piwik.org / builds.piwik.org - main website & software downloads

[sindarina]

SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=piwik.org (B) https://www.ssllabs.com/ssltest/analyze.html?d=builds.piwik.org (B)

Cipherscan Results

Target: piwik.org:443

prio  ciphersuite   protocols  pfs_keysize
1     AES256-SHA    TLSv1
2     AES128-SHA    TLSv1
3     RC4-SHA       TLSv1
4     RC4-MD5       TLSv1
5     DES-CBC3-SHA  TLSv1
6     DES-CBC-SHA   TLSv1

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Client side cipher ordering

--

Target: builds.piwik.org:443

prio  ciphersuite   protocols  pfs_keysize
1     AES256-SHA    TLSv1
2     AES128-SHA    TLSv1
3     RC4-SHA       TLSv1
4     RC4-MD5       TLSv1
5     DES-CBC3-SHA  TLSv1
6     DES-CBC-SHA   TLSv1

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Client side cipher ordering

Cipherscan Results (Analysis)

piwik.org:443 has bad ssl/tls

Things that are bad:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA

Changes needed to match the intermediate level:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using a SHA-256 certificate
* consider enabling OCSP Stapling
* enforce server side ordering

Changes needed to match the modern level:
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-SHA
* remove cipher DES-CBC-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use a SHA-256 certificate
* consider enabling OCSP Stapling
* enforce server side ordering

--

builds.piwik.org:443 has bad ssl/tls

Things that are bad:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA

Changes needed to match the intermediate level:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using a SHA-256 certificate
* consider enabling OCSP Stapling
* enforce server side ordering

Changes needed to match the modern level:
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-SHA
* remove cipher DES-CBC-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use a SHA-256 certificate
* consider enabling OCSP Stapling
* enforce server side ordering

Verdict Offers downloads over HTTP while HTTPS is available. HTTPS configuration is Bad. No hashes provided for downloaded files. For something that depends on security to work properly, this is an embarrassing result.

[sindarina]

Notified via email; hello@piwik.org. Poked on Twitter, too.

[sindarina]

No change, not acknowledged. Still active with the 56-bit DES;

Target: piwik.org:443

prio  ciphersuite   protocols  pfs_keysize
1     AES256-SHA    TLSv1
2     AES128-SHA    TLSv1
3     RC4-SHA       TLSv1
4     RC4-MD5       TLSv1
5     DES-CBC3-SHA  TLSv1
6     DES-CBC-SHA   TLSv1

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Client side cipher ordering

[mattab]

Hi @sindarina

Thanks for the report!

Likely it's mostly un-related, but we have already this issue about possible SSL mis-configuration: https://github.com/piwik/piwik/issues/7598

I'll get in touch with our web host who also manages the SSL security and will come back to you if I learn something.

[mattab]

with a rating of B it's not too-bad. Of course we can improve it and will try to. Our server and SSL config admin replied that there will be improvements made in 3 months to try improve the SSL security. So please ping us in about 3-4 months if there is progress made and I'll definitely try then to get an update.

[sindarina]

Does your admin understand that there's more to it than it than the big letter at the top? Did they review all the things that are flagged in the SSL Server Test, and the output in the ticket here?

Do they understand that there's a difference between improvements that can be made by adjusting the configuration, removing the CRIME vulnerability among other things, and improvements that might need newer versions of Apache and/or OpenSSL? Because they can make those configuration improvements right now, no need to wait.

Have them update their configuration on short notice; disable TLS compression, disable 56-bit DES and RC4, and have the server set a server-side server order with AES ciphers followed by 3DES for compatibility, if you need the latter.

If they have trouble understanding this, or making the changes, I would suggest that you find a different hosting company to host your site for you, because they are likely to drop the ball in other areas :-/

[cbay]

I am the admin in question.

Let me first say that we DO realize that the current situation is not perfect and we're working on improving it. However, let me respond to your points.

No, it's not possible to easily make the changes you suggest. The SSL/TLS is handled by a reverse proxy which simply doesn't support those settings yet (that's what we're working on). If it were that easy, we would have done it a long time ago.

Second, you cannot use SSL Labs to prove your point and then say that one shouldn't pay attention to the rating they give. I think a B rating does mean something, it means that it's pretty good. If you feel that's wrong, I suggest you discuss about it with SSL Labs.

Third, the CRIME vulnerability is about stealing cookies. As far as I know, there's no cookie on piwik.org, let alone builds.piwik.org.

One last thing: we don't manage the SSL certificates/keys. @mattab, if you want to renew the certificate/key to use SHA2, there's no need to wait for us :) Some vendors do regenerate the certificate in SHA2 for free, you should ask yours if they do.

[sindarina]

@cbay: Please re-read my previous comment. Nowhere does it say that you shouldn't pay attention to the rating they give. It says to pay attention to all the issues flagged, not just the big letter at the top. But as long as we're talking about the 'B' you're getting; it's capped at 'B' because there's issues you need to resolve.

