TLS/SSL vulnerabilities – the server is often the weakest point

Impetus

Steve Gibson did a show on TLS vulnerabilities, covering secure browsing, VPNs etc. He talks about Logjam too. 80% of servers support downgrade to 512 bit keys which makes encrypted traffic to/from them easy to decrypt. 1024 bit keys are widely believed to be crackable at this stage.

Basically a chain is as strong as its weakest link, and if that includes Diffie-Hellman export grade DHE_EXPORT ciphers…..!

17.97% of HTTPS domains allow 1024-bit Diffie-Hellman which may be subject to passive eavesdropping. 66% of IKEv1 – ie IP Sec VPNs ditto.

“What should I do?

If you run a server…

If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

If you use a browser…

Make sure you have the most recent version of your browser installed, and check for updates frequently. Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.

If you’re a sysadmin or developer …

Make sure any TLS libraries you use are up-to-date, that servers you maintain use 2048-bit or larger primes, and that clients you maintain reject Diffie-Hellman primes smaller than 1024-bit.”

Source: https://weakdh.org

Video of last night’s Security Now: http://www.podtrac.com/pts/redirect.mp4/twit.cachefly.net/video/sn/sn0509/sn0509_h264m_1280x720_1872.mp4

Audio only: http://www.podtrac.com/pts/redirect.mp3/twit.cachefly.net/audio/sn/sn0509/sn0509.mp3

Impetus

Guide to Deploying Diffie-Hellman for TLS

https://weakdh.org/sysadmin.html