Assess use of older, weaker ciphersuites

cloud-gov / product

Program-level artifacts, workflow and issues for cloud.gov

Creative Commons Zero v1.0 Universal

31 stars 15 forks source link

Assess use of older, weaker ciphersuites #2833

Closed pburkholder closed 9 months ago

pburkholder commented 9 months ago

In order to chose a ciphersuite that balances the needs of the public vs current cryptographic standards, we should assess traffic to selected sites and analyse them.

Security considerations

Safe for assessing and publishing. We already discuss our ciphersuite select on the cloud.gov site at https://cloud.gov/docs/compliance/domain-standards/#ssltls-implementation

Implementation sketch

[x] Get the CF distros for two sites with a range of browsers and users
[x] Download 24h of logs
[x] Share results of TLS & cipher combos

pburkholder commented 9 months ago

How to get CloudFront logs is now documented in our internal-docs repo at docs/runbooks/AWS/aws-cloudfront-logs.md

The results for a site with 2M entries over two days, with a broad range of browsers is:

cat E(redacted)2* | grep -v '^#' | awk '{print $21, $22}' | sort | uniq -c
14217 - -
91905 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 465 TLSv1.2 ECDHE-RSA-AES128-SHA256
1898244 TLSv1.3 TLS_AES_128_GCM_SHA256

The distro is using the TLSv1.2_2018 policy from the set of CloudFront policies

pburkholder commented 9 months ago

For a government & finance related site we host, the results are for 5M entries on 2024-01-05:

 cat E* | grep -v '^#' | awk '{print $21, $22}' | sort | uniq -c

294883 - -
   6 TLSv1.2 AES128-GCM-SHA256
530910 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
10612 TLSv1.2 ECDHE-RSA-AES128-SHA256
  17 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
4674815 TLSv1.3 TLS_AES_128_GCM_SHA256
 204 TLSv1.3 TLS_AES_256_GCM_SHA384

pburkholder commented 9 months ago

This should be sufficient data for us to migrate to a more restrictive ciphersuite.

pburkholder commented 9 months ago

There were 6 uses of the deprecated AES128-GCM-SHA256 ciphersuite. They were from

a) a wireless provider in India, user-agent Mozilla/5.0%20(Windows%20NT%206.3;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/70.0.3538.77%20Safari/537.36 (note Chrome 70 is from October 2018) b) a ZScaler client, user-agent Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/44.0.2403.130%20Safari/537.3 (note Chrome 44 is from July 2015).

pburkholder commented 9 months ago

I've added a sheets to our ALB Ciphers workbook with these results.

At this point I recommend tls13-1-2-2021-06, which would not block the 0.2% of site B's users that are still using CBC ciphers.

pburkholder commented 2 months ago

Update - the notes on how to recover logs from Cloudfront are in a closed, unmerged PR: https://github.com/cloud-gov/internal-docs/pull/174