search

isvsecwatch / httpstracker

Our main issue tracker for ISV security issues, such as the SSL/TLS configuration of their online stores.
3 stars 0 forks source link

getdpd.com - main website #41

Closed sindarina closed 8 years ago

sindarina commented 9 years ago

SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=getdpd.com (A-)

Cipherscan Results

Target: getdpd.com:443

prio  ciphersuite                protocols              pfs_keysize
1     DHE-RSA-AES256-GCM-SHA384  TLSv1.2                DH,1024bits
2     DHE-RSA-AES256-SHA256      TLSv1.2                DH,1024bits
3     DHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
4     DHE-RSA-CAMELLIA256-SHA    TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
5     AES256-GCM-SHA384          TLSv1.2
6     AES256-SHA256              TLSv1.2
7     AES256-SHA                 TLSv1,TLSv1.1,TLSv1.2
8     CAMELLIA256-SHA            TLSv1,TLSv1.1,TLSv1.2
9     DHE-RSA-AES128-GCM-SHA256  TLSv1.2                DH,1024bits
10    DHE-RSA-AES128-SHA256      TLSv1.2                DH,1024bits
11    DHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
12    DHE-RSA-CAMELLIA128-SHA    TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
13    AES128-GCM-SHA256          TLSv1.2
14    AES128-SHA256              TLSv1.2
15    AES128-SHA                 TLSv1,TLSv1.1,TLSv1.2
16    CAMELLIA128-SHA            TLSv1,TLSv1.1,TLSv1.2
17    EDH-RSA-DES-CBC3-SHA       TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
18    DES-CBC3-SHA               TLSv1,TLSv1.1,TLSv1.2

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: not supported
Client side cipher ordering

Cipherscan Analysis

getdpd.com:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA

Changes needed to match the intermediate level:
* remove cipher EDH-RSA-DES-CBC3-SHA
* consider using a SHA-256 certificate
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
* enforce server side ordering

Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-GCM-SHA384
* remove cipher AES256-SHA256
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-GCM-SHA256
* remove cipher AES128-SHA256
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* use a SHA-256 certificate
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
* enforce server side ordering
sindarina commented 9 years ago

This is one of those cases where the mediocre settings hide behind an A- rating and the EV certificate. Should be upgraded if possible, or at least optimised by enabling server-side cipher ordering and switching to 2048-bit DH keys if the Apache version allows for it. A front-end proxy such as nginx might also be an option.

sindarina commented 9 years ago

Notified via email: security@dpd.zendesk.com (published security email address)

sindarina commented 9 years ago

Acknowledged via ticket on May 5th.

sindarina commented 9 years ago

A bit better, but issues still remain;

Cipherscan Analysis

getdpd.com:443 has intermediate with bad ordering ssl/tls

Changes needed to match the intermediate level:
* consider using a SHA-256 certificate
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
* enforce server side ordering
* increase priority of AES256-GCM-SHA384 over DHE-RSA-CAMELLIA256-SHA
* increase priority of DHE-RSA-AES128-GCM-SHA256 over CAMELLIA256-SHA
* increase priority of AES128-GCM-SHA256 over DHE-RSA-CAMELLIA128-SHA
* fix ciphersuite ordering, use recommended intermediate ciphersuite

Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-GCM-SHA384
* remove cipher AES256-SHA256
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-GCM-SHA256
* remove cipher AES128-SHA256
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* use a SHA-256 certificate
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
* enforce server side ordering

No server-side cipher ordering yet though. Why would that take this long to activate?

sindarina commented 9 years ago

In light of the details of the Logjam attack (https://weakdh.org/), we are upgrading 1024-bit DH keys to a red level issue that should be resolved, as that key size puts it within reach of state-level adversaries and is no longer considered safe.

See https://github.com/isvsecwatch/httpstracker#a-note-on-dhdhe for details.

sindarina commented 9 years ago

Due to the recent changes in the SSL Server Test, this now caps at 'B'; https://www.ssllabs.com/ssltest/analyze.html?d=getdpd.com

sindarina commented 9 years ago

No change.

sindarina commented 9 years ago

No change.

sindarina commented 9 years ago

No change. SHA1 certificate expires in five days, perhaps that'll mean an update to SHA2.

sindarina commented 9 years ago

Re-poked via email, on the two-month old ticket.

sindarina commented 9 years ago

Still no server-side cipher ordering, no robust Forward Secrecy.

isvsecwatch-report commented 9 years ago

No change.

isvsecwatch-report commented 8 years ago

Unlikely to have changed, closing as unresolved.