Closed sindarina closed 9 years ago
This was first reported privately on February 12th. A reminder was sent on March 7th, after no action had been taken. Their reply earlier today was that they will 'start making various updates to help address some of the concerns in the report you sent along in roughly two weeks time'.
Six weeks total to fix issues like being vulnerable to the CRIME attack, something that should have been sorted ages ago. That is simply NOT good enough.
No change this week.
Cipherscan Results (Analysis)
account.dyn.com:443 has bad ssl/tls
Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
No change.
No change.
The 'roughly two weeks time' have passed, and there has been no change;
Target: account.dyn.com:443
prio ciphersuite protocols pfs_keysize
1 DHE-RSA-AES256-SHA TLSv1 DH,1024bits
2 DHE-RSA-CAMELLIA256-SHA TLSv1 DH,1024bits
3 AES256-SHA TLSv1
4 CAMELLIA256-SHA TLSv1
5 EDH-RSA-DES-CBC3-SHA TLSv1 DH,1024bits
6 DES-CBC3-SHA TLSv1
7 DHE-RSA-AES128-SHA TLSv1 DH,1024bits
8 DHE-RSA-CAMELLIA128-SHA TLSv1 DH,1024bits
9 AES128-SHA TLSv1
10 CAMELLIA128-SHA TLSv1
11 DHE-RSA-SEED-SHA TLSv1 DH,1024bits
12 SEED-SHA TLSv1
13 IDEA-CBC-SHA TLSv1
14 RC4-SHA TLSv1
15 RC4-MD5 TLSv1
Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering
Still vulnerable to the CRIME attack, for example.
No change. Their support claims that their ops team is still working on 'still in the process of making these upgrades', without a 'definitive timetable'.
Two months. Wow.
account.dyn.com:443 has bad ssl/tls
Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
No change.
No change.
Well, this don't look too bad for a older TLS stack, though TLS compression should be disabled.
No change.
In light of the details of the Logjam attack (https://weakdh.org/), we are upgrading 1024-bit DH keys to a red level issue that should be resolved, as that key size puts it within reach of state-level adversaries and is no longer considered safe.
See https://github.com/isvsecwatch/httpstracker#a-note-on-dhdhe for details.
Due to today's SSL Server Test updates, this now caps at 'C'; https://www.ssllabs.com/ssltest/analyze.html?d=account.dyn.com
Looks like they finally got off their backside and fixed this; https://www.ssllabs.com/ssltest/analyze.html?d=account.dyn.com (A)
Cipherscan Results
Target: account.dyn.com:443
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,B-571,570bits
2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,B-571,570bits
3 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,2048bits
4 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,2048bits
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,B-571,570bits
6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,B-571,570bits
7 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,B-571,570bits
8 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,B-571,570bits
9 DHE-RSA-AES128-SHA256 TLSv1.2 DH,2048bits
10 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,2048bits
11 DHE-RSA-AES256-SHA256 TLSv1.2 DH,2048bits
12 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,2048bits
13 AES128-GCM-SHA256 TLSv1.2
14 AES256-GCM-SHA384 TLSv1.2
15 AES128-SHA256 TLSv1.2
16 AES256-SHA256 TLSv1.2
17 AES128-SHA TLSv1,TLSv1.1,TLSv1.2
18 AES256-SHA TLSv1,TLSv1.1,TLSv1.2
19 DHE-RSA-CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,2048bits
20 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2
21 DHE-RSA-CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,2048bits
22 CAMELLIA128-SHA TLSv1,TLSv1.1,TLSv1.2
23 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2
Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: not supported
Server side cipher ordering
Cipherscan Analysis
account.dyn.com:443 has intermediate ssl/tls
Changes needed to match the intermediate level:
* consider enabling OCSP Stapling
Changes needed to match the modern level:
* remove cipher AES128-GCM-SHA256
* remove cipher AES256-GCM-SHA384
* remove cipher AES128-SHA256
* remove cipher AES256-SHA256
* remove cipher AES128-SHA
* remove cipher AES256-SHA
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling OCSP Stapling
Good enough, closing as resolved.
SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=account.dyn.com (B)
Cipherscan Results
Verdict Multiple problems that have been reported privately over a month ago, and might now be resolved in two weeks, when they finally get around to it. We should all expect better from a DNS provider that wants to play in the 'enterprise' space.