search

isvsecwatch / httpstracker

Our main issue tracker for ISV security issues, such as the SSL/TLS configuration of their online stores.
3 stars 0 forks source link

account.dyn.com - management interface for DNS provider #13

Closed sindarina closed 9 years ago

sindarina commented 9 years ago

SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=account.dyn.com (B)

Cipherscan Results

Target: account.dyn.com:443

prio  ciphersuite              protocols  pfs_keysize
1     DHE-RSA-AES256-SHA       TLSv1      DH,1024bits
2     DHE-RSA-CAMELLIA256-SHA  TLSv1      DH,1024bits
3     AES256-SHA               TLSv1
4     CAMELLIA256-SHA          TLSv1
5     EDH-RSA-DES-CBC3-SHA     TLSv1      DH,1024bits
6     DES-CBC3-SHA             TLSv1
7     DHE-RSA-AES128-SHA       TLSv1      DH,1024bits
8     DHE-RSA-CAMELLIA128-SHA  TLSv1      DH,1024bits
9     AES128-SHA               TLSv1
10    CAMELLIA128-SHA          TLSv1
11    DHE-RSA-SEED-SHA         TLSv1      DH,1024bits
12    SEED-SHA                 TLSv1
13    IDEA-CBC-SHA             TLSv1
14    RC4-SHA                  TLSv1
15    RC4-MD5                  TLSv1

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

Verdict Multiple problems that have been reported privately over a month ago, and might now be resolved in two weeks, when they finally get around to it. We should all expect better from a DNS provider that wants to play in the 'enterprise' space.

sindarina commented 9 years ago

This was first reported privately on February 12th. A reminder was sent on March 7th, after no action had been taken. Their reply earlier today was that they will 'start making various updates to help address some of the concerns in the report you sent along in roughly two weeks time'.

Six weeks total to fix issues like being vulnerable to the CRIME attack, something that should have been sorted ages ago. That is simply NOT good enough.

sindarina commented 9 years ago

No change this week.

Cipherscan Results (Analysis)

account.dyn.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
sindarina commented 9 years ago

No change.

sindarina commented 9 years ago

No change.

sindarina commented 9 years ago

The 'roughly two weeks time' have passed, and there has been no change;

Target: account.dyn.com:443

prio  ciphersuite              protocols  pfs_keysize
1     DHE-RSA-AES256-SHA       TLSv1      DH,1024bits
2     DHE-RSA-CAMELLIA256-SHA  TLSv1      DH,1024bits
3     AES256-SHA               TLSv1
4     CAMELLIA256-SHA          TLSv1
5     EDH-RSA-DES-CBC3-SHA     TLSv1      DH,1024bits
6     DES-CBC3-SHA             TLSv1
7     DHE-RSA-AES128-SHA       TLSv1      DH,1024bits
8     DHE-RSA-CAMELLIA128-SHA  TLSv1      DH,1024bits
9     AES128-SHA               TLSv1
10    CAMELLIA128-SHA          TLSv1
11    DHE-RSA-SEED-SHA         TLSv1      DH,1024bits
12    SEED-SHA                 TLSv1
13    IDEA-CBC-SHA             TLSv1
14    RC4-SHA                  TLSv1
15    RC4-MD5                  TLSv1

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

Still vulnerable to the CRIME attack, for example.

sindarina commented 9 years ago

No change. Their support claims that their ops team is still working on 'still in the process of making these upgrades', without a 'definitive timetable'.

Two months. Wow.

account.dyn.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
sindarina commented 9 years ago

No change.

sindarina commented 9 years ago

No change.

yuhong commented 9 years ago

Well, this don't look too bad for a older TLS stack, though TLS compression should be disabled.

sindarina commented 9 years ago

No change.

sindarina commented 9 years ago

In light of the details of the Logjam attack (https://weakdh.org/), we are upgrading 1024-bit DH keys to a red level issue that should be resolved, as that key size puts it within reach of state-level adversaries and is no longer considered safe.

See https://github.com/isvsecwatch/httpstracker#a-note-on-dhdhe for details.

sindarina commented 9 years ago

Due to today's SSL Server Test updates, this now caps at 'C'; https://www.ssllabs.com/ssltest/analyze.html?d=account.dyn.com

sindarina commented 9 years ago

Looks like they finally got off their backside and fixed this; https://www.ssllabs.com/ssltest/analyze.html?d=account.dyn.com (A)

Cipherscan Results

Target: account.dyn.com:443

prio  ciphersuite                  protocols              pfs_keysize
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,B-571,570bits
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,B-571,570bits
3     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,2048bits
4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,2048bits
5     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,B-571,570bits
6     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,B-571,570bits
7     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,B-571,570bits
8     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,B-571,570bits
9     DHE-RSA-AES128-SHA256        TLSv1.2                DH,2048bits
10    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits
11    DHE-RSA-AES256-SHA256        TLSv1.2                DH,2048bits
12    DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits
13    AES128-GCM-SHA256            TLSv1.2
14    AES256-GCM-SHA384            TLSv1.2
15    AES128-SHA256                TLSv1.2
16    AES256-SHA256                TLSv1.2
17    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2
18    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2
19    DHE-RSA-CAMELLIA256-SHA      TLSv1,TLSv1.1,TLSv1.2  DH,2048bits
20    CAMELLIA256-SHA              TLSv1,TLSv1.1,TLSv1.2
21    DHE-RSA-CAMELLIA128-SHA      TLSv1,TLSv1.1,TLSv1.2  DH,2048bits
22    CAMELLIA128-SHA              TLSv1,TLSv1.1,TLSv1.2
23    DES-CBC3-SHA                 TLSv1,TLSv1.1,TLSv1.2

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: not supported
Server side cipher ordering

Cipherscan Analysis

account.dyn.com:443 has intermediate ssl/tls

Changes needed to match the intermediate level:
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher AES128-GCM-SHA256
* remove cipher AES256-GCM-SHA384
* remove cipher AES128-SHA256
* remove cipher AES256-SHA256
* remove cipher AES128-SHA
* remove cipher AES256-SHA
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling OCSP Stapling

Good enough, closing as resolved.