TLS weak cipher suites from OpenVAS

[calvet27]

Hi,

I had a vulnerability test with OpenVAS on TLS connection. But I've got the message like below:

Weak' cipher suites accepted by this service via the TLSv1.2 protocol: TLS_RSA_WITH_SEED_CBC_SHA

That means CBC(Cipher Block Chaining) mode is not blocked by Drachtio SIP Server. Is there any solution for this issue?

[amateope]

Hi,

Same problem here. I have a drachtio server running with TLS and want to configure the cipher suites offered by drachtio. Would be this possible?

I have tried a workaround by overriding the openssl configuration at OS level and I see my changes applied (bash: openssl ciphers) but looks like drachtio is using a different SSL implementation or at least ignoring this configuration and using its own ciphers.

The reason why I want to configure this is that I have pentested the connection with a security tool (https://github.com/drwetter/testssl.sh) and found the same issue reported by @calvet27

• Obsoleted CBC ciphers (AES, ARIA etc.) are offered, which it's a security vulnerability kwnown as LUCKY13 (CVE-2013-0169).

I also noticed this but it's not a vulnerability:

• DRACHTIO_MIN_TLS_VERSION is not respected when set to 1.3 (it offers 1.2 and 1.3).

To illustrate the use case, we have solved similar issues with Asterisk and Kamailio through configuration parameters. As an example:

Asterisk SIP configuration (https://github.com/asterisk/asterisk/blob/18/configs/samples/sip.conf.sample)

• tlscipher=SSL cipher string A string specifying which SSL ciphers to use or not use. A list of valid SSL cipher strings can be found at: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS e.g tlscipher=HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA:!DSS:!SEED:!3DES

Kamailio TLS configuration (https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.cipher_list):

• cipher_list=SSL cipher string Sets the list of accepted ciphers. The list consists of cipher strings separated by colons. For more information on the cipher list format see the cipher(1) openssl man page. The default value is not set (all the Openssl supported ciphers are enabled).

Thanks in advance for any help or guidance on this.

Kind regards, Antonio.

[calvet27]

@amateope

I think that Drachtio SIP server uses OpenSSL 1.1.1n. But it does not have CBC as a cipher string. According to my reseach, From OpenSSL 3.0, That versions have CBC as a cipher string.

• https://www.openssl.org/docs/man1.1.1/man1/openssl-ciphers.html

So that means, It's impossible to configure directly to disable CBC.

As an alternative way, We can modify sources of OpenSSL 1.1.1n to disable crypto suites using CBC.

• It needs changing the location for openssl.cnf first, For example:

  # ./Configure linux-x86_64 no-seed no-camellia --openssldir=/usr/lib/ssl

• Find crypto suites using CBC manually, For example:

  # grep -r TLS_RSA_WITH_AES_256_CBC_SHA

• Check the state of the crypto suite in the files both include/openssl/tls1.h and ssl/s3_lib.c.

• Set defined value to 0 to disable the crypto suite.

• Repeat this setting for each crypto suite.

• Compile OpenSSL and have some test with nmap commands:

  # nmap -p 5061 --script ssl-enum-ciphers localhost  | grep CBC

The above alternative is somewhat inconvenient and does not facilitate version management. I need another simpler way