backblaze.com - main website

[sindarina]

SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=backblaze.com

Cipherscan Results

Target: backblaze.com:443

prio  ciphersuite  protocols  pfs_keysize
1     RC4-SHA      TLSv1

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

Verdict This is kind of amazing in how bad this is. In earlier tests, they also had 3DES active, which has since been removed, leaving only RC4. This needs some serious work. Added a 'RC4 ONLY' tag just for this.

Recommendations Follow the recommendations given by the SSL Server Test. This means, as an absolute minimum; enabling AES ciphers, disabling RC4, and resolving the chain issue. But given the company's focus on encryption in their products, and their history of quoting 'military-grade' encryption, they should go for the A+. Upgrade for TLSv1.2 support, enable Forward Secrecy, HSTS, and HTTPS by default.

[sindarina]

Since I can't access their site with a hardened Firefox (no RC4, no 3DES) I have notified them via email; 'whoisinfo@backblaze.com' (WHOIS tech contact) and 'security@backblaze.com'. Hopefully one of them will be read and acted upon.

[sindarina]

This isn't the first they've heard about it, by the way, this is from last month; https://twitter.com/sindarina/status/562282153883734016 https://twitter.com/backblaze/status/562351727429435395 https://twitter.com/backblaze/status/562323595326550016

No action. Unless you want to count removing support for 3DES and going hardcore RC4 only.

[sindarina]

Improved somewhat, this week;

Target: backblaze.com:443

prio  ciphersuite           protocols  pfs_keysize
1     DHE-RSA-AES256-SHA    TLSv1      DH,1024bits
2     DHE-RSA-AES128-SHA    TLSv1      DH,1024bits
3     EDH-RSA-DES-CBC3-SHA  TLSv1      DH,1024bits
4     AES256-SHA            TLSv1
5     AES128-SHA            TLSv1
6     DES-CBC3-SHA          TLSv1

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

But not by that much. They dropped their RC4 only setup, but replaced it with DHE ciphers with 1024-bit keys, which are considered weak. Still no robust Forward Secrecy. Might be the best they can do with their existing setup, but we should expect better from a company like Backblaze. They sell 'strong encryption', after all.

[sindarina]

Still not sorted, no acknowledgement of the issue whatsoever.

Cipherscan Analysis Results

backblaze.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

[sindarina]

No change.

[sindarina]

No change.

backblaze.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

[sindarina]

No change.

www.backblaze.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

[sindarina]

No change.

[sindarina]

No change.

[sindarina]

No change.

Cipherscan Results

Target: www.backblaze.com:443

prio  ciphersuite           protocols  pfs_keysize
1     DHE-RSA-AES256-SHA    TLSv1      DH,1024bits
2     DHE-RSA-AES128-SHA    TLSv1      DH,1024bits
3     EDH-RSA-DES-CBC3-SHA  TLSv1      DH,1024bits
4     AES256-SHA            TLSv1
5     AES128-SHA            TLSv1
6     DES-CBC3-SHA          TLSv1

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

Cipherscan Analysis

www.backblaze.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

[sindarina]

No change.

[sindarina]

In light of the details of the Logjam attack (https://weakdh.org/), we are upgrading 1024-bit DH keys to a red level issue that should be resolved, as that key size puts it within reach of state-level adversaries and is no longer considered safe.

See https://github.com/isvsecwatch/httpstracker#a-note-on-dhdhe for details.

[sindarina]

With today's changes to the SSL Server Test, this now caps at 'C'; https://www.ssllabs.com/ssltest/analyze.html?d=backblaze.com

[sindarina]

It looks like their response to Logjam is to disable DHE ciphers competely, falling back to static only.

Cipherscan Results

Target: www.backblaze.com:443

prio  ciphersuite   protocols  pfs_keysize
1     AES256-SHA    TLSv1
2     AES128-SHA    TLSv1
3     DES-CBC3-SHA  TLSv1

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

Cipherscan Analysis

www.backblaze.com:443 has intermediate with bad ordering ssl/tls

Changes needed to match the intermediate level:
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider enabling OCSP Stapling
* increase priority of AES128-SHA over AES256-SHA
* fix ciphersuite ordering, use recommended intermediate ciphersuite

Changes needed to match the modern level:
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider enabling OCSP Stapling

[sindarina]

No change.

[sindarina]

No change.

[sindarina]

No change.

[sindarina]

No change.

[isvsecwatch-report]

Re-adding 'TLSv1 Only', because they somehow managed to have two servers; one at A-, with TLSv1.2 support but no Forward Secrecy whatsoever, and one still at the old configuration as documented in the ticket. And the newer one includes a SHA1 root, adding the chain issue.

[isvsecwatch-report]

They're back to just one server, again. The older one, TLSv1 only. What?!

[isvsecwatch-report]

No change.

[isvsecwatch-report]

No change.

[isvsecwatch-report]

Still no change. Poked on Twitter; https://twitter.com/isvsecwatch/status/718725518833623040

[isvsecwatch-report]

No change.

[isvsecwatch-report]

No change. Poked on Twitter; https://twitter.com/isvsecwatch/status/764950029132001280

[isvsecwatch-report]

Response via Twitter; https://twitter.com/backblaze/status/764951466993782784

[isvsecwatch-report]

Has been updated at last, now ranks as A+. Closing ticket.