As for claiming it's not easy to make the changes suggested, what's your excuse for your own website, then? Several issues there too, such as weak DH keys; https://www.ssllabs.com/ssltest/analyze.html?d=www.alwaysdata.com

NGINX can do better than that, even with the 1.2.1 version you're running.

There's no reason to be vulnerable to CRIME whatsoever. Or BREACH, for that matter. That is something you should fix, instead of making some weak excuse about there being no cookies. TLS compression should not be on in 2015; you're 2,5 years behind, and should have caught up well before this got flagged.

[cbay]

You said in your original message "HTTPS configuration is Bad", calling it "an embarrassing result". I disagree, arguing that a B rating is rather good.

Do I wish we had an A+? yes. Can I do it overnight? no, for the aforementioned reason.

Note that a LOT of popular websites simply don't have an A or A+. Both google.com and facebook.com have a B as well.

[sindarina]

There's quite a few reasons why the SSL Server Test rates something as 'B', which is why your Google/Facebook comment holds no water; they do not have a 'B' rating for the same reasons. They're not running with TLS compression still on, 2,5 years after the published vulnerability, nor are they still offering a 56-bit DES cipher, which has been considered insecure for 15+ years.

There's also the matter of them having dedicated security teams and patched TLS stacks, which gives them just a wee bit of an advantage.

But it isn't a matter of 'overnight'; if this was something that had been published last week it'd be perfectly fine to argue that you'd need time to upgrade a legacy configuration. It isn't a week ago though, but more than two years. With several mitigation strategies available for configurations that cannot turn off TLS compression because their software does not let them.

Taking that long, with 56-bit DES still active, that is Bad. And embarrassing.

[cbay]

If SSL Labs thought it was that bad, the rating would probably be much lower.

Anyway, we'll keep you informed when we've improved the situation.

[sindarina]

No change.

builds.piwik.org:443 has bad ssl/tls

Things that are bad:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA

Changes needed to match the intermediate level:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using a SHA-256 certificate
* consider enabling OCSP Stapling
* enforce server side ordering

Changes needed to match the modern level:
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-SHA
* remove cipher DES-CBC-SHA
* disable TLSv1
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use a SHA-256 certificate
* consider enabling OCSP Stapling
* enforce server side ordering

[sindarina]

No change.

[sindarina]

No change.

[yuhong]

This site was SSLv3 only before POODLE, BTW. Disabling TLS compression should be easy, as well as changing cipher suite settings. To be honest, the 56-bit cipher suites (there are the EXPORT1024 ones and the "domestic" ones) are not as bad as the 40-bit ones, since they use at least 1024-bit RSA not 512-bit.

[sindarina]

No change.

[sindarina]

With today's changes in the SSL Server Test, these are ranked 'C'; https://www.ssllabs.com/ssltest/analyze.html?d=piwik.org

[sindarina]

No change.

[sindarina]

No change.

[sindarina]

No change.

[sindarina]

A new RC4 attack, NOMORE, was released today; http://www.rc4nomore.com/

Please update your systems.

[sindarina]

@mattab Why not move elsewhere, if it is taking your existing host this long to fix?

[mattab]

Hi @cbay - do you think our SSL score for piwik.org will be improved soon?

[cbay]

Yes I do. We should launch the beta of our upgraded SSL support (among other improvements) by the end of the month. The SSL Labs grade is A+.

[sindarina]

@mattab The 'end of the month' has come and gone, and we're at the end of the next month. It doesn't look like they are making any progress, hmm? Oh, and you're sending a SHA1 root as part of your chain, which really shouldn't be happening.

[isvsecwatch-report]

@mattab @cbay It looks like there is no progress on this, despite RC4 being a few weeks from being dropped down to 'F' status on the SSL Server Test. You haven't even disabled 56-bit DES, or RC4-MD5.

Google might beat you do RC4 deprecation, at this rate; http://googleonlinesecurity.blogspot.com/2015/09/disabling-sslv3-and-rc4.html

[cbay]

There has been progress, actually. builds.piwik.org has now an A rating.

[mattab]

@cbay looks like the new SSL config works well (didn't get any complaint). Maybe we could now make it A rating across all *.piwik.org subs? thx!

[mattab]

HI @cbay +1 to push the strong SSL configuration across all of *.piwik.org - is it possible in coming days or weeks?

[isvsecwatch-report]

@mattab They seem utterly incapable of updating within a reasonable timeframe :(

[cbay]

I don't monitor this issue, we have dedicated support channels to reach us.

Anyway, I've migrated all piwik.org subdomains to the new HTTP architecture (still in beta though). SSL Report gives an A grade (to get A+, I believe @mattab has a few things to update on his side).

[mattab]

:rocket: Thank you @cbay - looks good! :rocket:

[isvsecwatch-report]

Intermediate certificate still has a weak signature. Closing as unresolved.

EDIT 20151014-1014 CET: The SHA1 certificate flagged here is present in the trust store, and should therefore not be sent by the server. Removing it from the chain would resolve the issue.