sindarina
commented
9 years ago Notified via email; domains@paysafecard.com, security@paysafecard.com
Closed sindarina closed 9 years ago
sindarina
commented
9 years ago Notified via email; domains@paysafecard.com, security@paysafecard.com
sindarina
commented
9 years ago This also needs to be looked at; https://www.ssllabs.com/ssltest/analyze.html?d=customer.cc.at.paysafecard.com
Bad cipher ordering, again, weak DH key.
sindarina
commented
9 years ago No change.
www.paysafecard.com:443 has bad ssl/tls
Things that are bad:
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA
Changes needed to match the intermediate level:
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA
* consider enabling OCSP Stapling
Changes needed to match the modern level:
* remove cipher AES256-SHA
* remove cipher DES-CBC3-SHA
* remove cipher AES128-SHA
* remove cipher IDEA-CBC-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC-SHA
* disable TLSv1
* consider enabling OCSP StaplingNo change.
sindarina
commented
9 years ago No change.
sindarina
commented
9 years ago In light of the details of the Logjam attack (https://weakdh.org/), we are upgrading 1024-bit DH keys to a red level issue that should be resolved, as that key size puts it within reach of state-level adversaries and is no longer considered safe.
See https://github.com/isvsecwatch/httpstracker#a-note-on-dhdhe for details.
sindarina
commented
9 years ago Poked on Twitter; https://twitter.com/isvsecwatch/status/600945832431616003
Renotified via email; domains@paysafecard.com, security@paysafecard.com
sindarina
commented
9 years ago Acknowledged on Twitter; https://twitter.com/paysafecard/status/601315415969689601
sindarina
commented
9 years ago This is where the 'DH 1024-bit' tag comes from; https://www.ssllabs.com/ssltest/analyze.html?d=customer.cc.at.paysafecard.com (B)
Cipherscan Results
Target: customer.cc.at.paysafecard.com:443
prio ciphersuite protocols pfs_keysize
1 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,1024bits
2 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,1024bits
3 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits
4 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits
5 EDH-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 DH,1024bits
6 AES256-GCM-SHA384 TLSv1.2
7 AES128-GCM-SHA256 TLSv1.2
8 AES256-SHA256 TLSv1.2
9 AES256-SHA TLSv1,TLSv1.1,TLSv1.2
10 AES128-SHA256 TLSv1.2
11 AES128-SHA TLSv1,TLSv1.1,TLSv1.2
12 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2
13 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits
14 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
15 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits
16 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
17 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits
18 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
19 ECDHE-RSA-DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher orderingCipherscan Analysis
customer.cc.at.paysafecard.com:443 has bad ssl/tls
Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA
Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher ECDHE-RSA-DES-CBC3-SHA
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
Changes needed to match the modern level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher AES256-GCM-SHA384
* remove cipher AES128-GCM-SHA256
* remove cipher AES256-SHA256
* remove cipher AES256-SHA
* remove cipher AES128-SHA256
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* remove cipher ECDHE-RSA-DES-CBC3-SHA
* disable TLSv1
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP StaplingNo change.
sindarina
commented
9 years ago No change.
This setup uses a legacy Akamai SSL profile, which is no longer necessary; https://blogs.akamai.com/2014/11/introducing-sha-2-certificates-and-forward-secrecy.html
Recommended that it is moved to the new Akamai defaults, as described in their blog post above.
sindarina
commented
9 years ago Changes were made, although there's still some oddities remaining; https://www.ssllabs.com/ssltest/analyze.html?d=www.paysafecard.com&s=172.230.243.55 (A-)
Cipherscan Results
Target: www.paysafecard.com:443
prio ciphersuite protocols pubkey_size signature_algorithm trusted ticket_hint ocsp_staple pfs_keysize
1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None False ECDH,P-256,256bits
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True None False ECDH,P-256,256bits
3 ECDHE-RSA-AES256-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True None False ECDH,P-256,256bits
4 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False ECDH,P-256,256bits
5 AES256-GCM-SHA384 TLSv1.2 2048 sha256WithRSAEncryption True 7200 False
6 AES128-GCM-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 7200 False
7 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 7200 False
8 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True 7200 False
9 DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True 7200 False
10 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True None False ECDH,P-256,256bits
11 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False ECDH,P-256,256bits
OCSP stapling: not supported
Server side cipher orderingCipherscan Analysis
www.paysafecard.com:443 has obscure or unknown ssl/tls
Changes needed to match the intermediate level:
* add cipher AES128-SHA
* consider enabling OCSP Stapling
Changes needed to match the modern level:
* remove cipher AES256-GCM-SHA384
* remove cipher AES128-GCM-SHA256
* remove cipher AES256-SHA256
* remove cipher AES128-SHA256
* remove cipher DES-CBC3-SHA
* disable TLSv1
* consider enabling OCSP StaplingNot sure if these are the new Akamai defaults, or some kind of custom configuration, but the cipher selection and order does not really make sense. Why leave out 'AES128-SHA' while enabling 'AES128-SHA256', for example?
sindarina
commented
9 years ago No change. Still has bad cipher ordering.
sindarina
commented
9 years ago The backend site listed here now has a better configuration; https://www.ssllabs.com/ssltest/analyze.html?d=customer.cc.at.paysafecard.com (A)
But should still be reviewed for cipher ordering, and a chain issue.
sindarina
commented
9 years ago Nothing has changed, cipher selection and ordering still weird. Marking as unresolved.
SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=www.paysafecard.com&s=172.230.243.55 (B)
Cipherscan Results
Cipherscan Analysis
Verdict This is in part bad because it's hosted by Akamai, which has yet to support modern ephemeral ciphers, but that doesn't absolve the customer from making bad choices when it comes to their cipher selection. A 56-bit cipher has no place in a secure setup today, for example. Neither does renewing a SHA1 certificate in 2015.