems are configured in a way that ensures the encrypted links really are secure.

What is at risk?

Web servers and browsers that allow encryption to be established using old and obsolete protocols put all the data transmitted over the network at risk. Browsers and servers often leave support enabled in case it is required, which removes the protections afforded by modern protocols.

Recommendations

  • Disable support for SSLv2 and PCT on servers and browsers. These protocols are known insecure since 1995
  • Disable support for SSLv3 on servers and browsers. This protocol is known insecure since 2006
  • Disable support for TLS 1.0, or at least disable compression, on servers and browsers. This protocol is known exploitable since 2011. Further, no credit card handling system will be permitted to support this protocol in 2018.
  • Disable support for weak ciphers, including DES, 3DES, RC4. These ciphers are known breakable.
  • Ensure support for modern ciphers (AES), modes (GCM) and protocols (TLS 1.2)

What are the impacts to disabling protocols? Will this deny access to users?

All major browsers have supported the most modern of protocols since 2014, and have supported acceptable older protocols (such as TLS 1.1) for eight years or more. In short, if a browser does not support secure protocols, the system the user is coming from is very likely compromised, and should not be trusted to connect.

All trustworthy web server software has supported protocols almost as soon as they have been released. If a web site does not support modern or acceptable modern protocols (TLS 1.1 or TLS 1.2), then it is also likely that website itself cannot be trusted, and you should not be sharing data with that site.

How do I configure my webserver?

For Apache web servers, use the configuration lines below

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS 

A Quick History of SSL/TLS

July 1994 SSLv1 Netscape Communications developed SSL (Secure Sockets Layer) to handle the encryption over a web browser/web server link. SSLv1 was in use internally within Netscape and reportedly cracked within the first 10 minutes of it being shown to MIT students. It was never released to the public.
Nov 1994 SSLv2 Version 2 of the SSL protocol suite, released by and a proprietary product of Netscape. Significant flaws discovered a few months after release. SSLv2 was officially withdrawn less than a year later.
Oct 1995 PCT 1.0 Microsoft release a competing standard to SSL named PCT (Private Communications Technology). Supported in Microsoft products only and the source of significant exploits over the years. It has not been supported in any browser since IE5, but is still supported by current versions of IIS.
Nov 1995 SSLv3 Released to address significant exploited SSLv2 and PCT flaws. 
Jan 1999 TLS 1.0 International standard specification of the SSL/PCT security protocols, named TLS (Transport Layer Security). TLS 1.0 and SSLv3 are largely identical.
Apr 2006 TLS 1.1 Update to address potential flaws determined by researchers in TLS 1.0. These flaws were exploited by a global and devastating cyberattack named BEAST in 2011 (6 years after TLS 1.0 was superseded).
Apr 2008 TLS 1.2 Update to address potential flaws determined by researchers in TLS 1.1. These flaws have not been observed to be exploited (yet).
May 2013 Edward Snowdon Whistleblower reveals state of insecurity across the internet, and how it is being actively exploited by (at least) NSA
Aug 2013 TLS 1.3 Work begins on an update to TLS 1.2 addressing, amongst other issues, weaknesses revealed by Snowdon
Late 2013/early 2014   Chrome, Safari, IE and Firefox all add support for TLS 1.2.
Oct 2015   A cyberattack named POODLE exploits flaws in SSLv3. 10% of all internet servers found vulnerable, despite flaws identified and corrected 15 years previously 
Mar 2016   A cyberattack named DROWN exploits flaws in SSLv2. 33% of all internet servers found vulnerable, despite flaws identified and corrected 21 years previously
Jul 2016   PCI Council releases edict that a requirement of PCI-DSS compliance is that any site that handles credit card data must not support TLS 1.0 or lower.  Full compliance is required prior to July 2018.
Jul 2017   Paypal discontinues support for TLS 1.0 and TLS 1.1. All merchant connections can only use TLS 1.2. Consumer websites (eg www.paypal.com) will also be restricted to TLS 1.2 before end 2017.